Section: .. / advisories / b0f /
| /// File Name: |
sscan2k-pre2.b0f.tar.gz |
Description:
|
sscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks along with all the other great features it had before, improved OS detection (user can update the fingerprints by editing Osdefs.ms [which comes in sscan2k scripting language]), etc.
| | Author: | eth0, axess. Fixes: Mixter. | | Homepage: | http://www.b0f.com | | File Size: | 338859 | | Last Modified: | May 23 00:16:13 2000 |
| MD5 Checksum: | 3ee58f3c6e90d5e587cc8b068b22548d |
|
| /// File Name: |
sscan2k-pre3.b0f.tar.gz |
Description:
|
sscan2k is a remote auditing/vulnerability scanner which determines remote OS, and scans the host for applicable vulnerabilities. Features updated vulnerability checks, a scripting language, support for plugins and addons, configureable OS fingerprints, dns zone and subnet scans. Based off sscan by jsbach.
| | Author: | eth0 | | Homepage: | http://b0f.freebsd.lublin.pl | | Changes: | Fixes by mixter. | | File Size: | 336314 | | Last Modified: | Jun 8 22:22:42 2000 |
| MD5 Checksum: | f2afd7708edbbf1d301f9597e8fe4b30 |
|
| /// File Name: |
sscan2k-pre4.HWA.tar.gz |
Description:
|
sscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks and the code has also been cleaned up. This scanner is now a release of HWA.
| | Author: | eth0 | | Homepage: | http://hwa-security.net | | File Size: | 336183 | | Last Modified: | Aug 31 02:01:45 2000 |
| MD5 Checksum: | fa578e3f4a7d3b3965d3efbc2a1694dd |
|
| /// File Name: |
b0stt.tar.gz |
Description:
|
Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
| | Author: | xfer | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 83433 | | Last Modified: | May 8 05:09:22 2000 |
| MD5 Checksum: | 3ca811fa7c30725b688e469ac3d73e0a |
|
| /// File Name: |
Neon_beta5.c |
Description:
|
Neon beta5 - Simple Host or Iplist cgi Scanner which does 358 checks.
| | Author: | Axess | | Homepage: | http://b0f.freebsd.lublin.pl | | Changes: | Added more cgi, fixed better output. | | File Size: | 37156 | | Last Modified: | May 12 04:48:01 2000 |
| MD5 Checksum: | 0f51bd2e126eb23a4b2bb5ea4e549ad8 |
|
| /// File Name: |
b0flogo.jpg |
Description:
|
b0flogo.jpg
| | File Size: | 27757 | | Last Modified: | Apr 4 04:25:37 2000 |
| MD5 Checksum: | ba885e5e94302f4be3a791cacde1f0b3 |
|
| /// File Name: |
syrin15.zip |
Description:
|
Buffer Syringe is a tool for win32 that tests a daemon for buffer overflow on it's parameter(s) sort of "brute forcing" or "stressing" the daemon by means of injecting a user specified parameter or a command with a value of a user specified number of characters to the daemon. Chances are, if the parameter being tested is vulnerable to an overflow, and the user specified number of characters exceeds that of the parameter's limit, then the daemon would likely crash.
| | Author: | Digital Monkey | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 27016 | | Last Modified: | May 17 18:37:34 2000 |
| MD5 Checksum: | 51bab6a00325ec97984338d5a6892f72 |
|
| /// File Name: |
bsyrin1.zip |
Description:
|
Buffer Syringe is a tool for checking servers/daemons (e.g. ftp) for buffer overflow(s) on given parameter(s) (a stress tool if you may). It has a flexible configuration file where you input the parameters needed to run the program and it logs sessions to textfile for easy viewing and printing.
| | Author: | Digital Monkey | | File Size: | 24821 | | Last Modified: | Apr 17 23:48:54 2000 |
| MD5 Checksum: | 7c18e001b401c47b2eb6f113cc730c42 |
|
| /// File Name: |
Neon_beta4.c |
Description:
|
-(- Neon beta4 -)- Simple Host or Iplist Cgi Scanner ( 356 ) Checks
| | Author: | axess | | Homepage: | http://www.b0f.com | | File Size: | 23908 | | Last Modified: | May 9 23:23:30 2000 |
| MD5 Checksum: | fcbbe41e4081d6f3ffc4902b86c685c9 |
|
| /// File Name: |
smegma_v0.4.tgz |
Description:
|
SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | Changes: | Fixed all NULL byte problems - you can now use smegma to rid shellcode of NULL characters, more garbling algorithms, more efficient garbling algorithms, fixed the size problem. | | File Size: | 20173 | | Last Modified: | Jul 24 18:24:06 2000 |
| MD5 Checksum: | 651b6173fc24873f8ad4e5f846fba666 |
|
| /// File Name: |
IRIX.Login.Security.txt |
Description:
|
IRIX Login Security - In this paper you will learn a bit about logins, and the seriousness of what could happen if you don't take certain precautions. You will have found out some options you can take with your logins, certain restrictions, and a lot more.
| | Author: | Prizm | | File Size: | 18157 | | Last Modified: | Apr 10 04:41:31 2000 |
| MD5 Checksum: | e63b7ee974a2cce3da3eabb47ebfaf7e |
|
| /// File Name: |
nt.security.check.part2.txt |
Description:
|
Evaluating the Security of a NT System Part II - In depth information on NT security. Includes discussion of Groups and User rights, The Administrator Account and Administrators Group, The Guest Account and Everyone Group, Files Folders Permissions and Shares, Virus and Trojan Horse Controls, Auditing and Event Logs, and backup.
| | Author: | Slash | | Homepage: | http://www.b0f.com | | File Size: | 15326 | | Last Modified: | Apr 19 02:47:32 2000 |
| MD5 Checksum: | fe7e11cad54e919bd29cead6d72f68af |
|
| /// File Name: |
p0f.tgz |
Description:
|
P0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux 2.0/2.2, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.na.export.pl | | File Size: | 14685 | | Last Modified: | Jun 13 20:31:01 2000 |
| MD5 Checksum: | d461b6d2c9103f7fe52a387570ff87bc |
|
| /// File Name: |
bobek.c |
Description:
|
Bobek.c is a Wu-Ftpd 2.6.0 remote root exploit (updated 05/08/2000). Bug is in the SITE EXEC command, an account is not required as anonymous access is enough. Tested against Redhat 6.2, FreeBSD 3.4-STABLE, and FreeBSD 5.0-CURRENT.
| | Author: | Venglin | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 14677 | | Last Modified: | Dec 6 03:10:00 2000 |
| MD5 Checksum: | 72aa028cb868dcaf240a98d147e3f193 |
|
| /// File Name: |
proftpd.c |
Description:
|
Your ultimate proftpd pre0-3 exploiting toolkit based on adm-wuftpd by duke and kombajn do czere^vni by Lam3rZ.
| | Author: | Venglin | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 11530 | | Last Modified: | Mar 25 22:04:00 2000 |
| MD5 Checksum: | 980e949baa7fff05ee7b182a7eff1270 |
|
| /// File Name: |
smegma_v0.2.tgz |
Description:
|
SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 11102 | | Last Modified: | Jul 8 07:56:51 2000 |
| MD5 Checksum: | 42981bfacdfe3138a8734be57bbed972 |
|
| /// File Name: |
plogd2.c |
Description:
|
Plogd v2 (Revision 1.5) is a syn/udp/icmp packet logger for freebsd.
| | Author: | Przemyslaw Frasunek | | Homepage: | http://freebsd.lublin.pl/ | | Changes: | Fixed fd leak, misc bugfixes. | | File Size: | 10613 | | Last Modified: | Apr 26 02:49:08 2000 |
| MD5 Checksum: | eef674504b75af8c3aa2b70b04a1ae7d |
|
| /// File Name: |
standalone.sh |
Description:
|
A sample ipchains firewall script, featuring many options you can uncomment.
| | Author: | eth0 | | Homepage: | http://www.b0f.com | | File Size: | 9223 | | Last Modified: | Feb 29 04:25:22 2000 |
| MD5 Checksum: | ad8cd3cb215727d8aee7557438a2bc20 |
|
| /// File Name: |
mod_backdoor.c |
Description:
|
Apache DSO backdoor - A get request to a "special" url allows remote command execution.
| | Author: | Slash | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 8809 | | Last Modified: | Jun 5 20:52:24 2000 |
| MD5 Checksum: | 84e2f164eca988c6647d0dc512f4536c |
|
| /// File Name: |
bugzilla.txt |
Description:
|
BufferOverflow Advisory: Unchecked system call in Bugzilla 2.8. The script used to submit new bugs, process_bug.cgi, is vulnerable because it does not check the contents of the who field. Includes perl remote exploit code.
| | Author: | {} | | Homepage: | http://root66.nl.eu.org | | File Size: | 8782 | | Last Modified: | May 12 03:00:26 2000 |
| MD5 Checksum: | e31f4178d743cb63cb655661d9f6c3d2 |
|
| /// File Name: |
namedscan.c |
Description:
|
Namedscan.c finds the version of a remote nameserver.
| | Author: | eth0 of buffer0verfl0w | | File Size: | 8084 | | Last Modified: | Jan 1 21:02:00 2000 |
| MD5 Checksum: | 0f142db9343f27f226412e74c61eaa7b |
|
| /// File Name: |
aurora.tgz |
Description:
|
Project aurora is lamagra's non-blind LAN spoofing project. It can be used to create TCP connections from a non-existing box or another box in the network. The biggest problem while spoofing was guessing the sequence numbers to acknowledge and that the other box always sends back a reset when it receives a SYN|ACK. This used to be solved by abusing small bugs in the tcpip stack.
| | Author: | lamagra | | Homepage: | http://lamagra.seKure.de | | File Size: | 7607 | | Last Modified: | May 5 22:06:34 2000 |
| MD5 Checksum: | 6b276aa4c57241cef0a88d7306e26461 |
|
| /// File Name: |
rip.c |
Description:
|
rip.c is a local exploit for the dump package version 0.3-14 and 0.4b13 (restore binary). Tested against linux, gives a UID=0 shell on 2.2.16, GID=0 on 2.2.15 and below.
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 7097 | | Last Modified: | Jun 14 18:53:14 2000 |
| MD5 Checksum: | 72ac3db000356b4d9dbb3ddbe8d83541 |
|
| /// File Name: |
how.defaced.apache.org.txt |
Description:
|
How www.apache.org was defaced. This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it.Authored By {} and Hardbeat.
| | File Size: | 6220 | | Last Modified: | May 4 23:03:52 2000 |
| MD5 Checksum: | 6fcb5e9296d4d2412c8cd9e03a7ac4d4 |
|
| /// File Name: |
b0f5-Qpopper.txt |
Description:
|
BufferOverflow Security Advisory #5 - Remote shell via Qpopper2.53. qpop_euidl.c exploit included. Requires a qpop account and gives UID mail.
| | Author: | Prizm | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 5946 | | Last Modified: | May 24 21:55:59 2000 |
| MD5 Checksum: | 2a4401d33c14ffe9385bfcd5c4240512 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
