indexdate.shtml

一个FTP密码破解程序的源代码

<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/briiis-1.pl>briiis-1.pl</a></td><td class=fl align=center width=10>10133</td><td class=fl align=center nowrap><nobr>Jul 19 2001 17:13:19</nobr></td><td class=fl align=center width=10>612717b92fc58a8c3aa69e838872170e</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Briis-1.pl is a unicode / decode IIS attack tool which includes SSL support under Linux. Features many checks for CMD.EXE, Caches the found directory, SSL support with SSLeay (Unix), Easy to use text file upload, Easy to use / encoding option, Relative path name program execution, and Virtual host support. More info available <a class=fd href="http://www.securityfocus.com/archive/1/190898">here.</a> By <a class=fd href="mailto:ian.vitek@ixsecurity.com">Ian Vitek</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/ktv.sh>ktv.sh</a></td><td class=fl align=center width=10>1822</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:59:25</nobr></td><td class=fl align=center width=10>e7386b4de150129eee315ee540b989bc</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Ktvision v0.1.1-271 and below symlink local root exploit. Tested against SuSE 7.1. By <a class=fd href="mailto:IhaQueR@IRCnet">Ihaquer</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/ttawebtop.html>ttawebtop.html</a></td><td class=fl align=center width=10>610</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:54:16</nobr></td><td class=fl align=center width=10>3c05d637d7955fb852fe1c1ec31d1681</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Tarantella 3.01 ttawebtop.cgi "show files" exploit. '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retrieve files from remote sever, which should not be accessible normally. Exploit URL included. By <a class=fd href="mailto:dotslash@snosoft.com">KF</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/filter-xpl.c>filter-xpl.c</a></td><td class=fl align=center width=10>2027</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:50:05</nobr></td><td class=fl align=center width=10>ac0593f66f87f941019423787bd8fce7</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>/usr/local/bin/filter local exploit. Gives GID=mail. More information available <a class=fd href="http://www.tao.ca/fire/bos/0354.html"here.</a> Tested against Slackware 3.1. Exploits the nlspath buffer overflow. By <a class=fd href="mailto:vali@lhab.soroscj.ro">_Phantom_</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/sig.c>sig.c</a></td><td class=fl align=center width=10>1752</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:46:13</nobr></td><td class=fl align=center width=10>e9b50e27f1042cfbac603ed819ac6420</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>FreeBSD 3.1 - 4.3 local root exploit - Uses the signal condition vulnerability discovered by G. Guninski. By Lamerboy.</td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/QDAV-2001-7-3>QDAV-2001-7-3</a></td><td class=fl align=center width=10>1896</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:13:43</nobr></td><td class=fl align=center width=10>ccfd18fc1da76e132dea511b4220808d</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>qDefense Advisory Number QDAV-2001-7-3 - Interactive Story does not properly validate the contents of a hidden field entitled "next". By setting that field to the name of a file, and using double dots and poison nulls, an attacker can cause Interactive Story to display the contents of any file. Exploit URL included. &nbsp;Homepage: <a class=fd href=http://qDefense.com target=newbrowser>http://qDefense.com.</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/sneaky2.sh>sneaky2.sh</a></td><td class=fl align=center width=10>12487</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:10:26</nobr></td><td class=fl align=center width=10>25055226b0a890073e135c5b546d136f</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Sneaky2.sh is a swiss army knife for Hotmail/Messenger. Implements Spoofing/brute force/misconception/unexpected input Class Attacks. Will spoof Hotmail/messenger server to recover user hotmail/password, crash messenger client, remotely inject and execute malicious exe on the victim host. &nbsp;Homepage: <a class=fd href=http://www.securite-internet.com target=newbrowser>http://www.securite-internet.com.</a> By Gregory Duchemin</td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/slackware.init.txt>slackware.init.txt</a></td><td class=fl align=center width=10>2582</td><td class=fl align=center nowrap><nobr>Jul 18 2001 02:06:29</nobr></td><td class=fl align=center width=10>da683d52f3f0072dc6963928eed7696f</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Slackware 8.0 local root exploit - Creates a suid shell when "modprobe lp" is run from the startup scripts. By <a class=fd href="mailto:josh@pulltheplug.com">Josh</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/sr.pl>sr.pl</a></td><td class=fl align=center width=10>3907</td><td class=fl align=center nowrap><nobr>Jul 18 2001 01:47:37</nobr></td><td class=fl align=center width=10>64a69339c5b64edbad5cc889a991464a</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Checkpoint Firewall-1's SecureRemote allows any IP to connect and download sensitive network information. This perl script gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions). &nbsp;Homepage: <a class=fd href=http://www.sensepost.com target=newbrowser>http://www.sensepost.com.</a> By <a class=fd href="mailto:haroon@sensepost.com">Haroon Meer & Roelof Temmingh</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/cfingerd.c>cfingerd.c</a></td><td class=fl align=center width=10>22161</td><td class=fl align=center nowrap><nobr>Jul 17 2001 23:34:09</nobr></td><td class=fl align=center width=10>d764f4c05c80af0f321c878876a84804</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Cfingerd v1.4.3 remote root exploit for Linux. Binds to port 113 and sends bogus ident information. &nbsp;Homepage: <a class=fd href=http://security.is target=newbrowser>http://security.is.</a> By <a class=fd href="mailto:teddi@linux.is">Digit</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/qflood.c>qflood.c</a></td><td class=fl align=center width=10>6903</td><td class=fl align=center nowrap><nobr>Jul 17 2001 17:58:58</nobr></td><td class=fl align=center width=10>7588a0c0ef179e78557b962a95c75291</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Qflood.c fills up a Quake server with spoofed "unconnected" clients, disallowing other players the ability to connect to the server since the player limit fills up quickly. Additionally, if the server does not support multiple clients from the same IP address, it will disconnect legitimate players if the spoofed connection request matches that player. By <a class=fd href="mailto:_k3nny@Efnet">Andy Gavin</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/slackware.man.c>slackware.man.c</a></td><td class=fl align=center width=10>2216</td><td class=fl align=center nowrap><nobr>Jul 17 2001 17:55:38</nobr></td><td class=fl align=center width=10>c1c8ef9823405a020ea2cc19d098e213</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Slackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man. By <a class=fd href="mailto:josh@pulltheplug.com">Josh</a>, <a class=fd href="mailto:lockdown@lockeddown.net">Lockdown</a>, <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/ml85p.sh>ml85p.sh</a></td><td class=fl align=center width=10>1751</td><td class=fl align=center nowrap><nobr>Jul 17 2001 17:43:02</nobr></td><td class=fl align=center width=10>27106ddc98e2b944324483817b655184</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default. By <a class=fd href="mailto:suid@sneakerz.org">Suid</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/xxman.sh>xxman.sh</a></td><td class=fl align=center width=10>832</td><td class=fl align=center nowrap><nobr>Jul 17 2001 17:39:08</nobr></td><td class=fl align=center width=10>631ac7297588dc7496aa411184167887</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Xxman.sh is a local root exploit for an insecure system call in xman. &nbsp;Homepage: <a class=fd href=http://www.realhalo.org target=newbrowser>http://www.realhalo.org.</a> By <a class=fd href="mailto:v9@realhalo.org">Vade79</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/xdm-cookie-exploit.c>xdm-cookie-exploit.c</a></td><td class=fl align=center width=10>6142</td><td class=fl align=center nowrap><nobr>Jul 12 2001 15:26:04</nobr></td><td class=fl align=center width=10>cb62c9d2e6db81932cda010ba727d2a0</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Current versions of xdm are sensitive to trivial brute force attack if it is compiled with bad options, mainly HasXdmXauth. Without this option, cookie is generated from gettimeofday(2). If you know starting time of xdm login session, computation of the cookie just takes a few seconds. By <a class=fd href="mailto:ntf@epita.fr">Ntf</a>, <a class=fd href="mailto:sky@epita.fr">Sky</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/nerf.iis.dos.txt>nerf.iis.dos.txt</a></td><td class=fl align=center width=10>1136</td><td class=fl align=center nowrap><nobr>Jul 12 2001 06:39:19</nobr></td><td class=fl align=center width=10>86ac77030b990207e5472ee62b0bd790</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Nerf Group Security Advisory #4 - Microsoft IIS 4 and 5 can be crashed remotely by reading device files (com1, com2, etc). Exploit URL included. &nbsp;Homepage: <a class=fd href=http://www.nerf.ru target=newbrowser>http://www.nerf.ru.</a> By <a class=fd href="mailto:buggzy@nerf.ru">Buggzy</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/ldap_exp2.c>ldap_exp2.c</a></td><td class=fl align=center width=10>2818</td><td class=fl align=center nowrap><nobr>Jul 12 2001 06:35:25</nobr></td><td class=fl align=center width=10>fdb9fe8c09fcd1a59d191b3a276848d3</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Solaris 5.8 ldap / passwd local root exploit. Tested on SunOS 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-60. By <a class=fd href="mailto:fygrave@tigerteam.net">Fyodor</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/lmail-xpl.c>lmail-xpl.c</a></td><td class=fl align=center width=10>2014</td><td class=fl align=center nowrap><nobr>Jul 12 2001 06:26:25</nobr></td><td class=fl align=center width=10>7f9da8c5028c2fd49aa9c8210d25ec8d</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>lmail local root exploit. Simply run it with the file you want to create/overwrite and the data you wish to place in the file. By <a class=fd href="mailto:core@ezlink.com">Charles Stevenson</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/cobalt.webmail.txt>cobalt.webmail.txt</a></td><td class=fl align=center width=10>774</td><td class=fl align=center nowrap><nobr>Jul 12 2001 06:01:17</nobr></td><td class=fl align=center width=10>73faac454049acd5190bea40a1ba809a</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well. By <a class=fd href="mailto:dotslash@snosoft.com ">KF</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/whodo-ex.c>whodo-ex.c</a></td><td class=fl align=center width=10>2500</td><td class=fl align=center nowrap><nobr>Jul 12 2001 05:58:37</nobr></td><td class=fl align=center width=10>82dffcd2065e49a4222ebc5c8dbea224</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86. By <a class=fd href="mailto:psor@ccc.uba.a">Pablo Sor</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/libsldap-exp.c>libsldap-exp.c</a></td><td class=fl align=center width=10>2358</td><td class=fl align=center nowrap><nobr>Jul 12 2001 05:46:28</nobr></td><td class=fl align=center width=10>7fb624eef82b60ad70c6ccf9b601a763</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Solaris 8 libsldap local root exploit. Tested on an Ultra10 and an Enterprise 3500 with success. By <a class=fd href="mailto:noir@gsu.linux.org.tr">Noir</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/vvfreebsd.txt>vvfreebsd.txt</a></td><td class=fl align=center width=10>3901</td><td class=fl align=center nowrap><nobr>Jul 12 2001 01:51:40</nobr></td><td class=fl align=center width=10>2d223327e13a25c1742fe30e2fda51ba</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Georgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit. &nbsp;Homepage: <a class=fd href=http://www.guninski.com target=newbrowser>http://www.guninski.com.</a> By <a class=fd href="mailto:guninski@guninski.com">Georgi Guninski</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/tstot.c>tstot.c</a></td><td class=fl align=center width=10>10102</td><td class=fl align=center nowrap><nobr>Jul 12 2001 01:13:12</nobr></td><td class=fl align=center width=10>84f0f17bc976e6b8be69bacaeb5bf596</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available <a class=fd href="http://www.securityfocus.com/archive/1/195792">here.</a> By <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/cayman.txt>cayman.txt</a></td><td class=fl align=center width=10>344</td><td class=fl align=center nowrap><nobr>Jul 12 2001 00:36:59</nobr></td><td class=fl align=center width=10>9cc90717d2cfb63a71c77417f014dbca</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Cayman routers allow remote access by using } as the username. By <a class=fd href="mailto:rhandorf@mail.russells-world.com">Russell Handorf</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/cfingerd0x69.c>cfingerd0x69.c</a></td><td class=fl align=center width=10>5647</td><td class=fl align=center nowrap><nobr>Jul 12 2001 00:28:25</nobr></td><td class=fl align=center width=10>4b97d06d5fd883f3f606f5c5bab3b932</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Cfingerd v1.4.3 and below Linux/x86 local root buffer overflow exploit. By <a class=fd href="mailto:qitest1@cercaband.com">Qitest1</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/ibm.db2.dos.txt>ibm.db2.dos.txt</a></td><td class=fl align=center width=10>491</td><td class=fl align=center nowrap><nobr>Jul 12 2001 00:26:20</nobr></td><td class=fl align=center width=10>f4b462d2987f201a50bd03e6f68934fd</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>IBM db2 for Windows (98/NT/2000) is vulnerable to a simple remote denial of service attack via db2ccs.exe (listening on port 6790) and db2jds.exe (port 6789). By <a class=fd href="mailto:gilles.lami@hays-dsia.fr">Gilles</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/cfingerd-exploit.pl>cfingerd-exploit.pl</a></td><td class=fl align=center width=10>4227</td><td class=fl align=center nowrap><nobr>Jul 12 2001 00:07:46</nobr></td><td class=fl align=center width=10>7deade15eef46381573d4b4220a005e0</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Cfingerd v1.4.3 and below local root buffer overflow exploit in perl. Exploits <a class=fd href="http://www.securityfocus.com/archive/1/192844"this</a> vulnerability. &nbsp;Homepage: <a class=fd href=http://www.digit-labs.org/teleh0r target=newbrowser>http://www.digit-labs.org/teleh0r.</a> By <a class=fd href="mailto:teleh0r@digit-labs.org">Telehor</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/mcaffee.mycio.traversal.txt>mcaffee.mycio.traver..></a></td><td class=fl align=center width=10>2559</td><td class=fl align=center nowrap><nobr>Jul 12 2001 00:04:18</nobr></td><td class=fl align=center width=10>3dda84290792822ead2aa88636a565b1</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>McAffee's MyCIO directory traversal vulnerability - Any machine running McAffee Agent ASaP VirusScan Software is vulnerable to a remote vulnerability which allows any file on the machine to be read. This software incorporates what is known as "Rumor Technology" that facilitates in the transfer of virus definitions between neighboring machines. This agent software runs as a service ("McAfee Agent") under the local system account and uses a light weight HTTP server that listens on TCP port 6515. Exploit URL included. By <a class=fd href="mailto:ade245@hushmail.com">Ade245</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/idcf.c>idcf.c</a></td><td class=fl align=center width=10>2877</td><td class=fl align=center nowrap><nobr>Jul 11 2001 23:58:58</nobr></td><td class=fl align=center width=10>127d493b92791085586c97eff83512dc</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger. By <a class=fd href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/QDAV-2001-7-1>QDAV-2001-7-1</a></td><td class=fl align=center width=10>11799</td><td class=fl align=center nowrap><nobr>Jul 11 2001 23:31:41</nobr></td><td class=fl align=center width=10>454c4032e3ae794c228b5636ca6399ae</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters. &nbsp;Homepage: <a class=fd href=http://qDefense.com target=newbrowser>http://qDefense.com.</a></td></tr>
<tr bgcolor=#CCCCCC><td class=fl><a class=fl href=/0107-exploits/kppp.c>kppp.c</a></td><td class=fl align=center width=10>3279</td><td class=fl align=center nowrap><nobr>Jul 11 2001 00:55:47</nobr></td><td class=fl align=center width=10>62c2590edd286ebb913f7a78b60441ad</td></tr><tr bgcolor=#003366><td colspan=4 class=fd>Kppp (/usr/local/kde/bin/kppp) v1.1.2 and below local exploit. Tested against x86 and Sparc Linux. &nbsp;Homepage: <a class=fd href=http://nbs.extremenetworking.net target=newbrowser>http://nbs.extremenetworking.net.</a> By <a class=fd href="mailto:smashstack@hushmail.com">Smashstack</a>, <a class=fd href="mailto:doom@sekurity.net">Doom</a></td></tr>
</table></td></tr></table></td></tr></table></td></tr></table><p>
<table border=0 width=90% bgcolor=#000000><tr><td class=name height=10 colspan=4><img src=/images/spacer.gif></td></tr>
<tr><td class=name height=10 colspan=4><img src=/images/spacer.gif></td></tr>
<tr><td class=name align=left colspan=4>&nbsp;</td></tr>
<tr><td class=name align=left colspan=4>&nbsp;</td></tr>
<tr><td class=small align=center><a class=small href=/privacy.html>Privacy Statement</a></td></tr>
<tr><td class=name align=left colspan=4><a href=#top><img border=0 src=/images/top.gif></a></td></tr>
</table>
</body>
</html>