intelled.c - * 2008-08-13 * IntelliTamper versions 2.07 and 2.08 Beta 4 "A HREF" remote buffer overflow exploit.
dnscp.py - * 2007-08-01 * Bind9 ID Prediction - Proof of Concept
utilmaned1.c - 2004-07-17 Back again with a cutie exploit, it avoids losing time with password sniffing/cracking :).The exploit executes a shell through utilman.exe with SYSTEM priviliges. Use it from a graphic interface (rdp/vnc/radmin/etc) or directly with physical access.
netstat-lapute.patch - 2004-03-18
PSOProxy.c - 2004-02-21
ldaped.c - 2004-02-19 Universal exploit for iMail v8.05 LDAP service (iLDAP.exe v184.108.40.206).Works on winXP and win2k. More information can be found in the source code.
robotised.c - 2004-02-18 So, the most interesting thing is how to make it become universal, writing 'jmp esp's in memory.. I don't think it will work on many circumstances, like what the server is doing, how many people is logged on, the connections limit, etc.. But I think we can find a nice ret value, based on how many connections were successfull, or doing something to always have our FFE4 (jmp esp) at a fixed place in memory.
mykralor-v1.0.rar - 2004-02-09 mykralor will let you send a file to a mydoom.a infected host. This file can't be larger than 1599 bytes. The limitation isn't in mydoom.a but in mykralor. 1599 bytes are enough to prove it is an infected host. For this I've coded rsCRT.
rsCRT-v1.0.rar - 2004-02-08 rsCRT will build a reverse remote shell EXECUTABLE with dest IP/PORT of your choice. The size of the EXE generated will be 1'536 bytes (1.5kb). It uses PEB to get the API functions offsets.When launched it will connect to the configured IP/PORT and give a shell. It is all coded in asm..
SwitchOff.c - 2004-01-08
openssh-3.5p1_crpt.patch - 2004-01-07 A .diff file easy to apply for openssh-3.5p1 to backdoor it. Instructions for install in disclaimer.
DameWeird.c - 2003-12-20 8 of 10 win2k hosts tested successfully exploited. It works for winXP too but with 3 variants, the 0 and 1 are the most commun, 2 was reported only by one winXP sp0.No variants for win2k 'cause the ret addr found works at 80% :P
eZXploit.perl - 2003-12-18
ms03-043.c - 2003-12-16 Exploit for Messenger Service. Exploit multiplatform (Compiled on Mandrake 9.0 and Win32). Tested on Win2K SP0.
DDcute-v1.c - 2003-11-08 This program permit to decrypt ftp password saved in the prog CuteFTP. CuteFTP is a ftp client.
mrinfo2k.c - 2003-09-03 mrinfo.exe exploit for win2k only (winXP causes an exception when it jumps to the jmp esp offset [in comctl32.dll] why ?). EDUCATIONAL PURPOSE ONLY DOESN'T GIVE ANY ADMIN RIGHTS
ogm-evolution.rar - 2003-09-02
iisantidote-v.1.rar - 2003-04-25 IISAntidote. Use it to clean the log. Can clean IP or Strings in the logfile (default logfile in ...\\system32\\logfiles)
iisantidote-v.2.rar - 2003-04-25 IISAntidote. Use it to clean the log. Can clean IP or Strings in the logfile (default logfile in ...\\system32\\logfiles) Clear all the *.log in a directory and a stop option for iis, run it without any argument for the syntaxe help.
xwbf-v0.2.rar - 2003-04-03 Features : Graphic User Interface, nonblocking sockets. Options : Custom pads, bruteforce pads
xwbf-v0.3.rar - 2003-04-03 (v0.3 bugs : restart the app after 1 scan.) Features : Graphic User Interface, nonblocking sockets. Options : Custom pads, bruteforce pads Suppose it is a SP0 option, target port, checks if ntdll contains the buffer overflow.
wb.c - 2003-03-30 The ntdll.dll exploit through WebDAV (on all win2k IIS 5.0). Compiles on windows (take off the WSAStartup, change the closesocket,change headers and it will run on linux boxes). It will give a shell on a listen port.
webdav.xpn.rar - 2003-03-30 For x-scan that scans for IIS 5.0 servers with webdav enabled, get x-scan at http://www.xfocus.org
[Coromputer Copyright © 2000-2020 All Rights Reserved]