Local vulnerability in Solaris mailtool(1) - /usr/openwin/bin/mailtool on Solaris 8 (x86 and sparc) contains a local buffer overflow vulnerability. By specifying a long environment buffer containing machine executable code, it is possible to execute arbitrary command(s) as gid mail.
28123a605ca63233f3753280128acfc9dae8cb526852a55c509794079049a661
FreeBSD X key lock (xklock) v2.7.1 and below local root exploit - Tested on FreeBSD ports collection v3.5.1 and v4.2.
c4dd124149e7e5bf8e081992f5222838ea736a6a2d2fb554c015d78b41490b57
Dc20ctrlex.perl is a FreeBSD 3.x/4.X /usr/local/bin/dc20ctrl local exploit which gives egid=dialer or root on non-freebsd systems. Tested against FreeBSD 4.2.
0ee7eafa568512a4b7334811bc84051fe517eb7fd32f411ca85392498b9a8296
Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in TXT form.
bcd0ca5e08abcf9b92576d7bbdfe79270109a9dc5685889090c874ac94464ac1
Advanced Host Detection - Techniques To Validate Host-Connectivity. (PDF) Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
6dddf484c6959f1f4a3b6533132356f04a4ea4c299828360d6ea8137831b6ef4
Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
c637cd2c806c90bbcf3e707e1c72035f73fcc09ee0e3815a1797cf12bc6a9636
Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers. Text version available here.
22abdfcab10f441e0501420efec15d503b45b165a5be82400b3e1e96c014b32c
Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers.
4fd4b2bbef21c64d1c9c2fdebd6a48b8ea628ca311becdf898a6cf1dbfc00282
OpenBSD v2.6 and 2.7 ftpd remote root exploit.
3bce3b748cccc4e919388bcb98fab8e0032f8b36b13107f0b8d2af7e7591fff5
Overwriting the .dtors section - This paper presents a concise explanation of a technique to gain control of a C program's flow of execution given that it has been compiled with gcc. This exploit technique has several advantages over changing the stack pointer, including ease of determining the exact position where we want to write and point to our shellcode, and is simpler than a GOT patch.
e41270ceb93cee7dbf4b00c6af429beb80d569a4a5e3c5ffab8c69206da8a0f0
Remote exploit for rpc.sadmind which brute forces the offset. Tested against Solaris X86 and SPARC v2.6 and 7.0.
c543a35cc08b05e3cb588f1186f77256b06978241255de8c03f64460975820d7
Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.
114471e6a48ade395cf5dd9910cfbb9ebc5b97960e372c164656001a5ddd2840
Synnergy Laboratories Advisory SLA-2000-16 - Synnergy Labs has found a flaw within Master Index for Linux/UNIX that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary files/folders to be read. Exploit URL included. Fix available here.
a23909da35478f6a2095d6d342fb63d5f4accfbcc2879f4add37f28616e828c3
PHPix, a Web-based photo album viewer written in PHP has a vulnerability which allows remote users to traverse directories and read any file on the server. Exploit URL included. Fix available here.
e4419820f11faed3b78317f5462ba2159447f498e8b203f34e98a29ecac583bc
Inebriation.c is a local linux/x86 /bin/su + locale libc functions exploit which has been written in response to previous unreliable exploits for this vulnerability. It includes a perl wrapper to find the correct offset, can use GOT overwrites to evade stackguard, stackshield, and libsafe, uses clean overflow string creation, and has documentation and several other usability improvements.
79c94c5fa03623a02f4886cf1b9049e8f2ca654b18f436c51d3c88a2c462c274
The Importance of Bug Testing - Includes discussion of alpha / beta releases, the importance of bug testing, software development goals, software testing strategies, functional prototypes, designing test sets, defect testing, acceptance testing, and structural prototypes.
8bc6adbc535cfdd7f4e996480e70c7cd1a8990ed92f93b47763a32b051f2ba6e
Synnergy Laboratories Advisory SLA-2000-14 - The BSD/Linux telnet client has a stack overflow which is not usually a security problem, except in the case of a restricted shell environment which allows users to set environment variables and run telnet. Perl proof of concept exploit included.
edc44b44131a6f19bee4f950cce7723477469f167ee3406d25923487214db406
Bandmon monitors the bandwidth usage on your network.
fc860fa4a3eba7e426d19566aa2d2d1a5e568080009369f6607b4a605af139af
The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86.
0a1486af2061c3b2f7952eb470c47fcbf6d3d36571a036f046ae5709356c58d1
Synnergy Networks msadc scanner - This is just a basic string scanner that happens to scan for the msadc module string.
43eb2a907f3b1f2f09d00bfb5c51fe0347776efd1e8c47248536521263f254a9
Sends message to everyone on unix system via syslog().
8b460aeffee0803febdf2426c780562770f36304c6fde34be6c55959b72a02e2
Sadmind exploit stack pointer brute forcer, just ./sadmindex-brute-lux [arch] <host> and it will brute force the stack pointer, it'll output a message on success and open ingreslock (1524) on the remote computer. This brute forcer requires sadmind exploit by Cheez Whiz.
47d1a23069a0a1db17c1736077ea9a0d65c18f7e0bdfde9047857cbf06ed6867
Remote buffer overflow exploit in perl for QPOP 3.0b<=20 running on Linux.
eb0c60576a529c4ae0797845177279d282a6760eaa5b490fa76e10749e16f68e
Synnergy Logo
7f4dc86b1699f79f287979fb5965ebcbcb44700c6c727c0f27567bfc66c6dbf6
Remote unix shell backdoor written in perl.
0c22cb6dbb65f5e64354d6f59018c328ddde8cd095b8d85f7ec4436114c1ed9c