indexdl.shtml

一个FTP密码破解程序的源代码

 
 <tr height=20 bgcolor=#999999><td height=20 colspan=9 valign=center nowrap><center><font face=verdana size=1><b><A class=top href="/pssabout.html">about</a> | <A class=top href="http://209.100.212.5/cgi-bin/cbmc/forums.cgi">forums</a> | <A class=top href="/assess.html">assessment</a> | <A class=top href="/defense.html">defense</a> | <A class=top href="/papers.html">papers</a> | <A class=top href="/magazines.html">magazines</a> | <A class=top href="/misc.html">miscellaneous</a> | <A class=top href="/links.html">links</a></b></font></center></td></tr>
 
 <tr height=1 bgcolor=#666666><td colspan=9><spacer type=block height=1 width=1></td></tr>
 <tr height=1 bgcolor=#333333><td colspan=9><spacer type=block height=1 width=1></td></tr>
 <tr height=4 bgcolor=#000000><td colspan=9><spacer type=block height=4 width=1></td></tr>
 </table>
 </form>
 <center>
<p><br><p><table border=0 cellspacing=1 cellpadding=2 width=90% align=left cols=4>
<tr><td class=header bgcolor=black colspan=4 align=left>
</td></tr>
<tr><td colspan=2 valign=bottom align=left class=name></td>
<td class=title bgcolor=black colspan=2 width=100% valign=bottom align=right>
<p><font class=small>To Change Sort Order, Click On A Category.</font><br>Sorted By: Downloads.</td></tr>
<tr>
<td class=title bgcolor=#333399 align=left><a class=title href=http:///0107-exploits/index.shtml>File Name</a></td>
<td class=title bgcolor=#333399 align=center><a class=title href=http:///0107-exploits/indexdl.shtml>Downloads</a></td>
<td class=title bgcolor=#333399 align=center><a class=title href=http:///0107-exploits/indexsize.shtml>File Size</a></td>
<td class=title bgcolor=#333399 align=center nowrap><a class=title href=http:///0107-exploits/indexdate.shtml>Last Modified</a></td>
<td class=title bgcolor=#333399 align=center>MD5 Checksum</td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/sneaky2.sh">sneaky2.sh</a></td><td class=size bgcolor=#333366 align=center>12487</td><td class=date bgcolor=#444477 align=center>Jul 18 02:10:26 2001</td>
<td class=name bgcolor=#444477 align=center>25055226b0a890073e135c5b546d136f</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Sneaky2.sh is a swiss army knife for Hotmail/Messenger. Implements Spoofing/brute force/misconception/unexpected input Class Attacks. Will spoof Hotmail/messenger server to recover user hotmail/password, crash messenger client, remotely inject and execute malicious exe on the victim host. &nbsp;Homepage: <a href=http://www.securite-internet.com target=newbrowser>http://www.securite-internet.com.</a> By Gregory Duchemin</td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/briiis-1.pl">briiis-1.pl</a></td><td class=size bgcolor=#333366 align=center>10133</td><td class=date bgcolor=#444477 align=center>Jul 19 17:13:19 2001</td>
<td class=name bgcolor=#444477 align=center>612717b92fc58a8c3aa69e838872170e</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Briis-1.pl is a unicode / decode IIS attack tool which includes SSL support under Linux. Features many checks for CMD.EXE, Caches the found directory, SSL support with SSLeay (Unix), Easy to use text file upload, Easy to use / encoding option, Relative path name program execution, and Virtual host support. More info available <a href="http://www.securityfocus.com/archive/1/190898">here.</a> By <a href="mailto:ian.vitek@ixsecurity.com">Ian Vitek</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/ml85p.sh">ml85p.sh</a></td><td class=size bgcolor=#333366 align=center>1751</td><td class=date bgcolor=#444477 align=center>Jul 17 17:43:02 2001</td>
<td class=name bgcolor=#444477 align=center>27106ddc98e2b944324483817b655184</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default. By <a href="mailto:suid@sneakerz.org">Suid</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/qflood.c">qflood.c</a></td><td class=size bgcolor=#333366 align=center>6903</td><td class=date bgcolor=#444477 align=center>Jul 17 17:58:58 2001</td>
<td class=name bgcolor=#444477 align=center>7588a0c0ef179e78557b962a95c75291</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Qflood.c fills up a Quake server with spoofed "unconnected" clients, disallowing other players the ability to connect to the server since the player limit fills up quickly. Additionally, if the server does not support multiple clients from the same IP address, it will disconnect legitimate players if the spoofed connection request matches that player. By <a href="mailto:_k3nny@Efnet">Andy Gavin</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/attqt.pl">attqt.pl</a></td><td class=size bgcolor=#333366 align=center>2823</td><td class=date bgcolor=#444477 align=center>Jul 23 12:20:12 2001</td>
<td class=name bgcolor=#444477 align=center>3215b593ce0c0f6a1dfd711c637436be</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Attqt.pl is a tool for sending banned attachments through SMTP gateways by adding an invalid character to the filename. This is known to work on MailMarshall and TrendMicro Scanmail, others are probably vulnerable. By <a href="mailto:aidan.ok@oceanfree.net">Aidan</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/squidmap.pl">squidmap.pl</a></td><td class=size bgcolor=#333366 align=center>1499</td><td class=date bgcolor=#444477 align=center>Jul 29 03:30:54 2001</td>
<td class=name bgcolor=#444477 align=center>3072c26d039e563fde8246ed1e61f590</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Squid can be used to port scan if set up as a httpd accelerator (reverse proxy). Tested on Redhat 7.0. By <a href="mailto:pnasrat@uk.now.com">Paul Nasrat</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/xxman.sh">xxman.sh</a></td><td class=size bgcolor=#333366 align=center>832</td><td class=date bgcolor=#444477 align=center>Jul 17 17:39:08 2001</td>
<td class=name bgcolor=#444477 align=center>631ac7297588dc7496aa411184167887</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Xxman.sh is a local root exploit for an insecure system call in xman. &nbsp;Homepage: <a class=fd href=http://www.realhalo.org target=newbrowser>http://www.realhalo.org.</a> By <a class=fd href="mailto:v9@realhalo.org">Vade79</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/QDAV-2001-7-1">QDAV-2001-7-1</a></td><td class=size bgcolor=#333366 align=center>11799</td><td class=date bgcolor=#444477 align=center>Jul 11 23:31:41 2001</td>
<td class=name bgcolor=#444477 align=center>454c4032e3ae794c228b5636ca6399ae</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters. &nbsp;Homepage: <a href=http://qDefense.com target=newbrowser>http://qDefense.com.</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/mambo_advisorie.txt">mambo_advisorie.txt</a></td><td class=size bgcolor=#333366 align=center>2945</td><td class=date bgcolor=#444477 align=center>Jul 26 12:04:43 2001</td>
<td class=name bgcolor=#444477 align=center>407a1020f4107e848ced585227bc294c</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>The Mambo Site Server v3.0.0 - 3.0.5 contains a vulnerability which allows users to gain administrative privileges by changing global variables via URL parsing. &nbsp;Homepage: <a href=http://www.reverseonline.com target=newbrowser>http://www.reverseonline.com.</a><a href="mailto:postmaster@reverseonline.com">Ismael Peinado Palomo</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/idcf.c">idcf.c</a></td><td class=size bgcolor=#333366 align=center>2877</td><td class=date bgcolor=#444477 align=center>Jul 11 23:58:58 2001</td>
<td class=name bgcolor=#444477 align=center>127d493b92791085586c97eff83512dc</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger. By <a href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/nerf.iis.dos.txt">nerf.iis.dos.txt</a></td><td class=size bgcolor=#333366 align=center>1136</td><td class=date bgcolor=#444477 align=center>Jul 12 06:39:19 2001</td>
<td class=name bgcolor=#444477 align=center>86ac77030b990207e5472ee62b0bd790</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Nerf Group Security Advisory #4 - Microsoft IIS 4 and 5 can be crashed remotely by reading device files (com1, com2, etc). Exploit URL included. &nbsp;Homepage: <a href=http://www.nerf.ru target=newbrowser>http://www.nerf.ru.</a> By <a href="mailto:buggzy@nerf.ru">Buggzy</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/tstot.c">tstot.c</a></td><td class=size bgcolor=#333366 align=center>10102</td><td class=date bgcolor=#444477 align=center>Jul 12 01:13:12 2001</td>
<td class=name bgcolor=#444477 align=center>84f0f17bc976e6b8be69bacaeb5bf596</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available <a href="http://www.securityfocus.com/archive/1/195792">here.</a> By <a href="mailto:zen-parse@gmx.net">zen-parse</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/whodo-ex.c">whodo-ex.c</a></td><td class=size bgcolor=#333366 align=center>2500</td><td class=date bgcolor=#444477 align=center>Jul 12 05:58:37 2001</td>
<td class=name bgcolor=#444477 align=center>82dffcd2065e49a4222ebc5c8dbea224</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86. By <a href="mailto:psor@ccc.uba.a">Pablo Sor</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/cobalt.webmail.txt">cobalt.webmail.txt</a></td><td class=size bgcolor=#333366 align=center>774</td><td class=date bgcolor=#444477 align=center>Jul 12 06:01:17 2001</td>
<td class=name bgcolor=#444477 align=center>73faac454049acd5190bea40a1ba809a</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well. By <a href="mailto:dotslash@snosoft.com ">KF</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/sr.pl">sr.pl</a></td><td class=size bgcolor=#333366 align=center>3907</td><td class=date bgcolor=#444477 align=center>Jul 18 01:47:37 2001</td>
<td class=name bgcolor=#444477 align=center>64a69339c5b64edbad5cc889a991464a</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Checkpoint Firewall-1's SecureRemote allows any IP to connect and download sensitive network information. This perl script gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions). &nbsp;Homepage: <a href=http://www.sensepost.com target=newbrowser>http://www.sensepost.com.</a> By <a href="mailto:haroon@sensepost.com">Haroon Meer & Roelof Temmingh</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/kppp.c">kppp.c</a></td><td class=size bgcolor=#333366 align=center>3279</td><td class=date bgcolor=#444477 align=center>Jul 11 00:55:47 2001</td>
<td class=name bgcolor=#444477 align=center>62c2590edd286ebb913f7a78b60441ad</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>Kppp (/usr/local/kde/bin/kppp) v1.1.2 and below local exploit. Tested against x86 and Sparc Linux. &nbsp;Homepage: <a href=http://nbs.extremenetworking.net target=newbrowser>http://nbs.extremenetworking.net.</a> By <a href="mailto:smashstack@hushmail.com">Smashstack</a>, <a href="mailto:doom@sekurity.net">Doom</a></td></tr>
<tr><td class=name bgcolor=#333366 align=left><a href=/"0107-exploits/spadv03.txt">spadv03.txt</a></td><td class=size bgcolor=#333366 align=center>5094</td><td class=date bgcolor=#444477 align=center>Jul 30 02:12:09 2001</td>
<td class=name bgcolor=#444477 align=center>34db49ab75ca4fc3edbb7aa09d278554</td></tr><tr><td class=desc colspan=4 bgcolor=#000033 align=left>The Windows 2000 telnetd service is vulnerable to a remote denial of service attack. The service crashes when scanned for the recent AYT telnetd vulnerability discovered by <a class=fd href="mailto:scut@www.team-teso.net">Scut</a>. Includes SPtelnetAYT.c, a scanner for the AYT vulnerability in telnet daemons build upon the BSD source. &nbsp;Homepage: <a href=http://www.secpoint.com target=newbrowser>http://www.secpoint.com.</a> By <a href="mailto:info@secpoint.com">Security Point</a></td></tr>