Since you're here, you may want to take a look at one of my public tools - Brutus, a remote password cracker for Windows (no UN*X version I'm afraid, yet.)
| File Name | Brief Description | |
| ntpptp.c | NT 4.0 SP3 PPTP denial of service attack exploit. | |
| ntpwgrabber.txt | A false DLL can be stored in the system32 directory under Windows NT which collects passwords in plain text. | |
| libcrypt.tgz | The libcrypt.so, _RDL_ROOT telnetd env var root exploit for irix systems. | |
| imapd_scan.sh | This script will scan (and exploit) an entire subnet for imap2 vulnerabilitles. | |
| qmail_dos.c | Runs a qmail system out of memory by feeding an infinite amount of recipients. | |
| ping_bug.txt | Users of pine can overwrite any file in their home directory despite permissions. | |
| latierra.c | An enhanced version of land.c which works better against NT SP3 among other things. | |
| rip.c | RIP (Routing Information Protocol) Version 1 Spoofer | |
| imaps.tar.gz | Serveral different versions of the remote imapd buffer overflow exploit. | |
| automount.c | The automountd exploit for SunOS 5.5.1 let's you issue remote commands. | |
| xfree86.txt | Using XFree86, oridinary users can read any file with root permissions. | |
| lownoise.txt | Exploit for Digital Unix v4.0 that let's you create a writeable /.rhosts file. | |
| land.c | Crash Windows by sending a spoofed packet from a host on an open port setting as source the same host and port. | |
| teardrop.c | Exploits the overlapping IP fragment bug present in all Linux kernels and NT 4.0 / Windows 95 (others?) | |
| pentium_bug.c | Denial of service attack for the Intel Pentium CPU for any operating system. | |
| linux_perl.txt | It is still possible to overwrite a buffer a get root on Linux via sperl 5.003. | |
| lizards.txt | Explains how to get root on Slakware 3.4 from the suid lizards game. | |
| evil-term.c | This is the remote buffer overflow termcap exploit for BSDI BSD/OS 2.1. | |
| dgux_xterm.txt | On Digital Unix 4.0B, causing, xterm to core can overwrite arbitrary files. | |
| php_exploit.c | mlog.html and mylog.html w/ PHP dist. can be used to read arbitrary files. | |
| wwwcount.c | Exploits Count.cgi, allowing remote exececution of arbitray commands. | |
| ciscocrack.c | This contains script and source for decrypting cisco encrypted passwords. | |
| wm_exploit.c | Overwrites a buffer in 'wm' from Ideafix package for Linux, giving root. | |
| brute_ssl.c | This program will brute force it's way into secure and non-secure webservers. | |
| sr-crash.c | Source routing exploit for Linux v1.0.x-v1.3.x that causes the kernel to panic. | |
| aix_ping.c | Overwrites a buffer in gethostbyname(), giving root access. | |
| aix_lchangelv.c | Another buffer overrun that gives root on AIX 4.x machines. | |
| aix_xlock.c | This will overwrite a buffer in /usr/bin/X11/xlock giving root. | |
| web_sniff.c | A Linux sniffer that is designed to retrieve web usernames and passwords. | |
| arp_fun.txt | ICMP and arp can be used to deny service and spoof other hosts on the LAN. | |
| xf86_ports.txt | A normal user can run X on a reserved port thus blocking legitmate daemons. | |
| hostscan.cmd | OS/2 Rexx-script that scans hosts by IP-adresses | |
| solaris_telnet.c | A program designed to attack a Solaris 2.5 box, making it totally unresponsive. | |
| identd_attack.txt | A massive amount of authorization requests can render a system unusable. | |
| secure_shell.txt | Using SSH, a non-root user can open privleged ports and redirect them. | |
| sshd_redirect.txt | Any normal user can redirect privileged ports using secure shell daemon. | |
| medax_linux.tgz | A TCP sequence number predictor that also lets you execute commands. | |
| samba_exploit.txt | Local and remote exploit for samba that sends an xterm back to your display. | |
| bsd_procfs.c | In /proc under FreeBSD 2.2.1, you can modify a setuid executable's memory. | |
| zgv_exploit.c | This will overwrite a buffer in /usr/bin/zgv on Redhat Linux systems, giving root. | |
| heroin.c | This sample source illustrates the dangers of Linux modules in the kernel. | |
| sgi_html.txt | It is possible to execute remote commands on IRIX 6.3 and 6.4 via /usr/sysadm. | |
| ipd_probe.txt | The Internet Probe Droid can scan massive amounts of hosts very quickly. | |
| smurf.c | Spoofs IMCP packets resulting in multiple replies to a host from a single packet. | |
| in.comstat.txt | If a user has biff y on, in.comstat can be used increase the system load. | |
| bind_nuke.txt | Bind8.1.(1) can't update the same RR more than once in the same DNS packet. | |
| chkexploit_1.13.tgz | A shell script for Linux that checks for some publicly available exploits. | |
| syslog_deluxe.c | Lets you write spoofed and arbitrary messages to another machine's syslogd. | |
| dgux_fingerd.txt | The fingerd that ships w/ dgux allows remote execution of arbitrary commands. | |
| smb_mount.c | This overwrites a buffer on Linux systems in smbmount from smbfs-2.0.1. | |
| nmap.1.25.tar.gz | nmap is a utility for port scanning large networks and currently runs on Linux. | |
| innd_exploit.c | Overwrites a buffer in innd on Linux x86 systems thus giving a remote shell. | |
| smlogic.c | This is a fully functional logic bomb designed render Linux systems unuseable. | |
| intruderf.c | A trojan for Linux system that mails you user's names and passwords. | |
| ld.so.c | Overwrites a buffer via LD_PRELOAD env. variable, giving root on Linux. | |
| sol_syslog.txt | If Solaris syslogd gets a message and it can't resolve the sender's IP, it dies. | |
| promisc.c | This program will scan your network devices to detect running sniffers. | |
| solaris_ping.txt | On Solaris 2.x systems, any user can crash or reboot the system using ping. | |
| seyon_exploit.sh | Exploit for seyon, giving you the euid or egid of whatever seyon is suid to. | |
| aixdtaction.c | Overwrites a buffer in /usr/dt/bin/dtaction giving root access. | |
| datapipe.c | Makes a pipe between a listen port on localhost and a port on a remote machine. | |
| sping.tar.gz | Linux binary and source of 'sping' which causes Win95 machines to crash. | |
| linux_httpd.c | Overwrites a buffer in NSCA httpd v1.3 on linux systems, giving a remote shell. | |
| sgi_cgihandler.txt | On IRIX systems, /cgi-bin/handler can be used to issue arbitrary commands. | |
| wuftpd_umask.txt | The umask for wuftpd 2.4.2-b13 is 002 making files group writeable by anyone. | |
| majordomo.txt | Local and remote users can execute arbitrary commands from majordomo. | |
| glimpse_http.txt | Glimpse HTTP (Interface to Glimpse Search Tool) can issue remote commands. | |
| pandora.tgz | This is the Unix version of the Netware version 4.x NDS cracking utility. | |
| telnet_core.txt | On Linux systems, it is possible to get part of the shadow file w/ cores. | |
| fake_ps.txt | Checks for 'ps' trojans by running 'ps' and checking results against /proc. | |
| hpux-cue.txt | On HP 10.20, users can truncate arbitrary files using the setuid cue program. | |
| rpc.mountd_bug.txt | One can see what files a machine contains by looking at rpc.mountd responses. | |
| ircd_kill.c | Overwrites a buffer in ircII daemons, causing a segmentation fault in the server. | |
| lpboost.c | A simple program demonstrating problems with PLP/LPRng user authenticiation. | |
| imapd_4.1b.txt | It's possible to crash imapd, thus leaving shadow and password files in core file. | |
| sneakin.tgz | A way to 'reverse telnet' from a box behind a firewall that allows ICMP packets. | |
| qmail.tar.gz | This is a replacement sendmail-binmail system providing security and efficiency. | |
| h_rpcinfo.tar.gz | Allows you to sneak past port filters on port 111 and get dumps of RPC services. | |
| synlog-0.4.tar.gz | Synlog monitors half open TCP connections such as synfloods or synscans. | |
| net_rpm.txt | Redhat Package Manager (rpm) can be used to overwrite arbitrary files. | |
| wrapper-v2.tgz | This is a generic wrapper to prevent the exploitation of suid/sgid programs. | |
| solaris_ifreq.c | On Solaris, users can do control requests on a root created socket descriptor. | |
| longpath.sh | Script that implements a long path attack causing various problems on Linux. | |
| logarp.tar.gz | Useful for seeing if users on your subnet are "stealing" IP addresses. | |
| aix_dtterm.c | This will overwrite a buffer in /usr/dt/bin/dtterm, giving root. | |
| campus_cgi_hole | Describes a hole in campus cgi which allows execution of remote commands. | |
| listhosts.c | A host resolving program based on nslookup and other pieces of named tools. | |
| irix-wrapper.c | Wraps programs on IRIX to prevent command line argument buffer overruns. | |
| irix-df.c | This will overwrite a buffer in /bin/df on IRIX systems, thus giving a root shell. | |
| irix-dp.c | Overwrites a buffer in /usr/lib/desktop/permissions, giving egid of sys on IRIX. | |
| irix-login.c | This will overwrite a buffer in /bin/login on IRIX systems, giving root. | |
| irix-xlock.c | This will give root by overwriting a buffer in /usr/bin/X11/xlock on IRIX. | |
| synsniff.tar.gz | Script in perl which watches for inbound connections (SYN's) and logs them. | |
| SunOS_crash.txt | Reading /dev/tcx0 on a SunOS 4.1.4 Sparc 20 causes a system panic. | |
| imapd_exploit.c | Get remote root access on Redhat systems by overwriting a buffer in impad. | |
| xlock.c | On Linux systems, this will overwrite a buffer in setuid xlock, giving root access. | |
| phobia.tgz | This utility does a scan of an internet host looking for various vulnerabilities. | |
| elm_exploit.c | Overwrites a buffer in Elm and Elm-ME+ on Linux via TERM environ. variable. | |
| daynotify.sh | This script will exploit a bug in SGI's Registration Software under IRIX 6.2. | |
| brute_web.c | This program will brute force it's way into a web server giving a user and passwd. | |
| tcpdump.tar.Z | Tool for network monitoring and data acquisition (needs library packet capture). | |
| winnuke.c | Sends Out of Band Data to a Win95/NT computer causing panics and reboots. | |
| sperl.tgz | Overwrites a buffer in the sperl5.001 and sperl5.003, thus giving root access. | |
| dip-prob.txt | Dip will allow an ordinary user to gain control of arbitrary devices in /dev. | |
| nlspath.txt | Exploits for ping, minicom, su and others on Linux via NLSPATH env. variable. | |
| solaris_lp.sh | Script for Solaris that breaks lp, then use lp priv to break root (or bin, etc...). | |
| AIX_mount.c | Overwrites a buffer in /usr/sbin/mount on AIX 4.x systems. | |
| vold_prob.txt | It is possible to corrupt CDROM management on Solaris by changing block size. | |
| fdformat-ex.c | This will overwrite a buffer in /usr/bin/fdformat on Solaris 2.x systems giving root. | |
| sunos-ovf.tar.gz | This program is designed to test buffer overflows on SunOS 4.1.x boxes. | |
| cxterm.c | Overwrites a buffer in Chinese xterm Linux systems, thus giving root access. | |
| color_xterm.c | This will overwrite a buffer in /usr/X11/bin/color_xterm, giving root on Linux. | |
| pepsi.c | This program is a random source host UDP flooder that compiles under Linux. | |
| tlnthide.c | Allocates a port and sets up a telnet gateway making it difficult to trace telnets. | |
| jping.tar.gz | This is another simple IMCP flooding program that compiles under Linux. | |
| LPRng.tgz | A light weight printing system especially designed with security in mind. | |
| jolt.c | Sends oversized fragmented packets to Win95 boxes causing them to lock up. | |
| utclean.c | This will remove your presence from wtmp, wtmpx, utmp, utmpx, and lastlog. | |
| eject.c | Overwrites a buffer on Solaris 2.x systems in /usr/bin/eject, giving a root shell. | |
| puke.c | Spoofs an ICMP unreachable error to a target, causing connection drops. | |
| webs099.tgz | A minimalist web server designed primarily for security and handles redirects. | |
| talkd.txt | This explains how to get root remotely by overwriting a buffer in in.talkd. | |
| pingmod.tar.gz | A very flexible pinging program that is able to fake ICMP packets and more. | |
| rbone.tar.gz | Another IP spoofer type program that guesses TCP sequence numbers. | |
| bsd_cxterm.c | This will overwrite a buffer in xterm_color on BSD systems, giving root. | |
| udpstorm.tgz | This is an implenmentation of the udpstorm attack. Works with Linux. | |
| jakal.c | Portscanner that avoids logging by not completing the 3-way TCP handshake. | |
| lin_probe.c | This overwrites a buffer in /usr/X11/bin/SuperProbe on Linux, thus giving root. | |
| AIX_host.c | Overwrites a buffer in gethostbyname() giving a root shell. | |
| sgi_systour.txt | Exploit for /usr/lib/tour/bin/RemoveSystemTour on IRIX 5.3 & 6.2 that gives root. | |
| connect.c | Crashes AIX 4.1.4, AIX 4.1.5, HP-UX 10.01, and HP-UX 9.05. | |
| sol2.5_nis.txt | This show how to exploit /usr/lib/nis/nispopulate on Solaris 2.5 systems. | |
| xdm_bugs.txt | Shows how to deny service from xdm. It also doesn't close file handles correctly. | |
| crack-2a.tgz | Unix Password Cracker 2.0(a) by Scooter Corp. (Comes with crack dictionary). | |
| lilo-exploit.txt | Get root on the lastest versions of Linux (at the console) using LD_PRELOAD. | |
| rsucker.pl | Perl script that acts as a fake r* daemon and logs usernames sent from clients. | |
| synk4.c | An improved Syn Flooder that also supports a random IP spoofing mode. | |
| portmap_5b.tar.gz | Portmapper that supports access control in the style of the tcp wrapper package. | |
| irix-login.txt | On Irix systems /var/adm/badlogin has failed logins and passwords in clear text. | |
| iebugs.tar.gz | Microsoft Internet Explorer bugs one through six in text and html format. | |
| arnudp.c | Shows how to send single UDP packets from an arbitray souce/destination. | |
| sun-reboot.txt | By typing: perl -e 'print "\e[1J"' you can reboot a sun ultra sparc at the console. | |
| cgiwrap-3.22.tgz | This is a gateway that allows a more secure user access to CGI programs. | |
| fastcracker.tgz | This program is designed to quickly crack DES encrypted passwords. | |
| pma.tar.gz | Poor Man's Access - A daemon that lets you issue shell commands remotely. | |
| lpr_bugs.txt | It is possible to create, read, and delete any file on the system using lpr/lpd. | |
| vsr.tar.gz | A loadable module for SunOS systems that creates a virtual IP interface. | |
| makedir.txt | Programs to create thousands of directories and to delete these directories. | |
| tcpprobe.c | This is a tcp portscanner that shows accepted connections on a remote host. | |
| locktcp.c | This program will freeze a Solaris/x86 2.5.1 systems, causing denial of service. | |
| irix-wrap.txt | This shows how to get a listing of directories (755) from cgi-bin/wrap on Irix 6.2. | |
| block.c | Stops users from logging in by monitoring utmp and closing down user's tty ports. | |
| tin_problem.txt | rtin/tin creates /tmp/.tin_log w/ mode of 0666 in /tmp and follows symbolic links. | |
| sun_patch.sh | If you have a sun SPARC, this script will stop all forms of buffer overrun attacks. | |
| riputils.tgz | This is a set of routing internet protocol utilities designed for Linux systems. | |
| ipbomb.c | This will attack a target host by sending various sizes and numbers of IP packets. | |
| test-cgi.txt | Using the CGI program test-cgi, you can inventory files on remote systems. | |
| lquerypv.txt | On AIX systems you can read any file (in hex) on the system with lquerypv. | |
| cops_104.tar.gz | (Computer Oracle & Password System) checks for Unix misconfigurations. | |
| Crack v5.0 | Got access to password or shadow file? Shows what other user's passwords are. | |
| Crack Dictionary | This is a general 50,000 word dictionary for use with Crack or other programs. | |
| Esniff.c | This is the source code for basic ethernet Sniffer. ( Straight out of Phrack ). | |
| fakerwall.c | Lets you send an rwall message from an arbitrary host of your choice. | |
| fping | Like UNIX ping(1), but allows efficient pinging of a large list of hosts. | |
| simping.c | Simulates the "ping -l 65510 victim.host" from Win95 - also compiles on Linux. | |
| bind.txt | This describes a potenital denial of service problem with BIND-4.9.5-P1. | |
| pong.c | Attacks an arbitrary host by sending a flood of spoofed ICMP packets. | |
| jizz.c | A DNS spoofer that exploits the cache vulnerability in most BIND daemons. | |
| any-erect.c | Another DNS spoofing type program much like jizz.c. Compiles on Linux. | |
| hide.c | Exploits a world-writeable /etc/utmp and allow the user to modify it interactively. | |
| hsh002.c | This is a neat little shell for experimentation with lots of interesting features. | |
| netpipes4.0.tgz | A package (that comes w/ Linux) to manipulate BSD TCP/IP stream sockets. | |
| nfswatch4.1.tar.Z | This lets you monitor NFS requests to any given machine or the entire network. | |
| nfstrace.tgz | This nfstrace package lets you to perform NFS tracing by network monitoring. | |
| wuftpd-owrite.sh | Exploit for wu-ftpd to create or overwrite a file anywhere on the filesystem. | |
| wuftpd-sdump.sh | Exploit a bug in wu-ftpd to assemble and view the shadow password file. | |
| shadowyank.c | Reconstructs the shadow entries from a core file from ftp daemon segmenting. | |
| ICMPinfo V1.10 | ICMPinfo is a tool for looking at ICMP messages received on the running host. | |
| ident-scan.c | TCP scanner that gets the username of the daemon running on the specified port. | |
| ascend.txt | Program for Linux designed to attack Ascend routers with zero length tcp offsets. | |
| gzip.txt | While a file is being compressed with gzip it is world readable to all users. | |
| iss13.tar.gz | The Internet Security Scanner scans subnets and collects info. about hosts. | |
| libc.so.5 | A hacked libc.so.5 for Linux that spawns a shell when a call is made to crypt(). | |
| sdtcm_convert.txt | Explains to how to exploit sdtcm_convert on Solaris boxes to get root access. | |
| mnt.tar.gz | Exploits a bug in HP-UX 9 rpc.mountd program and gives you NFS file handles. | |
| netcat (V1.10) | Like Unix cat(1) but this one talks network packets (TCP or UDP). | |
| NFS Shell | This should be very useful if you have located an insecure NFS server. | |
| pmcrash.c | This allows you to crash ANY Livingston PortMaster by overflowing buffers. | |
| pop3.c | Attemps mulitple username/password guesses on machines running POP3. | |
| psrace.c | Exploits a race condition in Solaris, thus allowing you to make a root shell. | |
| Root Kit | Programs like ps, ls, & du that are modified to hide certain files & processes. | |
| rpc_chk.sh | Script to get a list of running hosts from a DNS nameserver for a given domain. | |
| seq_number.c | This is a program that exploits the TCP Sequence Number Generator bug. | |
| asppp.txt | On Solaris 2.5x86, /tmp/.asppp.fifo can make a world writeable .rhosts file. | |
| kcms.txt | Get root on Solaris 2.5 by exploiting /usr/openwin/bin/kcms_calibrate. | |
| remove.c | A universal utmp, wtmp, and lastlog editor that also compiles under AIX & SCO. | |
| kmemthief.c | If /dev/kmem is writeable by normal users, then this program will get you root. | |
| slammer | Slammer lets you issue arbitray commands on hosts by exploting yp daemons. | |
| socket_demon13.zip | Daemon that sits on a specified IP port and provides passworded shell access. | |
| Solaris Sniffer | This is a version of ESniff.c that has been modified for Solaris 2.X. | |
| xpusher.c | This is a neat way to send keyboard events to another user's X window. | |
| xsnoop.c | This program allows you to spy on another user's keyboard events like xkey.c | |
| Strobe (V1.03) | Scans TCP ports on a target host and reveals which daemons are running. | |
| Tiger (V2.2.3) | Tiger attemps to exploit known bugs, holes, and misconfigurations to attain root. | |
| lquerylv.c | Overwrites a buffer in /usr/sbin/lquerylv on AIX systems, thus giving a root shell. | |
| Traceroute | Traceroute is an indispensable tool for troubleshooting and mapping your network. | |
| open_bug.txt | On {Free,Open,Net}BSD, open() returns a file descriptor to a protected devices. | |
| udpscan.c | Identifys open UDP ports by sending bogus UDP packets and wait for responses. | |
| portd.c | A daemon that listens on a port and provides passworded shell access. | |
| pingexploit.c | This lets you send oversized ICMP packets from a unix box just like Win95. | |
| checksyslog.tgz | Analyze your system logs for security problems while ignoring normal behavior. | |
| dosemu.txt | On Debian v1.1, /usr/sbin/dos can be used to read any file on the system. | |
| yaping.0.1.tgz | Yet another ping for Linux. Packets of size > 65535 octets are supported. | |
| xcrowbar.c | Source code that gets you a pointer to an X Display even after an xhost - | |
| xkey.c | Attach to any X server you have permission to and watch the user's keyboard. | |
| xwatchwin.tar.gz | If you got access to another's X server,this shows the window on your X-server. | |
| messages.sh | Parses through /var/adm/messages to see if user typed password at login prompt. | |
| FreeBSDmail.txt | This exploit will overwrite a buffer on sendmail 8.6.12 running on FreeBSD 2.1.0. | |
| securelib.tar.Z | Shared library for SunOS 4.1 and later that will help protect your RPC daemons. | |
| ypsnarf.c | This handy little program will get you yp domain names, yp maps, and yp maplists. | |
| ypx.tgz | Guesses NIS domain namesand also extract the maps directly from domains. | |
| ftp-scan.c | This program exploits the ftp protocol to let you scan services on firewalls. | |
| rdist-ex.c | Writes past a buffer, straight onto the stack, giving a root shell on FreeBSD. | |
| ttywatcher-1.1b.tgz | ttywatcher lets a user monitor and interact with every tty on the system. | |
| splitvt.c | An older exploit for Linux that overwrites a buffer in /usr/bin/splitvt, giving root. | |
| mount-ex.c | All Linux versions are vulnerable to this buffer overflow attack on suid mount. | |
| perl-ex.sh | perl-ex.sh is a simple little sperl script that gives you a root shell via suidperl. | |
| sndmail8.8.4.txt | This will explain how to exploit sendmail version 8.8.4 to get root access. | |
| irix-xhost.txt | In the default setup on Irix, xhost is set to global access for console logins. | |
| aix_bugfiler.txt | On AIX 3.x, /lib/bugfiler can be used to circumvent file access restrictions. | |
| mod_ldt.c | Gives access to all of Linux's linear memory to user processes at will. | |
| dipExploit.c | Linux dip Exploit. Overwrite a buffer in do_chatkey(), thus giving you a root shell. | |
| rexecscan.txt | The rexecd can be used easily to scan the client host from the server host. | |
| rpcs.01b.tar.gz | This is program that is designed to scan subnets for rpc services. | |
| rxvtExploit.txt | Exploits a popen() call issued by rxvt on Linux machines, thus giving a root shell. | |
| nfsbug.c | Demonstates a security problem in unfsd guessing the file handle of the root FS. | |
| abuse.txt | Exploit for Red Hat 2.1 that gives a root shell by exploitng abuse.console. | |
| xtermOverflo.c | A program that overwrites a buffer in libXt.so while xterm is suid to root. | |
| resolv+.exp | Quick and Simple way to read the /etc/shadow file as well as many other things. | |
| resizeExp.txt | Another Red Hat 2.1 exploit for resizecons due to lack of absolute pathnames. | |
| qcrack.tar.gz | qcrack gives increased cracking speeds at the expense of disk space. | |
| Linux rootkit | A rootkit designed for Linux systems. Comes with ps, netstat, and login. | |
| X webcomber | A cool little tool that lets you search for things (like hacking) on the web. | |
| gpm-exploit.txt | This will get root on Linux systems using /usr/games/doom/killmouse. | |
| pingflood.c | This pings floods a host, thus wasting bandwidth and denying service. | |
| telnetd exploit | This will create a shared library that gives a root shell remotely or locally. | |
| balk.pl | This is a perl script that will mess up another's users tty using talk/ntalk. | |
| wallflash.c | This will mess up another user's tty remotely via remote write all (rwall). | |
| pop3d exploit | Read the contents of the mail spool of a user when they connect to in.popd. | |
| popper.txt | Some versions of (q)popper from qualcomm allow you to read other user's mail. | |
| vif.tar.gz | This code lets you have multiple IP addresses for a single interface. | |
| amod.tar.gz | Amodload is a tool which allows the loading of arbitrary code into SunOS kernels. | |
| getethers1.6.tgz | getthers scans all address on an ethernet and producing a hostname/ethernet list. | |
| rootkitSunOS.tgz | Here is another root kit designed for SunOS operating systems. Lots of cool stuff. | |
| demonKit-1.0.tar.gz | A suite of trojan programs opening back doors to root on a Linux system. | |
| eviltelnetd | telnet-hacked.tgz is a hacked telnet daemon that gives a root shell w/o password. | |
| cfexec.sh | This let's you issue arbitrary commands as root on GNU cfingerd 1.0.1. | |
| NFS Problems | Shows some potential problems with Linux in.nfsd concerning read-only exports. | |
| cdromvuln.txt | If Linux CD is mounted w/ suid flag, old exploits still work on live filesystem. | |
| vixie.c | On Redhat Linux systems this will overwrite a buffer in crontab, thus giving root. | |
| linsniffer.c | A Linux Sniffer that shows you incoming TCP packets on most ports. | |
| rshd_problem.txt | You can figure out valid usernames by examining the response from in.rshd. | |
| linux_sniffer.c | Another Linux sniffer much like the one above. Shows more detailed TCP info. | |
| sniffit.0.3.5.tar.gz | A very flexible network sniffer that has many interesting features (like curses). | |
| Sol2.4Core.txt | Solaris 2.4 exploit that lets you to overwrite files when a suid prog. core dumps. | |
| SolAdmtool.txt | On Solaris 2.5, the Admintool can be used to create a writeable /.rhosts file. | |
| irix-netprint.txt | On IRIX, /usr/lib/print/netprint calls 'disable' without specifying absolute path. | |
| SYNpacket.tgz | Floods a port with TCP packets w/ SYN bit turned on causing inetd to segment. | |
| login_trojan.c | A login trojan program to be run at the console to get other user's passwords. | |
| phf.c | A quick way to scan for hosts that still have the phf bug which gives /etc/passwd. | |
| phfprobe.pl | This tries to find out as much information about the person calling phf as possible. | |
| SYNWatch.tar.gz | This program watches for TCP packets with the SYN bit turned on. | |
| pinglogger.tar.gz | Logs all ICMP packets to a log file so you can see who is ping flooding you. | |
| screen.txt | On BSDi boxes, you can use /usr/contrbi/bin/screen to read /etc/master.passwd. | |
| ftpBounceAttack | Implementation of the ftp Bounce Attack allowing you to anonymously do things. | |
| grabem.c | A very simple program to get passwords from users logging in on the console. | |
| tcpview.c | Another sniffer type program designed for Sun OS 4.1 architectures using /dev/nit. | |
| pcnfsd.c | Allows local users to chmod arbitrary directories on hosts running pcnfsd. | |
| netcraft.tgz | Contains various (and older) web security issues and exploits from Netcraft. | |
| superforker.c | This is a supercharged version of the classic fork() denia |