Exploit code for Solaris 2.6, 2.7 (sparc) libc/LC_MESSAGES buffer overflow that results in root compromise.
d3475dfd6a18d0ea0ebae341315790632e0506dde74ffd73896455098c786437Midi-Plugin program "YAMAHA MidiPlug 1.10b" for Windows IE4/5 contains the buffer overflow bug. If the long "TEXT" variable is specified in EMBED tag, the buffer overflow occurs. If attacker sets the exploit on the webpage, visitor's host will be cracked by the any instructions written in the "TEXT" variable.
2a70605bc9b04a24265c00812b131cf21426f0181e4073c6572a7373e6ba4550We found the overflow bug of NetcPlus SmartServer3. It overflows when that receives the long MAIL FROM: in SMTP handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the NetcPlus SmartServer3. T
49069946261916158d6a9396a9ecd8ea197a8009a2efbd25d17a2127840d6082We found the overflow bug of NextFTP Ver1.82. It overflows when that receives the long message of CWD reply. This exploit code execute any command on the target windows, but, if you modify the exploit code, you can send any codes such as the format or remove program, virus, trojan, and so on.
47d7736f87fb1530ec150962846999918098ac81ec6b671d35f46b6d4f89c748This is another personal mail server remote exploit. I also publish the exploit program that can send a trojan program which is prepared in the attacker host. Of course, it can be executed remotely. If the trojan program is sent, the victim machine will be controlled remotely.
1af18d870379d2efed6f956b9fbb2f89036673b7b62305dd1f0f23b667612ebaWe found the overflow bug of Personal Mail Server 3.072-3.09. It overflows when that receives the long MAIL FROM: in SMTP handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Personal Mail Server 3.072-3.09
17339bed057ac8c0881bb3241b027969045a6a6d6911f4b0556a91f69c0c65c8Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris Sparc machines.
a0d7c588f719baff069310b8f91c793cc31be84e8863b2e4edbb769adf0abb05Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris x86 machines.
1764caeacfb6acc3fbe32be85482da92a8fdec180449b4136f92d8edfbfc3228The buffer overflow bug is also in Serv-U Versuin 2.5 ftp daemon. In this case, the buffer overflow is cased if the daemon recives the long "cwd" message, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Serv-U Versuin 2.5. This exploit is coded for Windows98, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.
7cb5a35c00e3e6f1813452aca09d14fdb57fd4a3ba89c8b26856789214ff4507We found the overflow bug of Skyfull Mail Server 1.1.4. It overflows when that receives the long MAIL FROM: in SMTP handling.If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Skyfull Mail Server 1.1.4.
0057b545eb9da1b22336a25403153460dec69e5aaa9e5f39e32cb6f0c487e3faWe found the overflow bug of TinyFTPd Ver0.51. It overflows when that receives the long user name. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the TinyFTPd Ver0.51.
b192ded779312b596b0f4526c4736bedf144020badf03074e1420cae3448d82fURL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific Software Publishing, Inc. (http://www.urllive.com/) has a "../" security problem, any users can download any files on the victim host.
dacc942f693a3194c253179e986fa6b5f04314b4f85b01771f5f40b38603f0f1Local root exploit code for buffer overflow in uum for Japanese Linux.
6883ef84c1d928fa1e9805d6ee8cd081c57968245eace2e2072ea8083a28edccAt the initial authorization handling of WebBBS, If the long longin name or password has been received, this CGI overflows. This overflow overwrites the RET address, EIP can be controlled. This overflow is used to execute any instructions which are included in the user name and password.
6fabd952734503ddb8a5be6907794eb1cc3ef1ea5818b6ffc671fea9adf2308eWe found the overflow bug of ZOM-MAIL 1.09. It overflows when that receives the long attachment file name. If ZOM-MAIL 1.09 recives the e-mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This program can send the e-mail to any e-mail address, which is contained an exploit code that removes a "c:\windows\test.txt" file on the host.
e7d4cc605a7a1bf256d1c94b4051fe6008fbc9ed9b3cb9cd250ed29ca9985b11This utility extracts the username and make a userlist file from the html file of "user's page" which can be often seen at the ISP's web page.
5ff789059d09d32aa205b9714be3ecaacdc941d3055db336da242e615fce3a89ftp trojan logs the hostname, username, and password when the local users use the ftp.
8a3d1bd7795300d33e45002f6a46e071fbefb450870201eac7e1aeee73cf0a9cThis program is one of the ethernet packet sniffer for LINUX, FreeBSD, SunOS4.1, Solaris2, and IRIX that can log the all packets in each session of telnet, rlogin, pop3, ftp. If you install this program in the cracked server, you can also know the cracking process and the location of rootshell by the crackers. The logs of this tool is the evidence of the cracking, this tool is also useful for admin.
df2a9e01a85bafb69aa416188ed1cea017047015bc99aa5c1a9d0cd67e4d0ac5A generic banner scanner. eg scan for qpop 110, wuftpd 21, wingates 23, telnet banners 23, etc etc
6c91acdac7860bc6c8f947323fff0c03f4c97d8fd8cebfb891ee6248e6f1150cThis is one of the rootshell program. This program will be rootshell if you specify the special argment. If the special argment is not specified, this program calls a specified program. So, you name this program as well known suid program, it's very difficult for admins to find.
ba06871c2d769a971556d49a3506b1b662ad02c2bd398bf1eee677942ec8d211Improved version of hrs. You can easy install hrs by this shell script.
bb00d2adbb3299e05be6dd492a6aa1c6f7109d49838345be8584b4595bcec1abThis program can add the fake log to HTTPd remotely. Posted by root., Jan.08,1998
973bdafafcf97232c3e363dbb2a5b2b6aaa53f9c5fe933b53fd19c0c3c06cfd7IE5 location.replace overflow exploit by L(phyx@i.am), Sep.21,1999. http://layer.webprovider.com/
15b0ebaed0ced7c91c142109eba13d162499fe92c2465e089456ee5db7f924d9Source Viewer Changer for Internet Explorer 5. Posted by L(phyx@i.am), Nov.4,1999. http://layer.webprovider.com/
7f83abb0f45706c3732128783229a116df017d89159a7cc9c7a535cfa1669cb6This program checks many IRIX security holes automatically. If you are admin, can check easily the security vulnerabilities of each IRIX. Don't use for the auto attack. This scanner contains the ttdbserver attack, this function is based on the script which is developped by the rootshell. thanks.
fdb645ddef470ad46457b433af158fdcca322e238d6798e1a9c1d9a0dfd44190
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed