| File Name |
Brief Description |
| ntpptp.c |
NT 4.0 SP3 PPTP denial of service attack exploit. |
| ntpwgrabber.txt |
A false DLL can be stored in the system32 directory
under Windows NT which collects passwords in plain text. |
| libcrypt.tgz |
The libcrypt.so, _RDL_ROOT telnetd env var root exploit
for irix systems. |
|
| imapd_scan.sh |
This script will scan (and exploit) an entire subnet
for imap2 vulnerabilitles. |
|
| qmail_dos.c |
Runs a qmail system out of memory by feeding an
infinite amount of recipients. |
|
| ping_bug.txt |
Users of pine can overwrite any file in their home
directory despite permissions. |
|
| latierra.c |
An enhanced version of land.c which works better
against NT SP3 among other things. |
| rip.c |
RIP (Routing Information Protocol) Version 1 Spoofer |
| imaps.tar.gz |
Serveral different versions of the remote imapd buffer
overflow exploit. |
|
| automount.c |
The automountd exploit for SunOS 5.5.1 let's you issue
remote commands. |
|
| xfree86.txt |
Using XFree86, oridinary users can read any file with
root permissions. |
|
| lownoise.txt |
Exploit for Digital Unix v4.0 that let's you create a
writeable /.rhosts file. |
|
| land.c |
Crash Windows by sending a spoofed packet from a
host on an open port setting as source the same host and port. |
|
| teardrop.c |
Exploits the overlapping IP fragment bug present in all
Linux kernels and NT 4.0 / Windows 95 (others?) |
|
| pentium_bug.c |
Denial of service attack for the Intel Pentium CPU for
any operating system. |
|
| linux_perl.txt |
It is still possible to overwrite a buffer a get root
on Linux via sperl 5.003. |
|
| lizards.txt |
Explains how to get root on Slakware 3.4 from the suid
lizards game. |
|
| evil-term.c |
This is the remote buffer overflow termcap exploit for
BSDI BSD/OS 2.1. |
|
| dgux_xterm.txt |
On Digital Unix 4.0B, causing, xterm to core can
overwrite arbitrary files. |
|
| php_exploit.c |
mlog.html and mylog.html w/ PHP dist. can be used to
read arbitrary files. |
|
| wwwcount.c |
Exploits Count.cgi, allowing remote exececution of
arbitray commands. |
|
| ciscocrack.c |
This contains script and source for decrypting cisco
encrypted passwords. |
|
| wm_exploit.c |
Overwrites a buffer in 'wm' from Ideafix package for
Linux, giving root. |
|
| brute_ssl.c |
This program will brute force it's way into secure and
non-secure webservers. |
|
| sr-crash.c |
Source routing exploit for Linux v1.0.x-v1.3.x that
causes the kernel to panic. |
|
| aix_ping.c |
Overwrites a buffer in gethostbyname(), giving root
access. |
|
| aix_lchangelv.c |
Another buffer overrun that gives root on AIX 4.x
machines. |
|
| aix_xlock.c |
This will overwrite a buffer in /usr/bin/X11/xlock
giving root. |
|
| web_sniff.c |
A Linux sniffer that is designed to retrieve web
usernames and passwords. |
|
| arp_fun.txt |
ICMP and arp can be used to deny service and spoof
other hosts on the LAN. |
|
| xf86_ports.txt |
A normal user can run X on a reserved port thus
blocking legitmate daemons. |
|
| hostscan.cmd |
OS/2 Rexx-script that scans hosts by IP-adresses |
| solaris_telnet.c |
A program designed to attack a Solaris 2.5 box, making
it totally unresponsive. |
|
| identd_attack.txt |
A massive amount of authorization requests can render a
system unusable. |
|
| secure_shell.txt |
Using SSH, a non-root user can open privleged ports and
redirect them. |
|
| sshd_redirect.txt |
Any normal user can redirect privileged ports using
secure shell daemon. |
|
| medax_linux.tgz |
A TCP sequence number predictor that also lets you
execute commands. |
|
| samba_exploit.txt |
Local and remote exploit for samba that sends an xterm
back to your display. |
|
| bsd_procfs.c |
In /proc under FreeBSD 2.2.1, you can modify a setuid
executable's memory. |
|
| zgv_exploit.c |
This will overwrite a buffer in /usr/bin/zgv on Redhat
Linux systems, giving root. |
|
| heroin.c |
This sample source illustrates the dangers of Linux
modules in the kernel. |
|
| sgi_html.txt |
It is possible to execute remote commands on IRIX 6.3
and 6.4 via /usr/sysadm. |
|
| ipd_probe.txt |
The Internet Probe Droid can scan massive amounts of
hosts very quickly. |
|
| smurf.c |
Spoofs IMCP packets resulting in multiple replies to a
host from a single packet. |
|
| in.comstat.txt |
If a user has biff y on, in.comstat can be used
increase the system load. |
|
| bind_nuke.txt |
Bind8.1.(1) can't update the same RR more than once in
the same DNS packet. |
|
| chkexploit_1.13.tgz |
A shell script for Linux that checks for some publicly
available exploits. |
|
| syslog_deluxe.c |
Lets you write spoofed and arbitrary messages to
another machine's syslogd. |
|
| dgux_fingerd.txt |
The fingerd that ships w/ dgux allows remote execution
of arbitrary commands. |
|
| smb_mount.c |
This overwrites a buffer on Linux systems in smbmount
from smbfs-2.0.1. |
|
| nmap.1.25.tar.gz |
nmap is a utility for port scanning large networks and
currently runs on Linux. |
|
| innd_exploit.c |
Overwrites a buffer in innd on Linux x86 systems thus
giving a remote shell. |
|
| smlogic.c |
This is a fully functional logic bomb designed render
Linux systems unuseable. |
|
| intruderf.c |
A trojan for Linux system that mails you user's names
and passwords. |
|
| ld.so.c |
Overwrites a buffer via LD_PRELOAD env. variable,
giving root on Linux. |
|
| sol_syslog.txt |
If Solaris syslogd gets a message and it can't resolve
the sender's IP, it dies. |
|
| promisc.c |
This program will scan your network devices to detect
running sniffers. |
|
| solaris_ping.txt |
On Solaris 2.x systems, any user can crash or reboot
the system using ping. |
|
| seyon_exploit.sh |
Exploit for seyon, giving you the euid or egid of
whatever seyon is suid to. |
|
| aixdtaction.c |
Overwrites a buffer in /usr/dt/bin/dtaction giving root
access. |
|
| datapipe.c |
Makes a pipe between a listen port on localhost and a
port on a remote machine. |
|
| sping.tar.gz |
Linux binary and source of 'sping' which causes Win95
machines to crash. |
|
| linux_httpd.c |
Overwrites a buffer in NSCA httpd v1.3 on linux
systems, giving a remote shell. |
|
| sgi_cgihandler.txt |
On IRIX systems, /cgi-bin/handler can be used to issue
arbitrary commands. |
|
| wuftpd_umask.txt |
The umask for wuftpd 2.4.2-b13 is 002 making files
group writeable by anyone. |
|
| majordomo.txt |
Local and remote users can execute arbitrary commands
from majordomo. |
|
| glimpse_http.txt |
Glimpse HTTP (Interface to Glimpse Search Tool) can
issue remote commands. |
|
| pandora.tgz |
This is the Unix version of the Netware version 4.x NDS
cracking utility. |
|
| telnet_core.txt |
On Linux systems, it is possible to get part of the
shadow file w/ cores. |
|
| fake_ps.txt |
Checks for 'ps' trojans by running 'ps' and checking
results against /proc. |
|
| hpux-cue.txt |
On HP 10.20, users can truncate arbitrary files using
the setuid cue program. |
|
| rpc.mountd_bug.txt |
One can see what files a machine contains by looking at
rpc.mountd responses. |
|
| ircd_kill.c |
Overwrites a buffer in ircII daemons, causing a
segmentation fault in the server. |
|
| lpboost.c |
A simple program demonstrating problems with PLP/LPRng
user authenticiation. |
|
| imapd_4.1b.txt |
It's possible to crash imapd, thus leaving shadow and
password files in core file. |
|
| sneakin.tgz |
A way to 'reverse telnet' from a box behind a firewall
that allows ICMP packets. |
|
| qmail.tar.gz |
This is a replacement sendmail-binmail system providing
security and efficiency. |
|
| h_rpcinfo.tar.gz |
Allows you to sneak past port filters on port 111 and
get dumps of RPC services. |
|
| synlog-0.4.tar.gz |
Synlog monitors half open TCP connections such as
synfloods or synscans. |
|
| net_rpm.txt |
Redhat Package Manager (rpm) can be used to overwrite
arbitrary files. |
|
| wrapper-v2.tgz |
This is a generic wrapper to prevent the exploitation
of suid/sgid programs. |
|
| solaris_ifreq.c |
On Solaris, users can do control requests on a root
created socket descriptor. |
|
| longpath.sh |
Script that implements a long path attack causing
various problems on Linux. |
|
| logarp.tar.gz |
Useful for seeing if users on your subnet are
"stealing" IP addresses. |
|
| aix_dtterm.c |
This will overwrite a buffer in /usr/dt/bin/dtterm,
giving root. |
|
| campus_cgi_hole |
Describes a hole in campus cgi which allows execution
of remote commands. |
|
| listhosts.c |
A host resolving program based on nslookup and other
pieces of named tools. |
|
| irix-wrapper.c |
Wraps programs on IRIX to prevent command line argument
buffer overruns. |
|
| irix-df.c |
This will overwrite a buffer in /bin/df on IRIX
systems, thus giving a root shell. |
|
| irix-dp.c |
Overwrites a buffer in /usr/lib/desktop/permissions,
giving egid of sys on IRIX. |
|
| irix-login.c |
This will overwrite a buffer in /bin/login on IRIX
systems, giving root. |
|
| irix-xlock.c |
This will give root by overwriting a buffer in /usr/bin/X11/xlock
on IRIX. |
|
| synsniff.tar.gz |
Script in perl which watches for inbound connections (SYN's)
and logs them. |
|
| SunOS_crash.txt |
Reading /dev/tcx0 on a SunOS 4.1.4 Sparc 20 causes a
system panic. |
|
| imapd_exploit.c |
Get remote root access on Redhat systems by overwriting
a buffer in impad. |
|
| xlock.c |
On Linux systems, this will overwrite a buffer in
setuid xlock, giving root access. |
|
| phobia.tgz |
This utility does a scan of an internet host looking
for various vulnerabilities. |
|
| elm_exploit.c |
Overwrites a buffer in Elm and Elm-ME+ on Linux via
TERM environ. variable. |
|
| daynotify.sh |
This script will exploit a bug in SGI's Registration
Software under IRIX 6.2. |
|
| brute_web.c |
This program will brute force it's way into a web
server giving a user and passwd. |
|
| tcpdump.tar.Z |
Tool for network monitoring and data acquisition (needs
library packet capture). |
|
| winnuke.c |
Sends Out of Band Data to a Win95/NT computer causing
panics and reboots. |
|
| sperl.tgz |
Overwrites a buffer in the sperl5.001 and sperl5.003,
thus giving root access. |
|
| dip-prob.txt |
Dip will allow an ordinary user to gain control of
arbitrary devices in /dev. |
|
| nlspath.txt |
Exploits for ping, minicom, su and others on Linux via
NLSPATH env. variable. |
|
| solaris_lp.sh |
Script for Solaris that breaks lp, then use lp priv to
break root (or bin, etc...). |
|
| AIX_mount.c |
Overwrites a buffer in /usr/sbin/mount on AIX 4.x
systems. |
|
| vold_prob.txt |
It is possible to corrupt CDROM management on Solaris
by changing block size. |
|
| fdformat-ex.c |
This will overwrite a buffer in /usr/bin/fdformat on
Solaris 2.x systems giving root. |
|
| sunos-ovf.tar.gz |
This program is designed to test buffer overflows on
SunOS 4.1.x boxes. |
|
| cxterm.c |
Overwrites a buffer in Chinese xterm Linux systems,
thus giving root access. |
|
| color_xterm.c |
This will overwrite a buffer in /usr/X11/bin/color_xterm,
giving root on Linux. |
|
| pepsi.c |
This program is a random source host UDP flooder that
compiles under Linux. |
|
| tlnthide.c |
Allocates a port and sets up a telnet gateway making it
difficult to trace telnets. |
|
| jping.tar.gz |
This is another simple IMCP flooding program that
compiles under Linux. |
|
| LPRng.tgz |
A light weight printing system especially designed with
security in mind. |
|
| jolt.c |
Sends oversized fragmented packets to Win95 boxes
causing them to lock up. |
|
| utclean.c |
This will remove your presence from wtmp, wtmpx, utmp,
utmpx, and lastlog. |
|
| eject.c |
Overwrites a buffer on Solaris 2.x systems in /usr/bin/eject,
giving a root shell. |
|
| puke.c |
Spoofs an ICMP unreachable error to a target, causing
connection drops. |
|
| webs099.tgz |
A minimalist web server designed primarily for security
and handles redirects. |
|
| talkd.txt |
This explains how to get root remotely by overwriting a
buffer in in.talkd. |
|
| pingmod.tar.gz |
A very flexible pinging program that is able to fake
ICMP packets and more. |
|
| rbone.tar.gz |
Another IP spoofer type program that guesses TCP
sequence numbers. |
|
| bsd_cxterm.c |
This will overwrite a buffer in xterm_color on BSD
systems, giving root. |
|
| udpstorm.tgz |
This is an implenmentation of the udpstorm attack.
Works with Linux. |
|
| jakal.c |
Portscanner that avoids logging by not completing the
3-way TCP handshake. |
|
| lin_probe.c |
This overwrites a buffer in /usr/X11/bin/SuperProbe on
Linux, thus giving root. |
|
| AIX_host.c |
Overwrites a buffer in gethostbyname() giving a root
shell. |
|
| sgi_systour.txt |
Exploit for /usr/lib/tour/bin/RemoveSystemTour on IRIX
5.3 & 6.2 that gives root. |
|
| connect.c |
Crashes AIX 4.1.4, AIX 4.1.5, HP-UX 10.01, and HP-UX
9.05. |
|
| sol2.5_nis.txt |
This show how to exploit /usr/lib/nis/nispopulate on
Solaris 2.5 systems. |
|
| xdm_bugs.txt |
Shows how to deny service from xdm. It also doesn't
close file handles correctly. |
|
| crack-2a.tgz |
Unix Password Cracker 2.0(a) by Scooter Corp. (Comes
with crack dictionary). |
|
| lilo-exploit.txt |
Get root on the lastest versions of Linux (at the
console) using LD_PRELOAD. |
|
| rsucker.pl |
Perl script that acts as a fake r* daemon and logs
usernames sent from clients. |
|
| synk4.c |
An improved Syn Flooder that also supports a random IP
spoofing mode. |
|
| portmap_5b.tar.gz |
Portmapper that supports access control in the style of
the tcp wrapper package. |
|
| irix-login.txt |
On Irix systems /var/adm/badlogin has failed logins and
passwords in clear text. |
|
| iebugs.tar.gz |
Microsoft Internet Explorer bugs one through six in
text and html format. |
|
| arnudp.c |
Shows how to send single UDP packets from an arbitray
souce/destination. |
|
| sun-reboot.txt |
By typing: perl -e 'print "\e[1J"' you can
reboot a sun ultra sparc at the console. |
|
| cgiwrap-3.22.tgz |
This is a gateway that allows a more secure user access
to CGI programs. |
|
| fastcracker.tgz |
This program is designed to quickly crack DES encrypted
passwords. |
|
| pma.tar.gz |
Poor Man's Access - A daemon that lets you issue shell
commands remotely. |
|
| lpr_bugs.txt |
It is possible to create, read, and delete any file on
the system using lpr/lpd. |
|
| vsr.tar.gz |
A loadable module for SunOS systems that creates a
virtual IP interface. |
|
| makedir.txt |
Programs to create thousands of directories and to
delete these directories. |
|
| tcpprobe.c |
This is a tcp portscanner that shows accepted
connections on a remote host. |
|
| locktcp.c |
This program will freeze a Solaris/x86 2.5.1 systems,
causing denial of service. |
|
| irix-wrap.txt |
This shows how to get a listing of directories (755)
from cgi-bin/wrap on Irix 6.2. |
|
| block.c |
Stops users from logging in by monitoring utmp and
closing down user's tty ports. |
|
| tin_problem.txt |
rtin/tin creates /tmp/.tin_log w/ mode of 0666 in /tmp
and follows symbolic links. |
|
| sun_patch.sh |
If you have a sun SPARC, this script will stop all
forms of buffer overrun attacks. |
|
| riputils.tgz |
This is a set of routing internet protocol utilities
designed for Linux systems. |
|
| ipbomb.c |
This will attack a target host by sending various sizes
and numbers of IP packets. |
|
| test-cgi.txt |
Using the CGI program test-cgi, you can inventory files
on remote systems. |
|
| lquerypv.txt |
On AIX systems you can read any file (in hex) on the
system with lquerypv. |
|
| cops_104.tar.gz |
(Computer Oracle & Password System) checks for Unix
misconfigurations. |
|
| Crack
v5.0 |
Got access to password or shadow file? Shows what other
user's passwords are. |
|
| Crack
Dictionary |
This is a general 50,000 word dictionary for use with
Crack or other programs. |
|
| Esniff.c |
This is the source code for basic ethernet Sniffer. (
Straight out of Phrack ). |
|
| fakerwall.c |
Lets you send an rwall message from an arbitrary host
of your choice. |
|
| fping |
Like UNIX ping(1), but allows efficient pinging of a
large list of hosts. |
|
| simping.c |
Simulates the "ping -l 65510 victim.host"
from Win95 - also compiles on Linux. |
|
| bind.txt |
This describes a potenital denial of service problem
with BIND-4.9.5-P1. |
|
| pong.c |
Attacks an arbitrary host by sending a flood of spoofed
ICMP packets. |
|
| jizz.c |
A DNS spoofer that exploits the cache vulnerability in
most BIND daemons. |
|
| any-erect.c |
Another DNS spoofing type program much like jizz.c.
Compiles on Linux. |
|
| hide.c |
Exploits a world-writeable /etc/utmp and allow the user
to modify it interactively. |
|
| hsh002.c |
This is a neat little shell for experimentation with
lots of interesting features. |
|
| netpipes4.0.tgz |
A package (that comes w/ Linux) to manipulate BSD
TCP/IP stream sockets. |
|
| nfswatch4.1.tar.Z |
This lets you monitor NFS requests to any given machine
or the entire network. |
|
| nfstrace.tgz |
This nfstrace package lets you to perform NFS tracing
by network monitoring. |
|
| wuftpd-owrite.sh |
Exploit for wu-ftpd to create or overwrite a file
anywhere on the filesystem. |
|
| wuftpd-sdump.sh |
Exploit a bug in wu-ftpd to assemble and view the
shadow password file. |
|
| shadowyank.c |
Reconstructs the shadow entries from a core file from
ftp daemon segmenting. |
|
| ICMPinfo
V1.10 |
ICMPinfo is a tool for looking at ICMP messages
received on the running host. |
|
| ident-scan.c |
TCP scanner that gets the username of the daemon
running on the specified port. |
|
| ascend.txt |
Program for Linux designed to attack Ascend routers
with zero length tcp offsets. |
|
| gzip.txt |
While a file is being compressed with gzip it is world
readable to all users. |
|
| iss13.tar.gz |
The Internet Security Scanner scans subnets and
collects info. about hosts. |
|
| libc.so.5 |
A hacked libc.so.5 for Linux that spawns a shell when a
call is made to crypt(). |
|
| sdtcm_convert.txt |
Explains to how to exploit sdtcm_convert on Solaris
boxes to get root access. |
|
| mnt.tar.gz |
Exploits a bug in HP-UX 9 rpc.mountd program and gives
you NFS file handles. |
|
| netcat
(V1.10) |
Like Unix cat(1) but this one talks network packets
(TCP or UDP). |
|
| NFS
Shell |
This should be very useful if you have located an
insecure NFS server. |
|
| pmcrash.c |
This allows you to crash ANY Livingston PortMaster by
overflowing buffers. |
|
| pop3.c |
Attemps mulitple username/password guesses on machines
running POP3. |
|
| psrace.c |
Exploits a race condition in Solaris, thus allowing you
to make a root shell. |
|
| Root
Kit |
Programs like ps, ls, & du that are modified to
hide certain files & processes. |
|
| rpc_chk.sh |
Script to get a list of running hosts from a DNS
nameserver for a given domain. |
|
| seq_number.c |
This is a program that exploits the TCP Sequence Number
Generator bug. |
|
| asppp.txt |
On Solaris 2.5x86, /tmp/.asppp.fifo can make a world
writeable .rhosts file. |
|
| kcms.txt |
Get root on Solaris 2.5 by exploiting /usr/openwin/bin/kcms_calibrate. |
|
| remove.c |
A universal utmp, wtmp, and lastlog editor that also
compiles under AIX & SCO. |
|
| kmemthief.c |
If /dev/kmem is writeable by normal users, then this
program will get you root. |
|
| slammer |
Slammer lets you issue arbitray commands on hosts by
exploting yp daemons. |
|
| socket_demon13.zip |
Daemon that sits on a specified IP port and provides
passworded shell access. |
|
| Solaris
Sniffer |
This is a version of ESniff.c that has been modified
for Solaris 2.X. |
|
| xpusher.c |
This is a neat way to send keyboard events to another
user's X window. |
|
| xsnoop.c |
This program allows you to spy on another user's
keyboard events like xkey.c |
|
| Strobe
(V1.03) |
Scans TCP ports on a target host and reveals which
daemons are running. |
|
| Tiger
(V2.2.3) |
Tiger attemps to exploit known bugs, holes, and
misconfigurations to attain root. |
|
| lquerylv.c |
Overwrites a buffer in /usr/sbin/lquerylv on AIX
systems, thus giving a root shell. |
|
| Traceroute |
Traceroute is an indispensable tool for troubleshooting
and mapping your network. |
|
| open_bug.txt |
On {Free,Open,Net}BSD, open() returns a file descriptor
to a protected devices. |
|
| udpscan.c |
Identifys open UDP ports by sending bogus UDP packets
and wait for responses. |
|
| portd.c |
A daemon that listens on a port and provides passworded
shell access. |
|
| pingexploit.c |
This lets you send oversized ICMP packets from a unix
box just like Win95. |
|
| checksyslog.tgz |
Analyze your system logs for security problems while
ignoring normal behavior. |
|
| dosemu.txt |
On Debian v1.1, /usr/sbin/dos can be used to read any
file on the system. |
|
| yaping.0.1.tgz |
Yet another ping for Linux. Packets of size > 65535
octets are supported. |
|
| xcrowbar.c |
Source code that gets you a pointer to an X Display
even after an xhost - |
|
| xkey.c |
Attach to any X server you have permission to and watch
the user's keyboard. |
|
| xwatchwin.tar.gz |
If you got access to another's X server,this shows the
window on your X-server. |
|
| messages.sh |
Parses through /var/adm/messages to see if user typed
password at login prompt. |
|
| FreeBSDmail.txt |
This exploit will overwrite a buffer on sendmail 8.6.12
running on FreeBSD 2.1.0. |
|
| securelib.tar.Z |
Shared library for SunOS 4.1 and later that will help
protect your RPC daemons. |
|
| ypsnarf.c |
This handy little program will get you yp domain names,
yp maps, and yp maplists. |
|
| ypx.tgz |
Guesses NIS domain namesand also extract the maps
directly from domains. |
|
| ftp-scan.c |
This program exploits the ftp protocol to let you scan
services on firewalls. |
|
| rdist-ex.c |
Writes past a buffer, straight onto the stack, giving a
root shell on FreeBSD. |
|
| ttywatcher-1.1b.tgz |
ttywatcher lets a user monitor and interact with every
tty on the system. |
|
| splitvt.c |
An older exploit for Linux that overwrites a buffer in
/usr/bin/splitvt, giving root. |
|
| mount-ex.c |
All Linux versions are vulnerable to this buffer
overflow attack on suid mount. |
|
| perl-ex.sh |
perl-ex.sh is a simple little sperl script that gives
you a root shell via suidperl. |
|
| sndmail8.8.4.txt |
This will explain how to exploit sendmail version 8.8.4
to get root access. |
|
| irix-xhost.txt |
In the default setup on Irix, xhost is set to global
access for console logins. |
|
| aix_bugfiler.txt |
On AIX 3.x, /lib/bugfiler can be used to circumvent
file access restrictions. |
|
| mod_ldt.c |
Gives access to all of Linux's linear memory to user
processes at will. |
|
| dipExploit.c |
Linux dip Exploit. Overwrite a buffer in do_chatkey(),
thus giving you a root shell. |
|
| rexecscan.txt |
The rexecd can be used easily to scan the client host
from the server host. |
|
| rpcs.01b.tar.gz |
This is program that is designed to scan subnets for
rpc services. |
|
| rxvtExploit.txt |
Exploits a popen() call issued by rxvt on Linux
machines, thus giving a root shell. |
|
| nfsbug.c |
Demonstates a security problem in unfsd guessing the
file handle of the root FS. |
|
| abuse.txt |
Exploit for Red Hat 2.1 that gives a root shell by
exploitng abuse.console. |
|
| xtermOverflo.c |
A program that overwrites a buffer in libXt.so while
xterm is suid to root. |
|
| resolv+.exp |
Quick and Simple way to read the /etc/shadow file as
well as many other things. |
|
| resizeExp.txt |
Another Red Hat 2.1 exploit for resizecons due to lack
of absolute pathnames. |
|
| qcrack.tar.gz |
qcrack gives increased cracking speeds at the expense
of disk space. |
|
| Linux
rootkit |
A rootkit designed for Linux systems. Comes with ps,
netstat, and login. |
|
| X
webcomber |
A cool little tool that lets you search for things
(like hacking) on the web. |
|
| gpm-exploit.txt |
This will get root on Linux systems using
/usr/games/doom/killmouse. |
|
| pingflood.c |
This pings floods a host, thus wasting bandwidth and
denying service. |
|
|
NETWORKWARRIORS.COM 
