imaps.tar.gz - | Serveral different versions of the remote imapd buffer overflow exploit.
statdx86.c - | Remotely create or delete any file as root on Solaris 2.5.1 x86 using statd.
statd.sunos54 - | The binary remote statd overflow for sunos 5.4, will run on any sun 4.1.x.
automount.c - | The automountd exploit for SunOS 5.5.1 let's you issue remote commands.
libcrypt.tgz - | The libcrypt.so, _RDL_ROOT telnetd env var root exploit for irix systems.
xfree86.txt - | Using XFree86, oridinary users can read any file with root permissions.
lownoise.txt - | Exploit for Digital Unix v4.0 that let's you create a writeable /.rhosts file.
land.c - | Crash WFW311, Win95, and WinNT by sending a spoofed packet with the SYN flag from a host on an open port setting as source the same host and port.
teardrop.c - | Exploits the overlapping IP fragment bug present in all Linux kernels and NT 4.0 / Windows 95 (others?)
pentium_bug.c - | Denial of service attack for the Intel Pentium CPU for any operating system.
linux_perl.txt - | It is still possible to overwrite a buffer a get root on Linux via sperl 5.003.
lizards.txt - | Explains how to get root on Slakware 3.4 from the suid lizards game.
evil-term.c - | This is the remote buffer overflow termcap exploit for BSDI BSD/OS 2.1.
dgux_xterm.txt - | On Digital Unix 4.0B, causing, xterm to core can overwrite arbitrary files.
php_exploit.c - | mlog.html and mylog.html w/ PHP dist. can be used to read arbitrary files.
wwwcount.c - | Exploits Count.cgi, allowing remote exececution of arbitray commands.
ciscocrack.c - | This contains script and source for decrypting cisco encrypted passwords.
wm_exploit.c - | Overwrites a buffer in 'wm' from Ideafix package for Linux, giving root.
brute_ssl.c - | This program will brute force it's way into secure and non-secure webservers.
imapd_scan.sh - | This script will scan (and exploit) an entire subnet for imap2 vulnerabilitles.
sr-crash.c - | Source routing exploit for Linux v1.0.x-v1.3.x that causes the kernel to panic.
aix_ping.c - | Overwrites a buffer in gethostbyname(), giving root access.
aix_lchangelv.c - | Another buffer overrun that gives root on AIX 4.x machines.
aix_xlock.c - | This will overwrite a buffer in /usr/bin/X11/xlock giving root.
web_sniff.c - | A Linux sniffer that is designed to retrieve web usernames and passwords.
arp_fun.txt - | ICMP and arp can be used to deny service and spoof other hosts on the LAN.
xf86_ports.txt - | A normal user can run X on a reserved port thus blocking legitmate daemons.
hostscan.cmd - | OS/2 Rexx-script that scans hosts by IP-adresses
solaris_telnet.c - | A program designed to attack a Solaris 2.5 box, making it totally unresponsive.
identd_attack.txt - | A massive amount of authorization requests can render a system unusable.
secure_shell.txt - | Using SSH, a non-root user can open privleged ports and redirect them.
sshd_redirect.txt - | Any normal user can redirect privileged ports using secure shell daemon.
medax_linux.tgz - | A TCP sequence number predictor that also lets you execute commands.
samba_exploit.txt - | Local and remote exploit for samba that sends an xterm back to your display.
bsd_procfs.c - | In /proc under FreeBSD 2.2.1, you can modify a setuid executable's memory.
zgv_exploit.c - | This will overwrite a buffer in /usr/bin/zgv on Redhat Linux systems, giving root.
heroin.c - | This sample source illustrates the dangers of Linux modules in the kernel.
sgi_html.txt - | It is possible to execute remote commands on IRIX 6.3 and 6.4 via /usr/sysadm.
ipd_probe.txt - | The Internet Probe Droid can scan massive amounts of hosts very quickly.
smurf.c - | Spoofs IMCP packets resulting in multiple replies to a host from a single packet.
in.comstat.txt - | If a user has biff y on, in.comstat can be used increase the system load.
bind_nuke.txt - | Bind8.1.(1) can't update the same RR more than once in the same DNS packet.
chkexploit_1.13.tgz - | A shell script for Linux that checks for some publicly available exploits.
syslog_deluxe.c - | Lets you write spoofed and arbitrary messages to another machine's syslogd.
dgux_fingerd.txt - | The fingerd that ships w/ dgux allows remote execution of arbitrary commands.
smb_mount.c - | This overwrites a buffer on Linux systems in smbmount from smbfs-2.0.1.
nmap.1.25.tar.gz - | nmap is a utility for port scanning large networks and currently runs on Linux.
innd_exploit.c - | Overwrites a buffer in innd on Linux x86 systems thus giving a remote shell.
smlogic.c - | This is a fully functional logic bomb designed render Linux systems unuseable.
intruderf.c - | A trojan for Linux system that mails you user's names and passwords.
ld.so.c - | Overwrites a buffer via LD_PRELOAD env. variable, giving root on Linux.
sol_syslog.txt - | If Solaris syslogd gets a message and it can't resolve the sender's IP, it dies.
promisc.c - | This program will scan your network devices to detect running sniffers.
solaris_ping.txt - | On Solaris 2.x systems, any user can crash or reboot the system using ping.
seyon_exploit.sh - | Exploit for seyon, giving you the euid or egid of whatever seyon is suid to.
aixdtaction.c - | Overwrites a buffer in /usr/dt/bin/dtaction giving root access.
datapipe.c - | Makes a pipe between a listen port on localhost and a port on a remote machine.
sping.tar.gz - | Linux binary and source of 'sping' which causes Win95 machines to crash.
linux_httpd.c - | Overwrites a buffer in NSCA httpd v1.3 on linux systems, giving a remote shell.
sgi_cgihandler.txt - | On IRIX systems, /cgi-bin/handler can be used to issue arbitrary commands.
wuftpd_umask.txt - | The umask for wuftpd 2.4.2-b13 is 002 making files group writeable by anyone.
majordomo.txt - | Local and remote users can execute arbitrary commands from majordomo.
glimpse_http.txt - | Glimpse HTTP (Interface to Glimpse Search Tool) can issue remote commands.
pandora.tgz - | This is the Unix version of the Netware version 4.x NDS cracking utility.
telnet_core.txt - | On Linux systems, it is possible to get part of the shadow file w/ cores.
fake_ps.txt - | Checks for 'ps' trojans by running 'ps' and checking results against /proc.
hpux-cue.txt - | On HP 10.20, users can truncate arbitrary files using the setuid cue program.
rpc.mountd_bug.txt - | One can see what files a machine contains by looking at rpc.mountd responses.
ircd_kill.c - | Overwrites a buffer in ircII daemons, causing a segmentation fault in the server.
lpboost.c - | A simple program demonstrating problems with PLP/LPRng user authenticiation.
imapd_4.1b.txt - | It's possible to crash imapd, thus leaving shadow and password files in core file.
sneakin.tgz - | A way to 'reverse telnet' from a box behind a firewall that allows ICMP packets.
qmail_dos.c - | Runs a qmail system out of memory by feeding an infinite amount of recipients.
qmail.tar.gz - | This is a replacement sendmail-binmail system providing security and efficiency.
h_rpcinfo.tar.gz - | Allows you to sneak past port filters on port 111 and get dumps of RPC services.
synlog-0.4.tar.gz - | Synlog monitors half open TCP connections such as synfloods or synscans.
net_rpm.txt - | Redhat Package Manager (rpm) can be used to overwrite arbitrary files.
wrapper-v2.tgz - | This is a generic wrapper to prevent the exploitation of suid/sgid programs.
solaris_ifreq.c - | On Solaris, users can do control requests on a root created socket descriptor.
longpath.sh - | Script that implements a long path attack causing various problems on Linux.
logarp.tar.gz - | Useful for seeing if users on your subnet are "stealing" IP addresses.
aix_dtterm.c - | This will overwrite a buffer in /usr/dt/bin/dtterm, giving root.
campus_cgi_hole - | Describes a hole in campus cgi which allows execution of remote commands.
listhosts.c - | A host resolving program based on nslookup and other pieces of named tools.
irix-wrapper.c - | Wraps programs on IRIX to prevent command line argument buffer overruns.
irix-df.c - | This will overwrite a buffer in /bin/df on IRIX systems, thus giving a root shell.
irix-dp.c - | Overwrites a buffer in /usr/lib/desktop/permissions, giving egid of sys on IRIX.
irix-login.c - | This will overwrite a buffer in /bin/login on IRIX systems, giving root.
irix-xlock.c - | This will give root by overwriting a buffer in /usr/bin/X11/xlock on IRIX.
synsniff.tar.gz - | Script in perl which watches for inbound connections (SYN's) and logs them.
SunOS_crash.txt - | Reading /dev/tcx0 on a SunOS 4.1.4 Sparc 20 causes a system panic.
imapd_exploit.c - | Get remote root access on Redhat systems by overwriting a buffer in impad.
xlock.c - | On Linux systems, this will overwrite a buffer in setuid xlock, giving root access.
phobia.tgz - | This utility does a scan of an internet host looking for various vulnerabilities.
elm_exploit.c - | Overwrites a buffer in Elm and Elm-ME+ on Linux via TERM environ. variable.
daynotify.sh - | This script will exploit a bug in SGI's Registration Software under IRIX 6.2.
brute_web.c - | This program will brute force it's way into a web server giving a user and passwd.
tcpdump.tar.Z - | Tool for network monitoring and data acquisition (needs library packet capture).
winnuke.c - | Sends Out of Band Data to a Win95/NT computer causing panics and reboots.
sperl.tgz - | Overwrites a buffer in the sperl5.001 and sperl5.003, thus giving root access.
dip-prob.txt - | Dip will allow an ordinary user to gain control of arbitrary devices in /dev.
nlspath.txt - | Exploits for ping, minicom, su and others on Linux via NLSPATH env. variable.
solaris_lp.sh - | Script for Solaris that breaks lp, then use lp priv to break root (or bin, etc...).
AIX_mount.c - | Overwrites a buffer in /usr/sbin/mount on AIX 4.x systems.
vold_prob.txt - | It is possible to corrupt CDROM management on Solaris by changing block size.
fdformat-ex.c - | This will overwrite a buffer in /usr/bin/fdformat on Solaris 2.x systems giving root.
sunos-ovf.tar.gz - | This program is designed to test buffer overflows on SunOS 4.1.x boxes.
cxterm.c - | Overwrites a buffer in Chinese xterm Linux systems, thus giving root access.
color_xterm.c - | This will overwrite a buffer in /usr/X11/bin/color_xterm, giving root on Linux.
pepsi.c - | This program is a random source host UDP flooder that compiles under Linux.
tlnthide.c - | Allocates a port and sets up a telnet gateway making it difficult to trace telnets.
jping.tar.gz - | This is another simple IMCP flooding program that compiles under Linux.
LPRng.tgz - | A light weight printing system especially designed with security in mind.
jolt.c - | Sends oversized fragmented packets to Win95 boxes causing them to lock up.
utclean.c - | This will remove your presence from wtmp, wtmpx, utmp, utmpx, and lastlog.
eject.c - | Overwrites a buffer on Solaris 2.x systems in /usr/bin/eject, giving a root shell.
bind-8.1.1.tgz - | Version 8.1.1 of bind with many improvements - (includes documentation).
puke.c - | Spoofs an ICMP unreachable error to a target, causing connection drops.
webs099.tgz - | A minimalist web server designed primarily for security and handles redirects.
talkd.txt - | This explains how to get root remotely by overwriting a buffer in in.talkd.
pingmod.tar.gz - | A very flexible pinging program that is able to fake ICMP packets and more.
rbone.tar.gz - | Another IP spoofer type program that guesses TCP sequence numbers.
bsd_cxterm.c - | This will overwrite a buffer in xterm_color on BSD systems, giving root.
udpstorm.tgz - | This is an implenmentation of the udpstorm attack. Works with Linux.
jakal.c - | Portscanner that avoids logging by not completing the 3-way TCP handshake.
lin_probe.c - | This overwrites a buffer in /usr/X11/bin/SuperProbe on Linux, thus giving root.
AIX_host.c - | Overwrites a buffer in gethostbyname() giving a root shell.
sgi_systour.txt - | Exploit for /usr/lib/tour/bin/RemoveSystemTour on IRIX 5.3 & 6.2 that gives root.
connect.c - | Crashes AIX 4.1.4, AIX 4.1.5, HP-UX 10.01, and HP-UX 9.05.
sol2.5_nis.txt - | This show how to exploit /usr/lib/nis/nispopulate on Solaris 2.5 systems.
xdm_bugs.txt - | Shows how to deny service from xdm. It also doesn't close file handles correctly.
crack-2a.tgz - | Unix Password Cracker 2.0(a) by Scooter Corp. (Comes with crack dictionary).
lilo-exploit.txt - | Get root on the lastest versions of Linux (at the console) using LD_PRELOAD.
rsucker.pl - | Perl script that acts as a fake r* daemon and logs usernames sent from clients.
synk4.c - | An improved Syn Flooder that also supports a random IP spoofing mode.
portmap_5b.tar.gz - | Portmapper that supports access control in the style of the tcp wrapper package.
irix-login.txt - | On Irix systems /var/adm/badlogin has failed logins and passwords in clear text.
iebugs.tar.gz - | Microsoft Internet Explorer bugs one through six in text and html format.
arnudp.c - | Shows how to send single UDP packets from an arbitray souce/destination.
sun-reboot.txt - | By typing: perl -e 'print "\e[1J"' you can reboot a sun ultra sparc at the console.
cgiwrap-3.22.tgz - | This is a gateway that allows a more secure user access to CGI programs.
fastcracker.tgz - | This program is designed to quickly crack DES encrypted passwords.
pma.tar.gz - | Poor Man's Access - A daemon that lets you issue shell commands remotely.
lpr_bugs.txt - | It is possible to create, read, and delete any file on the system using lpr/lpd.
vsr.tar.gz - | A loadable module for SunOS systems that creates a virtual IP interface.
makedir.txt - | Programs to create thousands of directories and to delete these directories.
tcpprobe.c - | This is a tcp portscanner that shows accepted connections on a remote host.
locktcp.c - | This program will freeze a Solaris/x86 2.5.1 systems, causing denial of service.
irix-wrap.txt - | This shows how to get a listing of directories (755) from cgi-bin/wrap on Irix 6.2.
block.c - | Stops users from logging in by monitoring utmp and closing down user's tty ports.
tin_problem.txt - | rtin/tin creates /tmp/.tin_log w/ mode of 0666 in /tmp and follows symbolic links.
sun_patch.sh - | If you have a sun SPARC, this script will stop all forms of buffer overrun attacks.
riputils.tgz - | This is a set of routing internet protocol utilities designed for Linux systems.
ipbomb.c - | This will attack a target host by sending various sizes and numbers of IP packets.
test-cgi.txt - | Using the CGI program test-cgi, you can inventory files on remote systems.
lquerypv.txt - | On AIX systems you can read any file (in hex) on the system with lquerypv.
cops_104.tar.gz - | (Computer Oracle & Password System) checks for Unix misconfigurations.
Crack v5.0 - | Got access to password or shadow file? Shows what other user's passwords are.
Crack Dictionary - | This is a general 50,000 word dictionary for use with Crack or other programs.
Esniff.c - | This is the source code for basic ethernet Sniffer. ( Straight out of Phrack ).
fakerwall.c - | Lets you send an rwall message from an arbitrary host of your choice.
fping - | Like UNIX ping(1), but allows efficient pinging of a large list of hosts.
simping.c - | Simulates the "ping -l 65510 victim.host" from Win95 - also compiles on Linux.
bind.txt - | This describes a potenital denial of service problem with BIND-4.9.5-P1.
pong.c - | Attacks an arbitrary host by sending a flood of spoofed ICMP packets.
jizz.c - | A DNS spoofer that exploits the cache vulnerability in most BIND daemons.
any-erect.c - | Another DNS spoofing type program much like jizz.c. Compiles on Linux.
hide.c - | Exploits a world-writeable /etc/utmp and allow the user to modify it interactively.
hsh002.c - | This is a neat little shell for experimentation with lots of interesting features.
netpipes4.0.tgz - | A package (that comes w/ Linux) to manipulate BSD TCP/IP stream sockets.
nfswatch4.1.tar.Z - | This lets you monitor NFS requests to any given machine or the entire network.
nfstrace.tgz - | This nfstrace package lets you to perform NFS tracing by network monitoring.
wuftpd-owrite.sh - | Exploit for wu-ftpd to create or overwrite a file anywhere on the filesystem.
wuftpd-sdump.sh - | Exploit a bug in wu-ftpd to assemble and view the shadow password file.
shadowyank.c - | Reconstructs the shadow entries from a core file from ftp daemon segmenting.
ICMPinfo V1.10 - | ICMPinfo is a tool for looking at ICMP messages received on the running host.
ident-scan.c - | TCP scanner that gets the username of the daemon running on the specified port.
ascend.txt - | Program for Linux designed to attack Ascend routers with zero length tcp offsets.
gzip.txt - | While a file is being compressed with gzip it is world readable to all users.
iss13.tar.gz - | The Internet Security Scanner scans subnets and collects info. about hosts.
libc.so.5 - | A hacked libc.so.5 for Linux that spawns a shell when a call is made to crypt().
sdtcm_convert.txt - | Explains to how to exploit sdtcm_convert on Solaris boxes to get root access.
mnt.tar.gz - | Exploits a bug in HP-UX 9 rpc.mountd program and gives you NFS file handles.
netcat (V1.10) - | Like Unix cat(1) but this one talks network packets (TCP or UDP).
NFS Shell - | This should be very useful if you have located an insecure NFS server.
pmcrash.c - | This allows you to crash ANY Livingston PortMaster by overflowing buffers.
pop3.c - | Attemps mulitple username/password guesses on machines running POP3.
psrace.c - | Exploits a race condition in Solaris, thus allowing you to make a root shell.
Root Kit - | Programs like ps, ls, & du that are modified to hide certain files & processes.
rpc_chk.sh - | Script to get a list of running hosts from a DNS nameserver for a given domain.
seq_number.c - | This is a program that exploits the TCP Sequence Number Generator bug.
asppp.txt - | On Solaris 2.5x86, /tmp/.asppp.fifo can make a world writeable .rhosts file.
kcms.txt - | Get root on Solaris 2.5 by exploiting /usr/openwin/bin/kcms_calibrate.
remove.c - | A universal utmp, wtmp, and lastlog editor that also compiles under AIX & SCO.
kmemthief.c - | If /dev/kmem is writeable by normal users, then this program will get you root.
slammer - | Slammer lets you issue arbitray commands on hosts by exploting yp daemons.
socket_demon13.zip - | Daemon that sits on a specified IP port and provides passworded shell access.
Solaris Sniffer - | This is a version of ESniff.c that has been modified for Solaris 2.X.
xpusher.c - | This is a neat way to send keyboard events to another user's X window.
xsnoop.c - | This program allows you to spy on another user's keyboard events like xkey.c
Strobe (V1.03) - | Scans TCP ports on a target host and reveals which daemons are running.
Tiger (V2.2.3) - | Tiger attemps to exploit known bugs, holes, and misconfigurations to attain root.
lquerylv.c - | Overwrites a buffer in /usr/sbin/lquerylv on AIX systems, thus giving a root shell.
Traceroute - | Traceroute is an indispensable tool for troubleshooting and mapping your network.
open_bug.txt - | On {Free,Open,Net}BSD, open() returns a file descriptor to a protected devices.
udpscan.c - | Identifys open UDP ports by sending bogus UDP packets and wait for responses.
portd.c - | A daemon that listens on a port and provides passworded shell access.
pingexploit.c - | This lets you send oversized ICMP packets from a unix box just like Win95.
checksyslog.tgz - | Analyze your system logs for security problems while ignoring normal behavior.
dosemu.txt - | On Debian v1.1, /usr/sbin/dos can be used to read any file on the system.
yaping.0.1.tgz - | Yet another ping for Linux. Packets of size > 65535 octets are supported.
xcrowbar.c - | Source code that gets you a pointer to an X Display even after an xhost -
xkey.c - | Attach to any X server you have permission to and watch the user's keyboard.
xwatchwin.tar.gz - | If you got access to another's X server,this shows the window on your X-server.
messages.sh - | Parses through /var/adm/messages to see if user typed password at login prompt.
FreeBSDmail.txt - | This exploit will overwrite a buffer on sendmail 8.6.12 running on FreeBSD 2.1.0.
securelib.tar.Z - | Shared library for SunOS 4.1 and later that will help protect your RPC daemons.
ypsnarf.c - | This handy little program will get you yp domain names, yp maps, and yp maplists.
ypx.tgz - | Guesses NIS domain namesand also extract the maps directly from domains.
ftp-scan.c - | This program exploits the ftp protocol to let you scan services on firewalls.
rdist-ex.c - | Writes past a buffer, straight onto the stack, giving a root shell on FreeBSD.
ttywatcher-1.1b.tgz - | ttywatcher lets a user monitor and interact with every tty on the system.
splitvt.c - | An older exploit for Linux that overwrites a buffer in /usr/bin/splitvt, giving root.
mount-ex.c - | All Linux versions are vulnerable to this buffer overflow attack on suid mount.
perl-ex.sh - | perl-ex.sh is a simple little sperl script that gives you a root shell via suidperl.
sndmail8.8.4.txt - | This will explain how to exploit sendmail version 8.8.4 to get root access.
irix-xhost.txt - | In the default setup on Irix, xhost is set to global access for console logins.
aix_bugfiler.txt - | On AIX 3.x, /lib/bugfiler can be used to circumvent file access restrictions.
mod_ldt.c - | Gives access to all of Linux's linear memory to user processes at will.
dipExploit.c - | Linux dip Exploit. Overwrite a buffer in do_chatkey(), thus giving you a root shell.
rexecscan.txt - | The rexecd can be used easily to scan the client host from the server host.
rpcs.01b.tar.gz - | This is program that is designed to scan subnets for rpc services.
rxvtExploit.txt - | Exploits a popen() call issued by rxvt on Linux machines, thus giving a root shell.
nfsbug.c - | Demonstates a security problem in unfsd guessing the file handle of the root FS.
abuse.txt - | Exploit for Red Hat 2.1 that gives a root shell by exploitng abuse.console.
xtermOverflo.c - | A program that overwrites a buffer in libXt.so while xterm is suid to root.
resolv+.exp - | Quick and Simple way to read the /etc/shadow file as well as many other things.
resizeExp.txt - | Another Red Hat 2.1 exploit for resizecons due to lack of absolute pathnames.
qcrack.tar.gz - | qcrack gives increased cracking speeds at the expense of disk space.
Linux rootkit - | A rootkit designed for Linux systems. Comes with ps, netstat, and login.
X webcomber - | A cool little tool that lets you search for things (like hacking) on the web.
gpm-exploit.txt - | This will get root on Linux systems using /usr/games/doom/killmouse.
pingflood.c - | This pings floods a host, thus wasting bandwidth and denying service.
telnetd exploit - | This will create a shared library that gives a root shell remotely or locally.
balk.pl - | This is a perl script that will mess up another's users tty using talk/ntalk.
wallflash.c - | This will mess up another user's tty remotely via remote write all (rwall).
pop3d exploit - | Read the contents of the mail spool of a user when they connect to in.popd.
popper.txt - | Some versions of (q)popper from qualcomm allow you to read other user's mail.
vif.tar.gz - | This code lets you have multiple IP addresses for a single interface.
amod.tar.gz - | Amodload is a tool which allows the loading of arbitrary code into SunOS kernels.
getethers1.6.tgz - | getthers scans all address on an ethernet and producing a hostname/ethernet list.
rootkitSunOS.tgz - | Here is another root kit designed for SunOS operating systems. Lots of cool stuff.
demonKit-1.0.tar.gz - | A suite of trojan programs opening back doors to root on a Linux system.
eviltelnetd - | telnet-hacked.tgz is a hacked telnet daemon that gives a root shell w/o password.
cfexec.sh - | This let's you issue arbitrary commands as root on GNU cfingerd 1.0.1.
NFS Problems - | Shows some potential problems with Linux in.nfsd concerning read-only exports.
cdromvuln.txt - | If Linux CD is mounted w/ suid flag, old exploits still work on live filesystem.
vixie.c - | On Redhat Linux systems this will overwrite a buffer in crontab, thus giving root.
linsniffer.c - | A Linux Sniffer that shows you incoming TCP packets on most ports.
rshd_problem.txt - | You can figure out valid usernames by examining the response from in.rshd.
linux_sniffer.c - | Another Linux sniffer much like the one above. Shows more detailed TCP info.
sniffit.0.3.5.tar.gz - | A very flexible network sniffer that has many interesting features (like curses).
Sol2.4Core.txt - | Solaris 2.4 exploit that lets you to overwrite files when a suid prog. core dumps.
SolAdmtool.txt - | On Solaris 2.5, the Admintool can be used to create a writeable /.rhosts file.
irix-netprint.txt - | On IRIX, /usr/lib/print/netprint calls 'disable' without specifying absolute path.
SYNpacket.tgz - | Floods a port with TCP packets w/ SYN bit turned on causing inetd to segment.
login_trojan.c - | A login trojan program to be run at the console to get other user's passwords.
phf.c - | A quick way to scan for hosts that still have the phf bug which gives /etc/passwd.
phfprobe.pl - | This tries to find out as much information about the person calling phf as possible.
SYNWatch.tar.gz - | This program watches for TCP packets with the SYN bit turned on.
pinglogger.tar.gz - | Logs all ICMP packets to a log file so you can see who is ping flooding you.
screen.txt - | On BSDi boxes, you can use /usr/contrbi/bin/screen to read /etc/master.passwd.
ftpBounceAttack - | Implementation of the ftp Bounce Attack allowing you to anonymously do things.
grabem.c - | A very simple program to get passwords from users logging in on the console.
tcpview.c - | Another sniffer type program designed for Sun OS 4.1 architectures using /dev/nit.
pcnfsd.c - | Allows local users to chmod arbitrary directories on hosts running pcnfsd.
netcraft.tgz - | Contains various (and older) web security issues and exploits from Netcraft.
superforker.c - | This is a supercharged version of the classic fork() denial of service attack.
tripwire-1.2.tgz - | Creates a signature of binary files, and checks to see if these file were modified.
tcpr-1.3.tar.gz - | Set of perl scripts that let you to run ftp and telnet commands across a firewall.
syslogFogger.c - | This allows you to write to system logging facilites via UDP packets to port 514.
ypbreak.c - | Lets you change your username, password, gecos, or shell via yppasswd daemon.
hdtraq.c - | This runs as a daemon and purportedly creates bad sectors on a hard drive.
finger_attack.txt - | By recursively fingering a host, you can cause a possible crash of in.fingerd.
logdaemon.tar.gz - | Version 5.6 of a suite of tcp/ip programs that enhance network system logging.
suTrojan.c - | A replacement program for su that mails you when an attempt to su is made.
sigurg.c - | This code allows up to kill any process on Linux boxes running older kernels.
sushiPing.c - | On Sun OS 4.x, this trojan ping gives you a root shell when you make a triggerfile.
webgais.txt - | This will explain how to issue shell commands remotely using /cgi-bin/webgais.
sushiQuota.c - | Another trojan for Sun 4 machines that is trigger with a triggerfile.
swap-uid.c - | On Solaris, an I_PUSH call on an open tty followed by lseek() gived euid=0.
pcs.tgz - | A libpcap based sniffer that supports multiple interfaces as well as PPP.
sfingerd-1.8.tgz - | A replacement for the standard unix finger daemon designed for security.
snifftest.c - | snifftest.c will try to tell you if a sniffer is running on Sun machines.
IPInvestigator.tgz - | IPIvestigator is another sniffer that lets you watch traffic between machines.
gnmp.tar.gz - | Generic Network Message Passing is a simple client server messaging system.
irixmail.sh - | This is an exploit shell script that will give a root shell on IRIX systems.
lpr Exploit - | This small program exploit the suid root lpr program giving root.
Xfree86 Exploit - | There is a problem with XFree86 3.1.2 that lets you overwrite files.
wipehd.asm - | Assembly Language program that will remove the first 10 sectors of a hardrive.
minicom.c - | This is an exploit for minicom on Linux systems that will overwrite a buffer.
sam.txt - | On HP-UX, the System Administration Manager (sam) can truncate files.
DenialofService - | zip file illustrating five simple denial of service attacks on a unix.
xspy.tar.gz - | xspy is a program that will make user's logins appear on your display.
scan.sh - | This is a perl script that scans subnets and reports if rexd or ypserv is running.
xscan.tar.gz - | scans subnets for unsecured X clients and automatically logs results.
BSDcron-ex.c - | BSD cron exploit. This program overruns a buffer, giving root access.>
OSF1_dxchpwd - | On OSF1, /usr/tcb/bin/dxchpwd can be used to overwrite any file on the system.
bindExploit.txt - | Setting SO_REUSEADDR and calling bind allows user to steal udp packets.
cloak.c - | This program wipes all traces of a user from a UNIX system.
convfontExploit.sh - | Script that exploits /usr/bin/convfont on Linux systems to get root access.
ipspoof.c - | This program demonstrates how to send arbitrary tcp/ip packets.
marry.c - | This program is a log editor with lots of interesting features.
juju.c - | This is an ICMP-router type program that will redirect ICMP packets.
redirect.c - | This program is a generic ICMP redirect sender for Solaris machines.
portscan.c - | A Linux port scanner that reports the services running on another host.
dumpExploit.txt - | On Linux systems /sbin/dump can be used to read arbitrary files.
fingerd.c - | This program is another finger type daemon trojan program.
ttysurf.c - | This program listens on ttys and tries to get login and passwords.
ttystuff.c - | This program let's you input commands into another user's terminal.
generic_buffer.tgz - | Generic buffer overrun program for Linux, SunOS, and Solaris.
linux_lpr.c - | This program overwrites a buffer in the suid program lpr, thus giving a root shell.
SunOS_user.txt - | On SunOS, chsh and chfn use getenv("USER") to validate userid of the caller.
kill_inetd.c - | This program causes denial of service by attacking inetd. Runs on Linux systems.
grabBag.tgz - | Tons of old and miscellaneous exploits from different versions of unix.
wu-ftpd.sh - | This shell script lets you create a file anywhere on the system.
sol_mailx.txt - | An old security hole in /usr/bin/mailx still exists in the mailx on Solaris 2.5
oracle.txt - | Discusses a denial of service attack against older versions of Oracle Webserver.
hp_stuff.tgz - | Lots of exploits for HP/UX from the Scriptors of Doom.
hpjetadmin.txt - | hpjetadmin can be tricked giving away root by a writeable .rhosts file.
irix-buffer.txt - | IRIX buffer overruns for df, eject, /sbin/pset, /usr/bsd/ordist, and xlock.
irix-xterm.c - | This will overwrite a buffer in xterm on IRIX systems, giving a root shell.
irix-iwsh.c - | This will overwrite a buffer in /usr/sbin/iwsh on IRIX 5.3, giving root access.
irix-printers.c - | This will overwrite a buffer in /usr/sbin/printers on IRIX systems giving root.
spaceball.txt - | spaceball.sh can be exploited to give a setuid root shell on IRIX 6.2 boxes.
flash.c - | Messes up user's terminals by issuing a talk request with vt100 escape chars.
modstat.c - | This program will overrun a buffer in /usr/bin/modstat on FreeBSD systems.
ping_bug.txt - | Users of pine can overwrite any file in their home directory despite permissions.
pine_exploit.sh - | This script is an exploit for pine. It can be used to create .rhosts files.
view_source.txt - | On some httpd distributions, /cgi-bin/view-source can be used to read files.
sendmail-ex.sh - | This is an exploit script for sendmail 8.7-8.8.2 for FreeBSD and Linux. Gives root.
smh.c - | smh.c is an exploit for sendmail 8.6.9. It gives a bin owned setuid shell.
rlogin_exploit.c - | This overwrites a buffer in gethostbyame() on Solaris 2.5.1, giving a root shell.
octopus.c - | A denial of service attack by opening tons of connections to a remote host.
expect_bug.txt - | Expect does not make handles to pseudo tty's inaccessable to other processes.
html.txt - | Shows interesting links to put in your HTML pages causing denial of service.
autoreply.txt - | autoreply(1) can be used to create root owned files with a mode of 666.
bdexp.c - | On older versions of Linux, this will overwrite a buffer in suid bdash, giving root.
irix-csetup.txt - | Get root on IRIX via /usr/Cadmin/bin/csetup in conjunction with /usr/sbin/sgihelp.
solsocket.txt - | On Solaris-x86 2.5, any normal user can connect to unix domain sockets.
lemon25.c - | Exploit for Solaris 2.5.(1) that overwrites a buffer in passwd, giving root access.
reflscan.c - | Another TCP port scanner that escapes logging by using half open connections.
yp.txt - | On YP systems, when a password expires, the old password is not required.
bsd_core.txt - | On BSDi 3.x, users arbitrarly write files with binary data, but not overwrite them.
ffbconfig-ex.c - | This program overwrites a buffer in /usr/sbin/ffbconfig on Solaris 2.5.1 giving root.
FreeBSD-ppp.c - | This will overwrite a buffer in pppd on FreeBSD systems, giving a root shell.
sol-license.txt - | On Solaris 2.4, if the license manager is running, root can be obtained.
sparc_cpu.txt - | Compiling main(){while(1);} with optimizations turned on will hose a sparc.
lin-pkgtool.txt - | This file explains how to get root on Linux system with the pkgtool program.
startmidi.txt - | On IRIX systems, startmidi can be exploited to obtain root privileges.
linux_rcp.txt - | On Linux, if you have access to uid 65535 (nobody), then root can be obtained.
doomsnd.txt - | This will get root on Linux systems by exploiting the doom sndserver.
solaris_ps.txt - | Exploit /usr/bin/ps and /usr/ucb/ps on Solaris systems, giving root access.
dec_osf1.sh - | Exploits /usr/sbin/dop on DEC unix 4.0, 4.0A, and 4.0B, giving a root shell.
tcp_wrapper.tgz - | Version 7.5 of the tcp/ip wrapper for inetd. (Does logging and monitoring).
rpcbind_1.1.tgz - | This is an rpcbind replacement that includes tcp wrapper style access control.
breaksk.txt - | Netscape's server key format is susceptible to dictionary attacks. |
IP-spoof.txt - | Examples and text on the art of IP spoofing. (For Linux 1.3.x kernels). |
irix-dataman.txt - | This file show how to exploit dataman on irix system to obtain root access.
irix-fsdump.txt - | This is an exploit for /var/rfindd/fsdump that gives root on irix systems.
| 