`Textos en Inglés`

Proveedores
www.rootshell.com ,
rootshell.connectnet.com/
ftp.connectnet.com/pub/security

Hold down SHIFT and then hit the mouse button to get something.
aix_ping.c	Overwrites a buffer in gethostbyname(), giving root on AIX 4.x PPC systems.
aix_lchangelv.c	Another buffer overrun exploit that gives root on AIX 4.x PPC from lchangelv.
aix_xlock.c	This will overwrite a buffer in /usr/bin/X11/xlock on AIX 4.x PPC, giving root.
web_sniff.c	A Linux sniffer that is designed to retrieve web usernames and passwords.
xf86_ports.txt	A normal user can run X on a reserved port thus blocking legitmate daemons.
identd_attack.txt	A massive amount of authorization requests can render a system unusable.
secure_shell.txt	Using SSH, a non-root user can open privleged ports and redirect them.
bsd_procfs.c	In /proc under FreeBSD 2.2.1, you can modify a setuid executable's memory.
zgv_exploit.c	This will overwrite a buffer in /usr/bin/zgv on Redhat Linux systems, giving root.
sgi_html.txt	It is possible to execute remote commands on IRIX 6.3 and 6.4 via /usr/sysadm.
smurf.c	Spoofs IMCP packets resulting in multiple replies to a host from a single packet.
bind_nuke.txt	Bind8.1.(1) can't update the same RR more than once in the same DNS packet.
smb_mount.c	This is overwrite a buffer on Linux systems in smbmount from smbfs-2.0.1.
innd_exploit.c	Overwrites a buffer in innd on Linux x86 systems thus giving a remote shell.
smlogic.c	This is a fully functional logic bomb designed render Linux systems unuseable.
ld.so.c	Overwrites a buffer via LD_PRELOAD env. variable, giving root on Linux.
solaris_ping.txt	On Solaris 2.x systems, any user can crash or reboot the system using ping.
seyon_exploit.sh	Exploit for seyon, giving you the euid or egid of whatever seyon is suid to.
aixdtaction.c	Overwrites a buffer in /usr/dt/bin/dtaction via HOME env. variable, giving root.
datapipe.c	Makes a pipe between a listen port on localhost and a port on a remote machine.
sping.tar.gz	Linux binary and source of 'sping' which causes Win95 machines to crash.
linux_httpd.c	Overwrites a buffer in NSCA httpd v1.3 on linux systems, giving a remote shell.
sgi_cgihandler.txt	On IRIX systems, /cgi-bin/handler can be used to issue arbitrary commands.
wuftpd_umask.txt	The umask for wuftpd 2.4.2-b13 is 002 making files group writeable by anyone.
glimpse_http.txt	Glimpse HTTP (Interface to Glimpse Search Tool) can issue remote commands.
telnet_core.txt	On Linux systems, it is possible to get part of the shadow file w/ cores.
ircd_kill.c	Overwrites a buffer in ircII daemons, causing a segmentation fault in the server.
sneakin.tgz	A way to 'reverse telnet' from a box behind a firewall that allows ICMP packets.
qmail_exploit.c	Runs a qmail system out of memory by feeding an infinite amount of recipients.
qmail.tar.gz	This is a replacement sendmail-binmail system providing security and efficiency.
h_rpcinfo.tar.gz	Allows you to sneak past port filters on port 111 and get dumps of RPC services.
synlog-0.1.tar.gz	Synlog monitors half open TCP connections such as synfloods or synscans.
wrapper-v2.tgz	This is a generic wrapper to prevent the exploitation of suid/sgid programs.
solaris_ifreq.c	On Solaris, users can do control requests on a root created socket descriptor.
longpath.sh	Shell script that implements a long path attack causing various problems on Linux.
logarp.tar.gz	Useful for seeing if users on your subnet are "stealing" IP addresses.
aix_dtterm.c	This will overwrite a buffer in /usr/dt/bin/dtterm on AIX 4.2 PPC, giving root.
irix-wrapper.c	Wraps programs on IRIX to prevent command line argument buffer overruns.
irix-df.c	This will overwrite a buffer in /bin/df on IRIX systems, thus giving a root shell.
irix-dp.c	This overwrites a buffer in /usr/lib/desktop/permissions, giving egid of sys on IRIX.
irix-login.c	This will overwrite a buffer in /bin/login on IRIX systems, giving root.
irix-xlock.c	This will give root by overwriting a buffer in /usr/bin/X11/xlock on IRIX.
synsniff.tar.gz	Script in perl which watches for inbound connections (SYN's) and logs them.
SunOS_crash.txt	Reading /dev/tcx0 on a SunOS 4.1.4 Sparc 20 causes a system panic.
imapd_exploit.c	Get remote root access on Redhat Linux systems by overwriting a buffer in impad.
xlock.c	On Linux systems, this will overwrite a buffer in setuid xlock, giving root access.
phobia.tgz	This utility does a scan of an internet host looking for various vulnerabilities.
elm_exploit.c	Overwrites a buffer in Elm and Elm-ME+ on Linux via TERM environ. variable.
daynotify.sh	This script will exploit a bug in SGI's Registration Software under IRIX 6.2.
brute_web.c	This program will brute force it's way into a web server giving a user and passwd.
tcpdump.tar.Z	A tool for network monitoring and data acquisition. (needs library packet capture.)
winnuke.c	This sends Out of Band Data to Win95/NT computers causing panics and reboots.
sperl.tgz	Overwrites a buffer in the sperl5.001 and sperl5.003, thus giving root access.
dip-prob.txt	Dip will allow an ordinary user to gain control of arbitrary devices in /dev.
nlspath.txt	Exploits for ping, minicom, su and others on Linux via NLSPATH env. variable.
solaris_lp.sh	Script for Solaris that breaks lp, then use lp priv to break root (or bin, etc...).
AIX_mount.c	Overwrites a buffer in /usr/sbin/mount on AIX 4.x systems via LC_MESSAGES.
fdformat-ex.c	This will overwrite a buffer in /usr/bin/fdformat on Solaris 2.x systems giving root.
sunos-ovf.tar.gz	This program is designed to test buffer overflows on SunOS 4.1.x boxes.
cxterm.c	This overwrites a buffer in Chinese xterm Linux systems, thus giving root access.
color_xterm.c	This will overwrite a buffer in /usr/X11/bin/color_xterm, giving root on Linux.
pepsi.c	This program is a random source host UDP flooder that compiles under Linux.
tlnthide.c	Allocates a port and sets up a telnet gateway making it difficult to trace telnets.
jping.tar.gz	This is another simple IMCP flooding program that compiles under Linux.
LPRng.tgz	A light weight printing system especially designed with security in mind.
jolt.c	Sends oversized fragmented packets to Win95 boxes causing them to lock up.
utclean.c	This will remove your presence from wtmp, wtmpx, utmp, utmpx, and lastlog.
eject.c	Overwrites a buffer on Solaris 2.x systems in /usr/bin/eject, giving a root shell.
bind-8.1.1.tgz	Version 8.1.1 of bind with many improvements - (includes documentation).
puke.c	Spoofs an ICMP unreachable error to a target, causing connection drops.
webs099.tgz	A minimalist web server designed primarily for security and handles redirects.
talkd.txt	This explains how to get root remotely by overwriting a buffer in in.talkd.
udpstorm.tgz	This is an implenmentation of the udpstorm attack. Works with Linux.
jakal.c	A portscanner that avoids tcp-logging by not completing the 3-way TCP handshake.
lin_probe.c	This overwrites a buffer in /usr/X11/bin/SuperProbe on Linux, thus giving root.
AIX_host.c	Overwrites a buffer in gethostbyname() on AIX 4.2 Power PC, giving a root shell.
sgi_systour.txt	Exploit for /usr/lib/tour/bin/RemoveSystemTour on IRIX 5.3 & 6.2 that gives root.
connect.c	Lets a normal user crash AIX 4.1.4, AIX 4.1.5, HP-UX 10.01, and HP-UX 9.05
sol2.5_nis.txt	This show how to exploit /usr/lib/nis/nispopulate on Solaris 2.5 systems.
xdm_bugs.txt	It is possible to deny service from xdm and xdm does not close file handles correctly.
crack-2a.tgz	Unix Password Cracker 2.0(a) by Scooter Corp. (Comes with crack dictionary).
lilo-exploit.txt	Get root on the lastest versions of Linux (at the console) using LD_PRELOAD.
rsucker.pl	Perl script that acts as a fake r* daemon and logs the usernames sent from clients.
synk4.c	An improved and updated Syn Flooder that also supports a random IP spoofing mode.
portmap_5b.tar.gz	A portmapper that supports access control in the style of the tcp wrapper package.
irix-login.txt	On Irix systems /var/adm/badlogin contains failed logins and passwords in clear text.
iebugs.tar.gz	Microsoft Internet Explorer bugs one through six in text and html format.
arnudp.c	Demonstrates how to send single UDP packets from an arbitray souce/destination.
cgiwrap-3.22.tgz	This is a gateway that allows a more secure user access to CGI programs.
fastcracker.tgz	This program is designed to quickly crack DES encrypted passwords.
pma.tar.gz	Poor Man's Access - A daemon that lets you issue shell commands remotely.
makedir.txt	Programs to create thousands of directories and to delete these directories.
tcpprobe.c	This is a tcp portscanner that shows accepted connections on a remote host.
locktcp.c	This program will freeze a Solaris/x86 2.5.1 systems, causing denial of service.
irix-wrap.txt	This shows how to get a listing of directories (755) from cgi-bin/wrap on Irix 6.2.
block.c	Prevents users from logging in by monitoring utmp and closing down user's tty ports.
tin_problem.txt	rtin/tin will create /tmp/.tin_log with mode of 0666 in /tmp and follows symbolic links.
sun_patch.sh	If you have a sun SPARC, this script will stop all forms of buffer overrun attacks.
riputils.tgz	This is a set of routing internet protocol utilities designed for Linux systems.
ipbomb.c	This will attack a target host by sending various sizes and numbers of IP packets.
test-cgi.txt	Using the CGI program test-cgi, you can inventory files on remote systems.
lquerypv.txt	On AIX systems you can read any file (in hex) on the system with lquerypv.
COPS	(Computer Oracle & Password System) checks for Unix system misconfigurations.
Crack v5.0	Got access to password or shadow file? Shows what other user's passwords are.
Crack Dictionary	This is a general 50,000 word dictionary for use with Crack or other programs.
Esniff.c	Source code for basic ethernet Sniffer. ( Straight out of Phrack ).
fakerwall.c	This program lets you send an rwall message from an arbitrary host of your choice.
fping	Like UNIX ping(1), but allows efficient pinging of a large list of hosts.
simping.c	Simulates the "ping -l 65510 victim.host" from Windows95 - also compiles on Linux.
bind.txt	This describes a potenital denial of service problem with BIND-4.9.5-P1.
pong.c	Attacks an arbitrary host by sending a flood of spoofed ICMP packets.
jizz.c	A DNS spoofer that exploits the cache vulnerability in most BIND daemons.
any-erect.c	Another DNS spoofing type program much like jizz.c. Compiles on Linux.
hide.c	Exploits a world-writeable /etc/utmp and allow the user to modify it interactively.
hsh002.c	This is a neat little shell for experimentation with lots of interesting features.
nfswatch4.1.tar.Z	This lets you monitor NFS requests to any given machine or the entire network.
nfstrace.tgz	The rpcspy/nfstrace package lets you to perform NFS tracing by network monitoring.
wuftpd-owrite.sh	Exploits a bug in wu-ftpd to create or overwrite a file anywhere on the filesystem.
wuftpd-sdump.sh	Exploit a bug in wu-ftpd to assemble and view the shadow password file.
shadowyank.c	This will reconstruct shadow entries from the core file from ftp daemon segmenting.
ICMPinfo V1.10	ICMPinfo is a tool for looking at ICMP messages received on the running host.
ident-scan.c	TCP scanner that gets the username of the daemon running on the specified port.
ascend.txt	Program for Linux designed to attack Ascend routers with zero length tcp offsets.
gzip.txt	While a file is being compressed with gzip it is world readable.
ISS (V1.3)	Internet Security Scanner. Scans subnets and gathers info. about the hosts it finds.
libc.so.5	This is a hacked libc.so.5 for Linux that spawns a shell when a call is made to crypt().
sdtcm_convert.txt	This explains to how exploit sdtcm_convert on Solaris machines to get root access.
mnt	Exploits a hole in HP-UX 9 rpc.mountd program and lets you steal NFS file handles.
netcat (V1.10)	Like Unix cat(1) but this one talks network packets (TCP or UDP). Excellent tool.
NFS Shell	This should be very useful if you have located an insecure NFS server.
pmcrash.c	This allows you to crash ANY Livingston PortMaster by overflowing buffers.
pop3.c	Attemps mulitple username/password guesses on machines running POP3.
psrace.c	This code exploits a race condition in Solaris, thus allowing you to make a root shell.
Root Kit	Programs like ps, ls, & du which have been modified to hide certain files & processes.
rpc_chk.sh	Shell Script to get a list of running hosts from a DNS nameserver for a given domain.
seq_number.c	This is a program that exploits the TCP Sequence Number Generator bug.
asppp.txt	On Solaris 2.5x86, /tmp/.asppp.fifo can be used to make a world writeable .rhosts file.
kcms.txt	Explains how to get root on solaris 2.5 by exploiting /usr/openwin/bin/kcms_calibrate.
remove.c	A universal utmp, wtmp, and lastlog editor that also compiles under AIX & SCO.
kmemthief.c	If /dev/kmem is writeable by normal users, then this program will get you root.
slammer	Slammer lets you issue arbitray commands on hosts by exploting yp daemons.
Socket Demon (V1.3)	Daemon that sits on a specified IP port and provides passworded shell access.
Solaris Sniffer	This is a version of ESniff.c that has been modified for Solaris 2.X.
xpusher.c	This is a neat way to send keyboard events to another user's X window.
xsnoop.c	This program allows you to spy on another user's keyboard events like xkey.c
Strobe (V1.03)	Scans TCP ports on a target host and reveals which daemons are running.
Tiger (V2.2.3)	Tiger attemps to exploit known bugs, holes, and misconfigurations to attain root.
lquerylv.c	This overwrites a buffer in /usr/sbin/lquerylv on AIX systems, thus giving a root shell.
Traceroute	Traceroute is an indispensable tool for troubleshooting and mapping your network.
udpscan.c	Identifys open UDP ports by sending a bogus UDP packet and wait for a response.
portd.c	A daemon that listens on a port and provides passworded shell access.
pingexploit.c	This lets you send oversized ICMP packets from a unix box just like Win95.
checksyslog.tgz	Analyze your system logs for security problems while ignoring normal behavior.
dosemu.txt	On Debian v1.1, /usr/sbin/dos can be used to read any file on the system.
yaping.0.1.tgz	Yet another ping for Linux. Packets of size > 65535 octets are supported.
xcrowbar.c	Source code that gets you a pointer to an X Display even after an xhost -
xkey.c	Attach to any X server you have permission to and watch the user's keyboard.
X Watch Window	If you have access on a host's X server,this will show the window on your X-server.
messages.sh	Parses through /var/adm/messages to see if user typed password at login prompt.
FreeBSDmail.txt	This exploit will overwrite a buffer on sendmail 8.6.12 running on FreeBSD 2.1.0.
securelib.tar.Z	Shared library for SunOS 4.1 and later that will help protect your RPC daemons.
ypsnarf.c	This handy little program will get you yp domain names, yp maps, and yp maplists.
YPX	YPX guesses NIS domain names.YPX will extract the maps directly from domains.
ftp-scan.c	This program exploits the ftp protocol to let you scan services on firewalls.
rdist-ex.c	This will write past a buffer, straight onto the stack, giving a root shell on FreeBSD.
ttywatcher-1.1b.tgz	ttywatcher lets a user monitor and interact with every tty on the system.
splitvt.c	An older exploit for Linux that overwrites a buffer in /usr/bin/splitvt, giving root.
mount-ex.c	All Linux versions are vulnerable to this buffer overflow attack on suid mount.
perl-ex.sh	perl-ex.sh is a simple little sperl script that gives you a root shell via suidperl.
sndmail8.8.4.txt	This will explain how to exploit sendmail version 8.8.4 to get root access.
irix-xhost.txt	In default setup for irix, xhost is set to global acess when someone logs into console.
mod_ldt.c	Gives access to all of Linux's linear memory to user processes at will, and thus root.
dipExploit.c	Linux dip Exploit. Overwrite a buffer in do_chatkey(), thus giving you a root shell.
rexecscan.txt	The rexecd can be used easily to scan the client host from the server host.
rpcs.01b.tar.gz	This is program that is designed to scan subnets for rpc services.
rxvtExploit.txt	Exploits a popen() call issued by rxvt on Linux machines, thus giving a root shell.
nfsbug.c	Demonstates a security problem in unfsd guessing the file handle of the root FS.
abuse.txt	A Linux exploit for Red Hat 2.1. This gives a root shell by exploitng abuse.console.
xtermOverflo.c	A program that overwrites a buffer in libXt.so while xterm is suid to root.
resolv+.exp	Quick and Simple way to read the /etc/shadow file as well as many other things.
resizeExp.txt	Another Red Hat 2.1 exploit for resizecons due to lack of absolute pathnames.
qcrack.tar.gz	Like crack except this gives increased cracking speeds at the expense of disk space.
Linux rootkit	A rootkit designed for Linux systems. Comes with ps, netstat, and login.
X webcomber	A cool little tool that lets you search for things (like hacking) on the web.
gpm-exploit.txt	This will get root on Linux systems using /usr/games/doom/killmouse.
pingflood.c	This pings floods a host, thus wasting bandwidth and denying service.
telnetd exploit	This will create a shared library that gives a root shell remotely or locally.
pop3d exploit	Read the contents of the mail spool of a user when they connect to in.popd.
popper.txt	Some versions of (q)popper from qualcomm allow you to read other user's mail.
vif.tar.gz	This code lets you have multiple IP addresses for a single interface.
amod.tar.gz	Amodload is a tool which allows the loading of arbitrary code into SunOS kernels.
getethers1.6.tgz	getthers scans all address on an ethernet and producing a hostname/ethernet list.
rootkitSunOS.tgz	Here is another root kit designed for SunOS operating systems. Lots of cool stuff.
demonKit-1.0.tar.gz	A suite of trojan programs opening back doors to root on a Linux system.
eviltelnetd	telnet-hacked.tgz is a hacked telnet daemon that gives a root shell w/o password.
cfexec.sh	This let's you issue arbitrary commands as root on GNU cfingerd 1.0.1.
NFS Problems	Shows some potential problems with Linux in.nfsd concerning read-only exports.
cdromvuln.txt	If Linux CD is mounted w/ suid flag, older suid exploits will work on live filesystem.
vixie.c	On Redhat Linux systems this will overwrite a buffer in crontab, thus giving root.
linsniffer.c	This is a simple Linux Sniffer that shows you incoming TCP packets on most ports.
rshd_problem.txt	You can figure out valid usernames on hosts by examining the response from in.rshd.
linux_sniffer.c	Another Linux sniffer much like the one above. Shows more detailed TCP info.
sniffit.0.3.5.tar.gz	A very flexible network sniffer that has many interesting features (like curses).
Sol2.4Core.txt	Solaris 2.4 exploit that allows you to overwrite files when a suid prog. core dumps.
SolAdmtool.txt	On Solaris 2.5, the Admintool can be used to create a writeable /.rhosts file.
irix-netprint.txt	On IRIX, /usr/lib/print/netprint calls 'disable' without specifying absolute path.
SYNpacket.tgz	Floods a port with TCP packets with the SYN bit turned on causing inetd to segment.
login_trojan.c	A login trojan program to be run at the console to get other user's passwords.
phf.c	A quick and easy to scan for hosts that still have the phf bug which gives /etc/passwd.
phfprobe.pl	This tries to find out as much information about the person calling phf as possible.
SYNWatch.tar.gz	This program watches for TCP packets with the SYN bit turned on.
pinglogger.tar.gz	Logs all ICMP packets to a log file so you can see who is ping flooding you.
screen.txt	On BSDi systems, you can use /usr/contrbi/bin/screen to read /etc/master.passwd.
ftpBounceAttack	Implementation of the ftp Bounce Attack allowing you to anonymously do things.
grabem.c	A very stupid/simple program to get passwords from users logging in on the consol.
tcpview.c	Another sniffer type program designed for Sun OS 4.1 architectures using /dev/nit.
pcnfsd.c	Exploit that allows local users to chmod arbitrary directories on hosts running pcnfsd.
netcraft.tgz	Contains various (and older) web security issues and exploits from Netcraft.
superforker.c	This is a supercharged version of the classic fork() denial of service attack.
tripwire-1.2.tgz	Creates a signature of binary files, and then checks to see if these file were modified.
tcpr-1.3.tar.gz	A set of perl scripts that enable you to run ftp and telnet commands across a firewall.
syslogFogger.c	This allows you to write to system logging facilites via UDP packets to port 514.
ypbreak.c	Lets you change your username, password, gecos, or shell via yppasswd daemon.
hdtraq.c	This runs as a daemon and purportedly creates bad sectors on a hard drive.
finger_attack.txt	By recursively fingering a host, you can cause a possible crash of in.fingerd.
logdaemon.tar.gz	Version 5.6 of a suite of tcp/ip programs that enhance network system logging.
suTrojan.c	This is a replacement program for su that mails you when an attempt to su is made.
sigurg.c	This code allows up to kill any process on Linux boxes running older kernels.
sushiPing.c	On Sun 4 platforms, this trojan ping gives you a root shell when you make a triggerfile.
webgais.txt	This will explain how to issue shell commands remotely using /cgi-bin/webgais.
sushiQuota.c	Another trojan for Sun 4 machines that is trigger with a triggerfile.
pcs.tgz	A libpcap based sniffer that supports multiple interfaces and PPP (with no filtering).
sfingerd-1.8.tgz	A replacement for the standard unix finger daemon designed for security.
snifftest.c	snifftest.c will try to tell you if a sniffer is running on Sun machines.
IPInvestigator.tgz	IPIvestigator is another sniffer that lets you watch traffic between machines.
gnmp.tar.gz	Generic Network Message Passing is a simple client server messaging system.
irixmail.sh	Exploit shell script that gives a root shell on IRIX systems.
lpr Exploit	This small program exploit the suid root lpr program giving root.
Xfree86 Exploit	There is a problem with XFree86 3.1.2 that lets you overwrite files.
wipehd.asm	Assembly Language program that will remove the first 10 sectors of a hardrive.
minicom.c	This is an exploit for minicom on Linux systems that will overwrite a buffer.
sam.txt	On HP-UX, the System Administration Manager (sam) can be used to truncate files.
DenialofService	zip file illustrating five simple denial of service attacks on a unix.
xspy.tar.gz	xspy is a program that makes logins appear on your display.
scan.sh	This is a perl script that scans subnets and reports if rexd or ypserv is running.
xscan.tar.gz	scans subnets for unsecured X clients and automatically logs results.
BSDcron-ex.c	BSD cron exploit. This program overruns a buffer, giving root access.
OSF1_dxchpwd	On OSF1, /usr/tcb/bin/dxchpwd can be used to overwrite any file on the system.
bindExploit.txt	Setting SO_REUSEADDR options and calling bind allows user to steal udp packets.
cloak.c	This program wipes all traces of a user from a UNIX system.
convfontExploit.sh	Script that exploits /usr/bin/convfont on Linux systems to get root access.
ipspoof.c	This program demonstrates how to send arbitrary tcp/ip packets.
marry.c	This program is a log editor with lots of interesting features.
portscan.c	A Linux port scanner program that reports the services running on another host.
dumpExploit.txt	On Linux systems /sbin/dump can be used to read arbitrary files.
fingerd.c	This program is another finger daemon trojan program.
ttysurf.c	This program listens on ttys and tries to get login and passwords.
generic_buffer.tgz	Generic buffer overrun program for Linux, SunOS, and Solaris.
linux_lpr.c	This program overwrites a buffer in the suid program lpr, thus giving a root shell.
SunOS_user.txt	On SunOS, chsh and chfn use getenv("USER") to validate the userid of the caller.
kill_inetd.c	This program causes denial of service by attacking inetd. Runs on Linux systems.
grabBag.tgz	Tons of old and miscellaneous exploits from different versions of unix.
wu-ftpd.sh	This shell script lets you create a file anywhere on the system.
sol_mailx.txt	An old security hole in /usr/bin/mailx still exists in the mailx on Solaris 2.5
oracle.txt	Discusses a denial of service attack against older versions of Oracle Webserver.
hp_stuff.tgz	Lots of exploits for HP/UX from the Scriptors of Doom.
hpjetadmin.txt	hpjetadmin can be tricked giving away root by a writeable .rhosts file.
irix-buffer.txt	IRIX buffer overruns for df, eject, /sbin/pset, /usr/bsd/ordist, and xlock.
irix-xterm.c	This will overwrite a buffer in xterm on IRIX systems, giving a root shell.
irix-iwsh.c	This will overwrite a buffer in /usr/sbin/iwsh on IRIX 5.3, giving root access.
irix-printers.c	This will overwrite a buffer in /usr/sbin/printers on IRIX systems giving root.
flash.c	Messes up another user's terminal by issuing a talk request with vt100 escape chars.
modstat.c	This program will overrun a buffer in /usr/bin/modstat on FreeBSD systems.
pine_exploit.sh	This script is an exploit for pine. It can be used to create .rhosts files.
view_source.txt	On some httpd distributions, you can use cgi-bin/view-source to read arbitray files.
sendmail-ex.sh	This is an exploit script for sendmail 8.7-8.8.2 for FreeBSD and Linux. Gives root.
smh.c	smh.c is an exploit for sendmail 8.6.9. It gives a bin owned setuid shell.
rlogin_exploit.c	This overwrites a buffer in gethostbyame() on Solaris 2.5.1, giving a root shell.
octopus.c	A denial of service attack by opening tons of socket connections to a remote host.
expect_bug.txt	Expect does not make handles to pseudo tty's inaccessable to other processes.
html.txt	Shows interesting links to put in your HTML pages causing denial of service.
autoreply.txt	autoreply(1) can be used to create root owned files with a mode of 666.
bdexp.c	On older versions of Linux, this will overwrite a buffer in suid bdash, giving root.
irix-csetup.txt	Get root on IRIX via /usr/Cadmin/bin/csetup in conjunction with /usr/sbin/sgihelp.
solsocket.txt	On Solaris-x86 2.5, any normal user can connect to unix domain sockets.
lemon25.c	Exploit for Solaris 2.5.(1) that overwrites a buffer in passwd, giving root access.
reflscan.c	Another TCP port scanner that escapes logging by using half open connections.
yp.txt	On YP systems, when a password expires, the old password is not required.
bsd_core.txt	On BSDi 3.x, users arbitrarly write files with binary data, but not overwrite them.
ffbconfig-ex.c	This program overwrites a buffer in /usr/sbin/ffbconfig on Solaris 2.5.1 giving root.
FreeBSD-ppp.c	This will overwrite a buffer in pppd on FreeBSD systems, giving a root shell.
sol-license.txt	On Solaris 2.4, if the license manager is running, root can be obtained.
lin-pkgtool.txt	This file explains how to get root on Linux system with the pkgtool program.
startmidi.txt	On IRIX systems, startmidi can be exploited to obtain root privileges.
linux_rcp.txt	On Linux, if you have access to uid 65535 (nobody), then root can be obtained.
doomsnd.txt	This will get root on Linux systems by exploiting the doom sndserver.
solaris_ps.txt	This will exploit /usr/bin/ps and /usr/ucb/ps on Solaris systems, giving root access.
dec_osf1.sh	This script exploits /usr/sbin/dop on DEC unix 4.0, 4.0A, and 4.0B, giving a root shell.
tcp_wrapper.tgz	Version 7.5 (the latest) of the tcp/ip wrapper for inetd. (Does logging and monitoring).
rpcbind_1.1.tgz	This is an rpcbind replacement that includes tcp wrapper style access control.
breaksk.txt	Netscape's server key format is susceptible to dictionary attacks.
IP-spoof.txt	Examples and text on the art of IP spoofing. (For Linux 1.3.x kernels).
irix-dataman.txt	This file show how to exploit dataman on irix system to obtain root access.
irix-fsdump.txt	This is an exploit for /var/rfindd/fsdump that gives root on irix systems.

Security / Hacking Documents

Packets Found on an Internet

Bellovin, Steven M.; 1993; Postscript

A very interesting paper describing the various attacks, probes,

and miscellaneous packets floating past AT&T Bell Labs' net connection.

Security Problems in the TCP/IP Protocol Suite

Bellovin, Steven M.; 1989; Postscript

A broad overview of problems within TCP/IP itself, as well as many

common application layer protocols which rely on TCP/IP.

There Be Dragons

Bellovin, Steven M.; 1992; Postscript

Another Bellovin paper discussing the various attacks made on att.research.com.

This paper is also the source for this page's title.

An Advanced 4.3BSD IPC Tutorial

Berkeley CSRG; date unknown; Postscript

This paper describes the IPC facilities new to 4.3BSD.

It was written by the CSRG as a supplement to the manpages.

NFS Tracing by Passive Network Monitoring

Blaze, Matt; 1992; ASCII

Blaze, now famous for cracking the Clipper chip while at Bell Labs,

wrote this paper while he was a PhD candidate at Princeton.

Network (In)Security Through IP Packet Filtering

Chapman, D. Brent; 1992; Postscript

Why packet filtering is a difficult to use and

not always a very secure method of securing a network.

An Evening with Berferd

Cheswick, Bill; 1991; Postscript

A cracker from Norway is "lured, endured, and studied."

Improving the Security of your Unix System

Curry, David, SRI International; 1990; Postscript

This is the somewhat well known SRI Report on Unix Security.

It's a good solid starting place for securing a Unix box.

COPS and Robbers

Farmer, Dan; 1991; ASCII

This paper discusses a bit of general security and then goes into

detail reguarding Unix system misconfigurations, specifically ones

that

COPS checks for.

Improving The Security of Your System by Breaking Into It

Farmer & Wietse; date unknown; ASCII

An excellent text by Dan Farmer and Wietse Venema. If you haven't

read this before, here's your opportunity.

A Simple Active Attack Against TCP

Joncheray, Laurent; 1995; Postscript

This paper describes an active attack against TCP which allows

re-direction (hijacking) of the TCP stream.

Foiling the Cracker

Klein, Daniel; Postscript

A Survey of, and Improvements to, Password Security. Basically a

treatise on how to select proper passwords.

A Weakness in the 4.2BSD Unix TCP/IP Software

Morris, Robert T; 1985; Postscript

This paper describes the much ballyhooed method by which one may forge packets

a stink about it!

Thinking About Firewalls

Ranum, Marcus; Postscript

A general overview of firewalls, with tips on how to select one to meet your needs.

ALT2600.txt

Voyager; 1995; ASCII

This is the FAQ from the internet news group Alt.2600. Deals with various topics

concerning hacking and phreaking.

The Hacker's Handbook

Cornwall, Hugo; 1985; ASCII

A book about hacking techniques, hacking intelligence, Networks, etc.

Crash Course in X-Windows Security

Unknown Author; Unknown Date; ASCII

This document will help you learn about X-Windows Security and how

to make it more secure.

Things that go Bump on the net

Unknown Author; Unknown Date; ASCII

This is a brief look at some of the more colorful characters in the

menagerie of network security threats, with an emphasis on how they relate

to agent-based sytems.

Securing X Windows

Fisher, John; 1995; ASCII

This document talks about how X-windows works, Host Authenticiation and

Token Authenticiation, Xterm Vulnerablities and related security information.

Phrack Issues 48, 49,and 50

Various Authors; Unknown Date; ASCII

This discusses various hacking/security topics and includes sample source code.

A Unix Hacking Tutorial

Sir Hackalot; Unknown date; ASCII

A Excellent hacking tutorial for the starting hacker or hacker-wanna-be.

Satan-1.1.1 with documentation

Dan Farmer & Wietse Venema; March 1995; Various Formats.

SATAN (Security Administrator Tool for Analyzing Networks)

remotely probes systems and stores the results in a database.

The Neophyte's Guide to Hacking

Deicide; August 1993; ASCII

Another guide for beginning hackers that talks about a wide range of topics.

Hacking Kit version 2.0 Beta

Invisible Evil; March 1997;ASCII

A very detailed and well written guide for hackers. This document is

also fairly up to date and includes examples and source code.

IP Hijacking

CERT Advisory Team; Unknown Date; Postscript

This paper discuesses the art of IP hijacking.

Linux security archives by date

Various Authors; March 1995 through October 1996; ASCII

The Linux Security list-archives from March 1995 through October 1996.

Sockets Frequently Asked Questions

Vic Metcalfe; August 1996; ASCII (tarred and zipped)

Socket Frequently Asked Questions includes many examples and source code.

Confidence Remains High Issues 1-3 + Summer Issue

Various Authors; Various Dates; ASCII (tarred and zipped)

An excellent magazine discussing hacking, phone, radio, and more.

Common Insecurities Fail Scrutiny

*Hobbit*; January 1997 ; ASCII

An analysis of TCP/IP NetBIOS file-sharing protocols is presented

as well as the examination of protocol and administrative vulnerabilities.

Firewall Papers and Performance Issues

Various Authors; April 1997 ; Various Formats

This is a small collection of Papers and source concerning firewalls and their performace.

Linux Stack OverFlows

Willy Tarreau; June 1997 ; HTML

An HTML page with sample utilities describing stack overruns on Linux.

Hacking Unix Systems

Red Knight; October 1989 ; ASCII

An Indepth Guide to Hacking UNIX and the Concept of Basic Networking.

Buffer OverWrites

Various Authors; June 1997 ; Various Formats

A collection of papers and utilities concerning the art of buffer overwriting.

Introduction to Internet Protocols

Charles L. Hedrick; July 1987; ASCII

An introduction to the Internet networking protocols (TCP/IP).

Más servidores:

-Anarchist's Cookbook-

The Hacker's Jargon Files

P/H-UK MAGAZINE

PHRACK MAGAZINE HOME PAGE

*Mailbombers and the Works

Up Yors Version 3.0

Hacker's FLuX --- FAKE E-MAILER

* MailBomber!

E-Mail Bombers/Anon E-mail Servers

`Textos en Inglés`

`Revistas en Español`

`Utilidades y Otras herramientas de Soft`