unix files
This is a small collection of Unix hacking utilities. If you have more, or know of another file that would fit in here, let me know.
| File Name | P | K | Description/Exploit |
|---|---|---|---|
| abuseconsole.sh | Linux | 3 | RedHat 2.1 exploit of abuse.console to get root. |
| admintool.sh | Sun | 3 | Solaris 2.5 exploit of admintool to get root. Should work on Sun 4.1.*, though haven't tried it. |
| cvnmount.exploit | Linux | 3 | Linux exploit of mount and umount to get root. |
| dip-exploit.sh | Linux | 2 | This exploit overruns the buffer in do_chatkey() to give a shell. |
| ftp-scan.c | Linux, Sun | 2 | Takes advantage of a bug in ftp code to allow "anonymous" port scans. |
| halfscan.c | All | 5 | Halflife's port scanning code for Linux, target can be whatever... |
| jakal.c | All | 6 | Another scanner, intended for scanning behind a firewall. Tested with good results in the NMRC lab. |
| kmemthief.c | Most | 2 | If /dev/kmem is writeable, this will give you root. |
| le.c | See note | 2 | lastlogin editor. |
| NetCat | Most | 75 | Excellent all-around utility. |
| portd.c | Sun | 27 | Shell on a port. Good for a back door. Should run fine on Sun, and from glancing at the code should work ok on BSDs. If you need this type of function use NetCat. This is here because it is smaller ;-) |
| rdist-bsd.sh | BSD | 2 | Buffer overrun to give a shell in BSD (several versions). |
| resizecons.sh | Linux | 2 | RedHat 2.1 exploit of resizecons that will give root. |
| rxvt.sh | Linux | 2 | Systems with rxvt suid root compiled with PRINT_PIPE. Typically Slackware 3.0 and RedHat 2.1. Requires X Windows. |
| shadow.c | Most | 0 | Will reconstruct a shadowed passwd file (Sun, AIX, etc). |
| slammer.c | All | 2 | Uses ypupdated to run commands on remote system. This code only compiles on Sun 4.1.x. |
| splitvt.sh | Linux | 2 | Plays with $HOME variable to get root on Linux. |
| SunHack.sh | Sun | 5 | Old /bin/mail exploit for Sun 4.1.* which is STILL a bug in Solaris 2.5. Will get you root. |
| unixware.c | Unixware | 2 | Chgrp to 23456 which owns a LOT out of the box. |
| xkey.c | Most | 2 | Watch someone else's keystrokes on an XServer you have access to. |
| Xtx86.c | x86 | 1 | Xt buffer overrun to get root. Works on FreeBSD. Read file about general X11 vulnerability. |
| zap2.c | Most | 2 | After getting superuser access, this file removes your presence from utmp, wtmp, and lastlog. |