Giter Club home page Giter Club logo

exploits-1's Introduction

My Exploit Archive

Here is a collection of exploits I wrote under the moniker 'bind' in the late 90s and early 00s. I am releasing these just to show what things were like during that hacking era. I doubt these are useful anymore but some of the techniques and coding style are valuable and entertaining to look at. They are listed in the order written.

The exploits

ipop2ex

This was the first stack overflow exploit I wrote in 1999 for a publicly known vulnerability in POP2 servers that were running by default on most popular Linux distributions. My partner and mentor 'xdr' from teamTESO helped me understand how stack overflows worked and taught me how to write my own exploits. This pop2 exploit was very reliable and worked 95% or more of the time.

    Details: A buffer overflow exists in the pop2 server distributed
    with imap packages 4.4 and earlier. Exploitation of this bug allows
    remote access to the machine with the user id of nobody. This program
    allows you to exploit pop2 without the need of a third party IMAP server.
    If you are behind a firewall, resort to using a third party, internet
    routable IMAP server.  For accuracy purposes, this exploit autodetects
    the version of the server it is exploiting and performs alignment calculation.

statdex

This was my first format string exploit written for a publicly known vulnerability in the rpc statd daemon shipped with Redhat 6.2 and earlier. I do not remember this being a very reliable nor useful exploit as the service was turned off by default (if i remember correctly). I wrote it simply to understand how format string vulnerabilities worked.

    Details: A format string bug exists in the rpc.statd daemon
    shipped with Redhat 6.2 & earlier.  The bug occurs due to
    the lack of handling format characters passed to the syslog()
    function.  Exploitation yields remote root access.

wux

The is by far the best exploit I have ever written not only due to the fact that the Washington University 2.6.1 FTP server was ubiquitous and turned on by default, but also because it was the most reliable exploit for this bug in the world. The most widely used exploit was written by teamTESO and my exploit was actually more reliable and required less information, resulting in me feeling pretty 31337 at the time.

more to follow...

exploits-1's People

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.