exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2008-07-24

Fwknop Port Knocking Utility
Posted Jul 24, 2008
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added the ability to explicitly run major classes of tests 46 with two new command line arguments to the fwknop_test.pl script. Updated the fwknop client to randomize the UDP source port for default SPA packet generation. Various other updates and additions.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 1e6c3e28b8679bb9a5c15fa9668268056d2e47050ed2da83b24ea5d18ccfae08
msaccess-activex.txt
Posted Jul 24, 2008
Authored by callAX | Site goodfellas.shellcode.com.ar

Microsoft Access ActiveX related remote exploit that makes use of Snapview.ocx version 10.0.5529.0.

tags | exploit, remote, activex
SHA-256 | b418fa673cc55dfcf90f4e9dfce2c5f05a6ce9565e0807ae39e50cd98b56534f
wordpressdm-upload.txt
Posted Jul 24, 2008
Authored by SaO | Site saohackstyle.com

WordPress Download Manager plugin version 0.2 arbitrary file upload exploit.

tags | exploit, arbitrary, file upload
SHA-256 | f4352352dfbb061a6b9c4b27cd3ef159302071642949194c968b4379e83842c2
ibase-disclose.txt
Posted Jul 24, 2008
Authored by Dyshoo

ibase versions 2.03 and below suffer from a remote file disclosure vulnerability in download.php.

tags | exploit, remote, php, info disclosure
SHA-256 | db39df7e1f419eaccc0f82839b14415f00ce90376e4d077e6c3b90eb5522626a
atomphotoblog-sql.txt
Posted Jul 24, 2008
Authored by Mr.SQL | Site pal-hacker.com

Atom PhotoBlog version 1.1.5b1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9e334ad64124c312d55d19b3d62af703bdda22131d6982507917448dd468e5e2
Secunia Security Advisory 31194
Posted Jul 24, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct DoS attacks.

tags | advisory, denial of service, vulnerability
systems | linux, fedora
SHA-256 | 62b43822cff1aaa9d9d06bbec5a1d641a5d85e41a4ab03ffc0182a862577e7bc
Debian Linux Security Advisory 1616-1
Posted Jul 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1616-1 - Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.

tags | advisory, virus
systems | linux, windows, debian
advisories | CVE-2008-2713
SHA-256 | 53d2d5e8934a297dfc89e1f10ffc3e070c9fb65df9d21b132165a4b8f84908d5
bailiwicked_domain.rb.txt
Posted Jul 24, 2008
Authored by H D Moore, I)ruid | Site caughq.org

This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.

tags | exploit, spoof
advisories | CVE-2008-1447
SHA-256 | 59998e85046f16a5c63dc45a0b65a8c3c0309d28215b39b9b32e8e980b05bf05
pkd-1.1.tgz
Posted Jul 24, 2008
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: Removed source port from hash.
tags | tool, kernel, udp, firewall
systems | linux
SHA-256 | 0f0c06e263787d03042d6443165bafefd95087367bf0f3981ba44546668d2060
bailiwicked_host.rb.txt
Posted Jul 24, 2008
Authored by H D Moore, I)ruid | Site caughq.org

This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.

tags | exploit, spoof
advisories | CVE-2008-1447
SHA-256 | 11e910b2fd7ce8685913d022a8c861ee68b58c8de15e6ff4788583be2137f4aa
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close