| name |
description |
date |
size |
| chap.pdf |
What Mudge and Bruce missed when analyzing PPTP and more |
2002-02-23 |
488807 |
| adore-0.42.tgz |
latest version of mighty adore - linux module backdoor |
2002-01-03 |
14749 |
| burneye-1.0-linux-static.tar.gz |
burneye ELF encryption program, x86-linux binary, version 1.0 - new year release! |
2002-01-01 |
144240 |
| burneye-stripped.tar.gz |
stripped burneye sources, for educational purposes (beside the speech + article) |
2001-12-29 |
23811 |
| iob-0.1.tar.gz |
iob - simple, stupid, straightforward pty based i/o log program. can log almost anything (ssh, gpg, cfsattach, losetup, ...) |
2001-10-08 |
5899 |
| formatstring-1.2.tar.gz |
Formatstring exploitation article, updated version 1.2. Mistakes corrected, things clarified. Thanks to everyone who send in comments and suggestions. |
2001-09-01 |
214530 |
| adore-0.39b4.tgz |
plus: open/stat redirection :-) |
2001-07-11 |
14678 |
| ldistfp-0.1.4.tar.gz |
bugfixes, new fingerprints and FINALLY: an auto-update facility, so I do not have to release a new version every two weeks ;-) |
2001-05-27 |
14856 |
| adore-0.38.tar.gz |
added 64bit FS support, fool protection modules as 'StMichael'. and minor things |
2001-05-25 |
14316 |
| ldistfp-0.1.3.tar.gz |
Linux DISTribution FingerPrint v0.1.3, added raw mode to use scanlogs, new fingerprints etc. Send me new fingerprints please ;) |
2001-05-08 |
13752 |
| 7350cfingerd-0.0.4.tar.gz |
cfingerd <= 1.4.1 x86/linux remote root |
2001-04-19 |
19713 |
| arpmim-0.2.tar.gz |
ARP man-in-the-middle with N:N support, asymmetric MiM, arpop_request, macoff |
2001-03-29 |
4742 |
| adore-0.34.tgz |
Linux 2.[24] kernel module, changes: improved 2.4 support, better authentication checking, permanent PID removal, configure script, experimental exec redirection for i386 |
2001-03-25 |
13470 |
| formatstring-1.1.tar.gz |
Corrected version, thanks to everyone who send me feedback. Also includes the examples now. |
2001-03-24 |
193225 |
| formatstring.pdf |
Translated, revised and extended version of the german article, enjoy! (also grab the Vortrag tarball for examples) |
2001-03-17 |
244116 |
| telnetfp_0.1.2.tar.gz |
more and more fingerprints, bugixes, interactive |
2001-01-11 |
7103 |
| Vortrag-1.0.tar.gz |
german CCC speech "exploiting format string vulnerabilities" including examples |
2000-12-28 |
99066 |
| 7350wu-v5.tar.gz |
wuftpd 2.6.0 Linux and FreeBSD exploit that does it the proper way, enjoy! |
2000-12-28 |
16229 |
| adore-0.31.tar.gz |
improved - now automatic configuration, bugfixes |
2000-12-23 |
9738 |
| 7350oftpd.tar.gz |
remote OpenBSD ftpd exploit |
2000-12-18 |
7127 |
| reverb-0.1.0.tar.gz |
tool to access firewalled, dynamic-dialin and otherwise protected hosts from the outside, once backdoored. includes some nice new options |
2000-11-25 |
8518 |
| 7350nxt-v3.tar.gz |
old wine in new bottles: NXT exploit with Linux, FreeBSD and IRIX code. fully working |
2000-11-24 |
8729 |
| bsd_chpass.c |
exploit for *BSD's chpass |
2000-10-03 |
3461 |
| openssh.reverse.tgz |
patched OpenSSH (cl+sv) for tunneling firewalls (client connects to server) |
2000-10-01 |
477279 |
| telnetfp_0.1.1.tar.gz |
new version: new fingerprints and bugfixes |
2000-09-07 |
4700 |
| telnetfp_0.1.0.tar.gz |
An OS-Detection tool. uses fingerprinting telnet do/donts |
2000-09-05 |
3908 |
| ldistfp-0.1.2.tar.gz |
new: fixes for *bsd compilations, new fingerprints (thx to suppliers!), small bonus awk statistic script |
2000-08-17 |
12578 |
| ldistfp-0.1.1.tar.gz |
identd fingerprinting tool, works very nice with all Linux and most *BSD hosts that have their auth service running |
2000-08-11 |
13192 |
| zodiac-0.4.9.tar.gz |
overdue new version: 0.4.9 runs on *BSD now and fixes some bugs |
2000-07-18 |
67620 |
| 7350qpop.c |
remote user x86/Linux QPopper 2.53 EUIDL exploit, requires some knowledge about the vulnerability and system |
2000-07-15 |
13372 |
| execve-shell.tar.gz |
38 byte in-runtime execve shellcode creation for use in x86/linux exploits, see README file |
2000-05-28 |
47364 |
| l0phtl0phe-kid.c |
special script kiddie version of a new antisniff x86/linux exploit - for "two times fixed (!)" 1-1-1 version |
2000-05-18 |
4367 |
| l0phtl0phe.c |
l0pht AntiSniff x86/Linux remote root exploit, including "fixed" 1.02 version |
2000-05-16 |
5516 |
| 7350kscd.tar.gz |
kscd exploit (cdplayer in KDE multimedia package) |
2000-05-15 |
8307 |
| outp.c |
.s -> shellcode converter |
2000-05-03 |
1077 |
| exman.c |
man exploit |
2000-05-03 |
1047 |
| arpmitm-0.1.tar.gz |
another tool for using arp MIM attacks, that keeps sending the packets |
2000-03-28 |
1550 |
| hellkit-1.2.tar.gz |
hellkit 1.2 - new stuff: generic 40 byte decoder which never fails, some cleanups |
2000-03-15 |
22481 |
| adore-0.14.tar.gz |
smarter promisc. hiding, service-hiding fixed |
2000-02-21 |
7291 |
| adore-0.13.tar.gz |
Linux 2.2 LKM that hides everything you need to hide |
2000-02-14 |
6771 |
| hellkit-1.1.tar.gz |
create (nullfree) x86 shellcode from c-code |
2000-02-13 |
10644 |
| pro.tar.gz |
proftp exploit for 1.2.0pre3 linux (x86) |
2000-02-13 |
4779 |
| teso-nxt.tar.gz |
Exploit for BIND-8.2/8.2.1 (NXT) (crippled) |
2000-02-13 |
6729 |
| utcl.c |
cloak utmp host entries |
2000-02-13 |
2056 |
| arptool-0.0.1.tar.gz |
send faked arp packets useful for man-in-the-middle |
2000-02-13 |
2523 |
| ascend-foo.c |
DoS ascend router with simple udp echo<->echo link |
2000-02-13 |
2173 |
| grabbb-0.1.0.tar.gz |
some bugfixes and improvements |
2000-01-09 |
6379 |
| lamescan-1.0.tar.gz |
fast threaded portscanner (syn,fin,xmas,fragmented,etcetc) |
1999-12-26 |
39392 |
| ifafoffuffoffaf.c |
wuftpd 2.5.0 heap-based exploit |
1999-12-18 |
29277 |
| grabbb-0.0.5.tar.gz |
very fast, clean and mean, but functional banner scanner |
1999-11-14 |
5887 |
| vwxploit.c |
Interscan VirusWall 3.23/3.3 exploit (by dark spyrit, unix port by team teso) |
1999-11-08 |
13237 |
| realown.c |
RealServer exploit port from the original exploit by dark spyrit |
1999-11-04 |
10867 |
| grabbb-0.0.1.tar.gz |
very fast non blocking banner scanner |
1999-09-18 |
4393 |
| reverb-0.0.2.tar.gz |
maps passive to passive and active to active socket |
1999-09-06 |
6649 |
| 3wahas.tar.gz |
LAN based SYN flooder which spoofs SYN ACK packets too, allowing to bypass SYN-cookies |
1999-09-02 |
8459 |
| phoenix.tar.gz |
shoots every TCP connection in LAN by spoofing TCP packets |
1999-09-02 |
8611 |
| phoenix2.tar.gz |
like phoenix, but also spoofs the MAC address |
1999-09-02 |
8792 |
| libtermcapsploit.c |
lame libtermcap sploit |
1999-09-01 |
1399 |
| delefate.c |
Delegate 5.9.x - 6.0.x remote exploit for Linux platforms |
1999-08-09 |
8359 |
| deathmatch.tar.gz |
the stuff we used at the ccc-camp'99 linux deathmatch |
1999-08-09 |
2052261 |
| fizzbounce-0.2.tar.gz |
maps TCP connections over http-proxies (post/connect) |
1999-08-06 |
9013 |
| numby-0.2.tar.gz |
scans for relay (connect/post) vulnerable http-proxies |
1999-08-06 |
11590 |
| zylyx-0.1.1.tar.gz |
http proxy-cache file finder (goes through http proxies from a file and request a file) |
1999-08-06 |
21766 |
| itunnel-1_2.tar.gz |
ICMP tunneling tool |
1999-07-12 |
1709 |
| tesoiis.c |
MS IIS4 exploit, port of the eeye one |
1999-06-30 |
8624 |
| dirthy.c |
linux tty hijacker |
1999-06-23 |
2349 |
