Codes

Most of these old codes regard software and network security.

Here are some exploits I've coded for fun and profit (profit ?). I'll take no responsability about abuse or misuse, it would be nice to have some feedback instead.

  • rsyncx.tgz rsync <= 2.5.6 Linux remote exploit (p0f)
  • squidx.c squid <= 2.4.STABLE3 remote Linux exploit
  • GUNphp.tar.gz PHP <= 3.0.16 remote Linux exploit
  • atftpdx.c atftpd <= 0.6.0 remote Linux exploit
  • xtokkax.c xtokkaetama local Linux/BSD exploit
  • countx.c Count.cgi <= 2.3 remote Linux/BSD exploit
  • katax.c leksbot local Linux/BSD exploit
  • wwwwaisx.c wwwwais cgi remote Linux/BSD exploit
  • pservx.c pServ (pico web server) remote Linux/BSD exploit
  • mtftpdx.c mtftpd remote Linux exploit

Some of my works (most regarding security or networks)... old as hell.

  • Kiddie A banner grabber, also scans for rpc, cgi, fingerd, web proxy access, anonymous ftp, wuftp format bug. One of my first tools: it sucks some cpu and a lot of code is ripped. Credits are in source files.
  • fingerdx.sh A lame script to bruteforce SunOS users remotely when fingerd is bugged
  • xdmleak.c XDMCP protocol nice feature let us know little info (SunOS)
  • dehard.c Grabs hardcoded strings from binary files (lame hack, works on SunOS sparc and Linux x86)
  • imwheel.sh Users can kill any pid if imwheel exists on the machine (obsolete)
  • m4ex.c An useless m4 exploit, written to take confidence with format string bugs, just for learning purposes (automatic guessing of needed addressess)
  • decip.sh Converts decimal ip to dotted notation and viceversa, to fool ircnet friends with fake URLs

Thiny shellcodes for fun and profit...

  • linbsd.c execve /bin/sh (38 bytes) Linux & BSD
  • findsckcode.c Finds the file descriptor related to the remote socket, then dup and execve /bin/sh (106 bytes) Linux only
  • linux86-udpcode.c Reads another code from an udp socket then executes it (60 bytes) Linux
  • bindcode.c Binds a shell to a port (97 bytes) - Linux
  • connectback.c Connects back to a specified ip and drops a shell (80 bytes) - Linux
  • bsd-bindcode.c Binds a shell to a port (92 bytes) - FreeBSD
  • bsd-connback.c Connects back to a specified ip and drops a shell (80 bytes) - FreeBSD
  • read-exec.c Reads from a specified file descriptor and executes code (24 bytes) - Linux
  • search-stack.c Scans the stack to find the real shellcode then executes it (13 bytes) - Linux
  • search-heap.s Same as above but this time it scans the heap starting from data section (?? bytes) Linux
  • setuid-code.c setuid(0) and execve /bin/sh shellcode (31 bytes) - Linux