CVE-2003-0190 PoC

Proof of Concept for CVE-2003-0190: timing attack on OpenSSH-portable <= 3.6.1p1 with PAM.

• http://lab.mediaservice.net/code/ssh_brute.c
  MD5: 4fbc9a1fb23e828b1fe42ff7cc65d1c1
  SHA-1: b57f20c0a86c20cda82e8dc169923452fc50225c
  
• http://lab.mediaservice.net/code/openssh-3.6.1p1_brute.diff
  MD5: de3bc1148b93ddb427f6fc721d08a1c0
  SHA-1: 9cf2b8a9bcb5e526c071f18e4bd3be5c5b716e35

CVE-2008-0960 Exploit

Proof of Concept for CVE-2008-0960: allow you to bypass authentication on SNMP v3 (tested on CISCO and Net- SNMP) via HMAC validation error.

• http://lab.mediaservice.net/code/snmpv3_exp.tgz
  MD5: 8b361d84155829c8b08e4342f8db6aa2
  SHA-1: 4f011d1dae3b28611700b2e66158ba572d4673a6
  

RunAsUser v0.5

RunAsUser uses DLL injection techniques to gain SYSTEM privileges abusing the LSASS.EXE process, then it duplicates the security token of the target process and runs an arbitrary program, effectively impersonating the owner of the target process.

• http://lab.mediaservice.net/code/RunAsUser.zip
  MD5: 32872e88252169d3a1f25455f8480ec3
  SHA-1: f84883a463b12427b438213326e57a465fccd973

Singsing

Singsing is a SYN scan library, small, fast and compatible. From the core engine, the asyncronous SYN scanner zucca has been born.

• Singsing project page
  http://lab.mediaservice.net/code/singsing/

Copyright © 2000-2008 @ Mediaservice.net S.r.l. con Socio Unico. All rights reserved.