Section: .. / advisories / b0f /
| /// File Name: |
access-counter.pl |
Description:
|
The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server.
| | Author: | Slash | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 2753 | | Last Modified: | Sep 13 06:18:27 2000 |
| MD5 Checksum: | 2beb4c9aa7ffd4a6559b4ee451132a24 |
|
| /// File Name: |
aurora.tgz |
Description:
|
Project aurora is lamagra's non-blind LAN spoofing project. It can be used to create TCP connections from a non-existing box or another box in the network. The biggest problem while spoofing was guessing the sequence numbers to acknowledge and that the other box always sends back a reset when it receives a SYN|ACK. This used to be solved by abusing small bugs in the tcpip stack.
| | Author: | lamagra | | Homepage: | http://lamagra.seKure.de | | File Size: | 7607 | | Last Modified: | May 5 22:06:34 2000 |
| MD5 Checksum: | 6b276aa4c57241cef0a88d7306e26461 |
|
| /// File Name: |
b0f-lin14.c |
Description:
|
The following userspace code will locally hang recent linux machines. The send system call immediately puts the kernel in a loop spewing kmalloc: Size (131076) too large. Linux 2.2.14 and 2.3.99-pre2 are vulnerable.
| | Author: | eth0 | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 1779 | | Last Modified: | Apr 4 00:44:53 2000 |
| MD5 Checksum: | 8e549e1a39e2660e9aed91b182f61dc8 |
|
| /// File Name: |
b0f1-Mailtraq.txt |
Description:
|
Buffer0verflow Security Advisory #1 - Mailtraq remote file retriving. The Mailtraq message server for Windows NT, 95, and 98 allows any file on the system to be read via a /../../ bug. All versions prior to 1.1.4 are affected.
| | Author: | Slash | | Homepage: | http://www.b0f.com | | File Size: | 3630 | | Last Modified: | Apr 4 01:01:11 2000 |
| MD5 Checksum: | 029249fd46ca930ece76f63e3644b1c9 |
|
| /// File Name: |
b0f2-NetOp.txt |
Description:
|
BufferOverflow Advisory #2 - The NetOp Remote Control for NT tool allows anyone with a client to connect to the host software and download any file. Version 6 is vulnerable.
| | Author: | Axess | | Homepage: | http://www.b0f.com | | File Size: | 2044 | | Last Modified: | Apr 19 02:56:14 2000 |
| MD5 Checksum: | 90008d5a73104863d3757608ebafa575 |
|
| /// File Name: |
b0f3-ncurses.txt |
Description:
|
BufferOverflow Security Advisory #3 - libncurses buffer overflow in NCURSES 1.8.6 on FreeBSD 3.4-STABLE. Setuid programs linked with libncurses can be exploited to obtain root access.
| | Author: | Venglin | | Homepage: | http://www.b0f.com | | File Size: | 1493 | | Last Modified: | Apr 25 00:37:30 2000 |
| MD5 Checksum: | 6498cacb6f034cf8c3e1a0d842966aaa |
|
| /// File Name: |
b0f5-Qpopper.txt |
Description:
|
BufferOverflow Security Advisory #5 - Remote shell via Qpopper2.53. qpop_euidl.c exploit included. Requires a qpop account and gives UID mail.
| | Author: | Prizm | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 5946 | | Last Modified: | May 24 21:55:59 2000 |
| MD5 Checksum: | 2a4401d33c14ffe9385bfcd5c4240512 |
|
| /// File Name: |
b0flogo.jpg |
Description:
|
b0flogo.jpg
| | File Size: | 27757 | | Last Modified: | Apr 4 04:25:37 2000 |
| MD5 Checksum: | ba885e5e94302f4be3a791cacde1f0b3 |
|
| /// File Name: |
b0stt.tar.gz |
Description:
|
Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
| | Author: | xfer | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 83433 | | Last Modified: | May 8 05:09:22 2000 |
| MD5 Checksum: | 3ca811fa7c30725b688e469ac3d73e0a |
|
| /// File Name: |
bobek.c |
Description:
|
Bobek.c is a Wu-Ftpd 2.6.0 remote root exploit (updated 05/08/2000). Bug is in the SITE EXEC command, an account is not required as anonymous access is enough. Tested against Redhat 6.2, FreeBSD 3.4-STABLE, and FreeBSD 5.0-CURRENT.
| | Author: | Venglin | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 14677 | | Last Modified: | Dec 6 03:10:00 2000 |
| MD5 Checksum: | 72aa028cb868dcaf240a98d147e3f193 |
|
| /// File Name: |
bsyrin1.zip |
Description:
|
Buffer Syringe is a tool for checking servers/daemons (e.g. ftp) for buffer overflow(s) on given parameter(s) (a stress tool if you may). It has a flexible configuration file where you input the parameters needed to run the program and it logs sessions to textfile for easy viewing and printing.
| | Author: | Digital Monkey | | File Size: | 24821 | | Last Modified: | Apr 17 23:48:54 2000 |
| MD5 Checksum: | 7c18e001b401c47b2eb6f113cc730c42 |
|
| /// File Name: |
bugzilla.txt |
Description:
|
BufferOverflow Advisory: Unchecked system call in Bugzilla 2.8. The script used to submit new bugs, process_bug.cgi, is vulnerable because it does not check the contents of the who field. Includes perl remote exploit code.
| | Author: | {} | | Homepage: | http://root66.nl.eu.org | | File Size: | 8782 | | Last Modified: | May 12 03:00:26 2000 |
| MD5 Checksum: | e31f4178d743cb63cb655661d9f6c3d2 |
|
| /// File Name: |
connect.asm |
Description:
|
Passive Connection Shellcode. Source is well documented.
| | Author: | scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 3152 | | Last Modified: | May 5 01:47:42 2000 |
| MD5 Checksum: | 966774e7b1d15bd8e89934220bcd309d |
|
| /// File Name: |
connect.c |
Description:
|
This shellcode creates a connection to a host/port and starts a shell. This should be more anti-IDS then the others and it can go through a firewall.
| | Author: | lamagra | | Homepage: | http://lamagra.seKure.de | | File Size: | 2735 | | Last Modified: | May 5 21:57:15 2000 |
| MD5 Checksum: | b92b48091663aeca497d26a0b45769f0 |
|
| /// File Name: |
dope_expl.c |
Description:
|
dopewars 1.4.4 exploit, it's been fixed now ( thanks to my patch :-) ). It dates back to oktober 1999. But i used some cool methods in it.
| | Author: | Lamagra | | Homepage: | http://lamagra.seKure.de | | File Size: | 4831 | | Last Modified: | Apr 5 22:04:00 2000 |
| MD5 Checksum: | 93f4c1cb2d73fdae1db63ed869edfd01 |
|
| /// File Name: |
elm-ex.c |
Description:
|
Elm 2.5 PL3 exploit tested under linux Slackware 3.6, 4.0, 7.0.
| | Author: | Xfer | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 1505 | | Last Modified: | May 28 02:04:14 2000 |
| MD5 Checksum: | b9dbcee5ff2f4b064e0d41d4dcffe519 |
|
| /// File Name: |
elm-exploit.c |
Description:
|
Linux Elm 2.4/2.5 local exploit - This will give you a shell(gid=12) if /usr/bin/elm is SGID. Tested on slackware 4.0 and redhat 5.1.
| | Author: | Slash | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 2111 | | Last Modified: | Jul 5 23:53:02 2000 |
| MD5 Checksum: | 82f10bfc8741bb629281379f2f03ccc9 |
|
| /// File Name: |
elm-smash.c |
Description:
|
This exploit spawns an EGID mail shell on the default Slackware 4 install.
| | Author: | scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 2267 | | Last Modified: | May 5 21:03:19 2000 |
| MD5 Checksum: | 9103ea3b4c415060fa4ec20011b06106 |
|
| /// File Name: |
elm_last.c |
Description:
|
One last elm v2.4 / v2.5 exploit - gives EGID 12. This version works against almost all vulnerable versions of elm.
| | Author: | Vade79 | | Homepage: | http://www.realhalo.org | | File Size: | 2056 | | Last Modified: | Jun 1 01:12:00 2000 |
| MD5 Checksum: | 6d1932b3efa4e64a682800633f4c5a14 |
|
| /// File Name: |
fdmnt-smash2.c |
Description:
|
fdmount local root exploit - tested on Slackware 4.0. Must be in the floppy group. Modified from last version to work on Slackware 7.
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 3165 | | Last Modified: | May 17 18:33:38 2000 |
| MD5 Checksum: | 73ba3d26ba0ca02c1bd711b6e11af39d |
|
| /// File Name: |
filterape.c |
Description:
|
filterape.c exploits a new elm buffer overflow to get EGID mail on Slackware.
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 2686 | | Last Modified: | May 25 20:42:02 2000 |
| MD5 Checksum: | f86550706037b74cbfed63994fc2c787 |
|
| /// File Name: |
fts.c |
Description:
|
Bug in fts_print function allows to overwrite any file in system, when running /etc/security script (executed from 'daily' scripts). FreeBSD 3.3 and earlier, openbsd, and netbsd are vulnerable.
| | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 1476 | | Last Modified: | Mar 29 23:04:00 2000 |
| MD5 Checksum: | fc1bc1404925e75c468de8d54130e598 |
|
| /// File Name: |
gibd00r3.c |
Description:
|
gibd00r3.c is a passworded backdoor which pretends to be an ident daemon.
| | Author: | Axess | | Homepage: | http://www.b0f.com | | File Size: | 3032 | | Last Modified: | Apr 21 22:04:00 2000 |
| MD5 Checksum: | 967dd190a53f9ccca2ee70bb035b752f |
|
| /// File Name: |
hellex.c |
Description:
|
hellex.c is a local buffer overflow exploit for the Hellkit 1.2 shellcode generation package. Tested on Red Hat 6.0.
| | Author: | Narrow | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 911 | | Last Modified: | May 23 17:33:52 2000 |
| MD5 Checksum: | 7e9d7f936be9cf422b078cf7e5a25146 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
