CVE-2003-0190 PoC

Proof of Concept for CVE-2003-0190: timing attack on OpenSSH-portable <= 3.6.1p1 with PAM.

CVE-2008-0960 Exploit

Proof of Concept for CVE-2008-0960: allow you to bypass authentication on SNMP v3 (tested on CISCO and Net- SNMP) via HMAC validation error.

CVE-2009-2669 Exploit

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

CVE-2010-3856 Exploit

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so (CVE-2010-3856).

Cachedump - Metasploit Module

Cachedump post exploitation module for Metasploit.

Juniper Secure Access URL decoder/encoder

Juniper "Mask hostnames while browsing" URL decoder/encoder (DanaInfo or url variables).

RunAsUser v0.5

RunAsUser uses DLL injection techniques to gain SYSTEM privileges abusing the LSASS.EXE process, then it duplicates the security token of the target process and runs an arbitrary program, effectively impersonating the owner of the target process.

Singsing

Singsing is a SYN scan library, small, fast and compatible. From the core engine, the asyncronous SYN scanner zucca has been born.

SIP digest leak - Metasploit module

Metasploit module for the SIP digest leak discovered by EnableSecurity. By sending a fake call to a phone, when the user hangs up a BYE message is sent back. If the reply is a 401/407 message the phone will send a second BYE with the digest token.

WarVOX patch

iaxrecord (warvox 1.0.1) patch to enable the use of test mode of iaxclient library (needed 2.2.x), you will not need an audio device anymore.