Section: .. / groups / r00tabega /
| /// File Name: |
DevNull-rootkit-v0.9.tar.bz2 |
Description:
|
DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin.
| | Author: | Tutor | | Homepage: | http://r00tabega.com/group.html | | File Size: | 407661 | | Last Modified: | Mar 24 02:13:19 2000 |
| MD5 Checksum: | 864d9167f7a3e2d113cf6f1454a5b63b |
|
| /// File Name: |
rivat.tgz |
Description:
|
Rivat is a distributed CGI scanner written in perl which scans for over 405 vulnerabilities.
| | Author: | Xtremist | | Homepage: | http://www.r00tabega.com | | File Size: | 5730 | | Last Modified: | Jul 31 23:22:46 2000 |
| MD5 Checksum: | 3e13dff1d33f06227f8e2e98d96d6a46 |
|
| /// File Name: |
multihtml.c |
Description:
|
Multihtml.c is a remote exploit for /cgi-bin/multihtml.pl, versions previous to 2.2 which spawns a remote shell.
| | Author: | Bansh33, Zillion | | Homepage: | http://www.r00tabega.org | | File Size: | 4884 | | Last Modified: | Sep 20 02:17:00 2000 |
| MD5 Checksum: | 89ad16a28bdea3be3c425e14b1d3fc96 |
|
| /// File Name: |
netsol.c |
Description:
|
Exploit for the (patched) major security issue with networksolutions.com(easysteps.pl) which would have set up a bindshell if it had been run.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 4659 | | Last Modified: | May 11 03:03:56 2000 |
| MD5 Checksum: | 80779c804d5fff720b801a60ea920044 |
|
| /// File Name: |
whois_raw.c |
Description:
|
The whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit included, which drops a shell, unlike previous whois_raw.cgi exploits.
| | Author: | Lore | | Homepage: | http://www.r00tabega.com | | File Size: | 4476 | | Last Modified: | Apr 22 07:50:46 2000 |
| MD5 Checksum: | 48b2fab0fc5db7bdc2845331f9f03a15 |
|
| /// File Name: |
RetaRDS.pl |
Description:
|
RetaRDS.pl checks for IIS web servers which are vulnerable to the RDS bug. Includes host list scanning and IDS evasion.
| | Author: | Max | | Homepage: | http://www.SecurityApex.com | | File Size: | 4384 | | Last Modified: | Apr 7 09:58:51 2001 |
| MD5 Checksum: | 403685e902185c6430f4d3e3c3796c88 |
|
| /// File Name: |
wemilo.tcl |
Description:
|
Remote Cart32 exploit - Though L0pht released an advisory and patch for the well known Cart32 bug, this is the first exploit released to date. Allows remote command execution.
| | Author: | Futant | | Homepage: | http://r00tabega.com/group.html | | File Size: | 3998 | | Last Modified: | May 30 03:10:38 2000 |
| MD5 Checksum: | 83dd9bf64eb6edf2be0009d8544be719 |
|
| /// File Name: |
r00tlate.pl |
Description:
|
PERL script to grab a list of new files from r00tabega.com. It then gives the user the ability to pick and download any of the files, all without having to load up a browser. ragnarox is planning to also make a front-end for X and MS-WIN.
| | Author: | ragnarox | | Homepage: | r00tabega.com | | File Size: | 3662 | | Last Modified: | Apr 17 23:24:11 2000 |
| MD5 Checksum: | 091d74a8d96088d72734cacbaeae13be |
|
| /// File Name: |
chanserv.c |
Description:
|
Exploits the auto registration feature of most ChanServ bots and causes it to die. This exploit has been known to work on networks including DalNet, CobraNet and RelicNet.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 3124 | | Last Modified: | Jun 29 17:13:25 2000 |
| MD5 Checksum: | 8a03734daef08366c7690766b39ac3b7 |
|
| /// File Name: |
grinder.pl |
Description:
|
Grinder.pl scans a range of IP's looking for a URL. Could be used to search for sites with a certain URL or CGI program.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 2966 | | Last Modified: | Mar 24 22:04:00 2000 |
| MD5 Checksum: | 3c4287e4a4a66052d970f7f66a1495c6 |
|
| /// File Name: |
stealthcode.txt |
Description:
|
Many IDS systems detect buffer overflow exploitation by looking for a series of NOP's (hex 90) which are typically used to pad the buffer so the offset does not have to be exact. Instead of using NOP's, a stealthy exploit could jump to the next instruction (jmp 0x00) or jump a small number of instructions.
| | Author: | Xtremist | | Homepage: | http://www.r00tabega.com | | File Size: | 2914 | | Last Modified: | Jul 31 23:10:57 2000 |
| MD5 Checksum: | 898e0efcbc94600d8a277a92621efb6f |
|
| /// File Name: |
sumon.pl |
Description:
|
A simple yet sophisticated perl script that runs in the background and monitors for user attempts to su to root. If one is detected, the log file is immediately mailed to a specified user and a backup is created in /tmp. Very useful for attempting to keep track of logs after an intrusion has occured.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 2755 | | Last Modified: | Jun 29 17:17:17 2000 |
| MD5 Checksum: | 2f63d8f48ccd9afe6917c9af483afc1b |
|
| /// File Name: |
suidbofcheck.pl |
Description:
|
suidbofcheck.pl searches the system for suid binaries in /usr/bin, /bin, /sbin, and /usr/sbin and tests each one against a standard buffer overflow (both with and without the use of environmental variables) at a specified offset.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 2633 | | Last Modified: | Jun 29 17:15:46 2000 |
| MD5 Checksum: | ee631de3074b32cc5abee50fd5c95f2d |
|
| /// File Name: |
frontpage.pl |
Description:
|
Everybody knows about the _vti_pvt password files, but what about those misconfigured Frontpage servers that allow remote login and authoring without a login and password? This script will check for both vulnerabilties.
| | Author: | Bansh33 | | Homepage: | http://r00tabega.com/group.html | | File Size: | 2493 | | Last Modified: | Mar 29 23:04:00 2000 |
| MD5 Checksum: | dba628a7a6d2059e6ba0d86d8b2a7c0c |
|
| /// File Name: |
magdalena.pl |
Description:
|
Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.
| | Author: | Futant | | Homepage: | http://r00tabega.com/group.html | | File Size: | 2317 | | Last Modified: | Jun 1 06:28:32 2000 |
| MD5 Checksum: | 61c76bb5db7783afa4a66946d68bfe06 |
|
| /// File Name: |
sploitmon.pl |
Description:
|
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1902 | | Last Modified: | Jun 29 17:29:47 2000 |
| MD5 Checksum: | aa2fb5d66590141e34932b7013cb78d9 |
|
| /// File Name: |
communigate.pl |
Description:
|
communigate.pl is a DoS exploit against CommuniGatePro 3.1 for NT.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1762 | | Last Modified: | Apr 22 00:35:44 2000 |
| MD5 Checksum: | 12c338c5686dcaa1f8283ab28b8e665e |
|
| /// File Name: |
msadc-trojan.pl |
Description:
|
This script will upload a trojan to an RDS vulnerable site running NT and execute the trojan.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1423 | | Last Modified: | Jan 10 12:04:16 2000 |
| MD5 Checksum: | 1129f4d3059d43ccd3b5f9e04b2f031b |
|
| /// File Name: |
sourcescan.pl |
Description:
|
Sourcescan.pl looks through C source code for common vulnerabilities, including strcpy, gets, strcat, sprintf, fscanf, scanf, vsprintf, realpath, getopt, getpass, streadd, strecpy, strtrns, getenv, and setenv.
| | Author: | Xtremist | | Homepage: | http://www.r00tabega.com | | File Size: | 1274 | | Last Modified: | Jul 31 23:13:39 2000 |
| MD5 Checksum: | 50605a5667497959c16b85bb906bde09 |
|
| /// File Name: |
usercheck.pl |
Description:
|
Quick perl script to search through the history file of each user on your system for a certain command (i.e. "cat /etc/passwd").
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1185 | | Last Modified: | Jun 29 17:31:13 2000 |
| MD5 Checksum: | f71cf01f566565752cfe0186d257add0 |
|
| /// File Name: |
ncsa1-3.c |
Description:
|
NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0.
| | Author: | Xtremist | | Homepage: | http://www.r00tabega.com | | File Size: | 1004 | | Last Modified: | Jul 31 23:25:09 2000 |
| MD5 Checksum: | d3cb7f11c6d033347321f63e6d8c5974 |
|
| /// File Name: |
attrition.pl |
Description:
|
attrition.pl gets the latest x (you specify how many) defacements from attrition. Just use the script to save the latest defacements to a file and then include them on your page through SSI.
| | Author: | rishi[at]felons.org | | Homepage: | http://www.r00tabega.com | | File Size: | 982 | | Last Modified: | Apr 13 22:36:08 2000 |
| MD5 Checksum: | a978960346c0eed91a011c4ccdbc10a9 |
|
| /// File Name: |
icqwebfront.sh |
Description:
|
ICQ Web Front DOS Exploit - guestbook.cgi, part of ICQ web front, is vulnerable to a remote denial of service attack. This shell script exploit generates a malformed POST request and uses netcat to send it to port 80 of the victim host.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 936 | | Last Modified: | Jun 10 00:31:03 2000 |
| MD5 Checksum: | 6e530d772062a21268ccd5286e033a80 |
|
| /// File Name: |
bx-dos.pl |
Description:
|
BitchX dos exploit - joins a channel with %s in the name, and invites target nick.
| | Author: | Rishi Bhat | | Homepage: | http://www.r00tabega.com | | File Size: | 931 | | Last Modified: | Jul 7 01:02:22 2000 |
| MD5 Checksum: | bf1b93ace5b165b905107d790ed812c8 |
|
| /// File Name: |
d0s.pl |
Description:
|
DoS.pl uses Net::RawIP to launch a syn flood attack.
| | Author: | Ragnarox | | Homepage: | http://www.r00tabega.com/ | | File Size: | 768 | | Last Modified: | Apr 12 20:03:00 2000 |
| MD5 Checksum: | b4de8beddacbdd8ec02d83537f092aa0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
