Exploits for the masses! Please do NOT misuse it. These exploits are available so that you can test and secure your network.
Use Ctrl+F in order to find exploit by keyword!
3com-DOS
Proof of concept DoS exploit for 3Com OfficeConnect DSL Routers. Successful exploitation of the vulnerability should cause the router to reboot.
Accipiter
Accipiter Direct Server is susceptible to a directory traversal attack that allows retrieval of files outside of the webroot. Homepage: http://omaha.com . By Mark Bassett.
Cesarftp
CesarFTP version 0.99e has a bug that can cause the system to employ 100 percent of its resources.
Cisco_ons
Cisco Security Advisory 20040219 - Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. With one vulnerability, the TFTP service on UDP port 69 is enabled by default to allow both GET and PUT commands to be executed without any authentication. Another allows for an ACK Denial of Service (DoS) attack on TCP port 1080. Another involves telnet, where access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to this vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login into the VxWorks shell, using their previously configured password.
Cross_domain_leakage
Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains.
This issue could permit framesets in different domains to leak various events, including keyboard events. This could effectively permit a hostile web page to capture keystrokes from a foreign domain.
Dnascan
A new tool has been added for analyzing the configuration of ASP.Net web applications. It can detect many common misconfigurations using only a few HTTP requests. Most of the techniques are not publicly documented and can successfully find information leaks in most .NET based web applications.
Geohttp
GeoHttpServer is vulnerable to an authentication bypass and a denial of service attack.
hdsoft
Remote exploit for Windows FTP server version 1.6. Data for original vulnerability discovery made by Peter Winter-Smith here.
Hydra 3.1
A new version of THC-Hydra, the best parallized login hacker is available: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Changes: fix for parallel host support, reliability fixes. Remeber to contribute to the upcomming v4 release, send an email to vh
Idaped
iMail 8.05 LDAP service remote exploit. Related advisory here.
iiscrack
IIS 5.0 privilege escalation exploit
wts_bo
Jordan Windows Telnet Server v1.2 remote buffer overflow exploit. Binds a shell on port 9191. Tested on Win32 and Unix.
jsinject
There lies a way to inject a javascript url in the history list of Microsoft Internet Explorer causing a cross site/zone scripting attack when the user presses the backbutton. An attacker may use this to read arbitrary cookies/local files and execute programs leading to total system compromise if IE is run as administrator.
mremap_poc
Program written to test whether or not an x86 Linux system is vulnerable to the do_mremap() vulnerability discussed here.
mssmtp
Crashes the Windows 2000 SMTP service.
nfsping
Extremely fast nfs scanner (raw udp)Sem título 1
novellnetware
Novell Netware Enterprise web server versions 5.1 and 6.0 are vulnerable to various cross site scripting, path dislosure, and directory listing attacks.
palmosshttpd
A bug exists in the PalmOS httpd that causes a crash with a "Fatal Error". Full exploit included
pasvagg
FTP passive connection hijacker.
PHPmyadmin255pl1
phpMyAdmin versions 2.5.5-pl1 and below do not properly sanitize variables resulting in them being susceptible to a directory traversal attack.
psoproxy
Remote exploit that makes use of a buffer overflow during GET requests in the PSOProxy server version 0.91. Related advisory here.
redhat
Local exploit for RedHat's expect library
Sambascan
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
samiftp
Sami FTP server version 1.1.3 has multiple vulnerabilities that can lead to a denial of service.
scandns
Determines if a DNS service is available.
serv_u
Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
shopcart_cgi
ShopCartCGI version 2.3 has multiple directory traversal vulnerabilities that allow for remote attackers to gain access to files outside of the webroot. Homepage: http://www.zone-h.org/en/advisories/read/id=3962/. By G00db0ySem título 1
smallftpd
Smallftpd version 1.0.3 crashes when an attempted directory traversal occurs.
smbmountdos
smbmount can cause a denial of service attack on Microsoft Windows. The attack induces a memory shortage on the Windows system by creating directories in a special way.
sqlrds
Relays a SQL query through IIS's RDS component.
sqlsmack
Unix command line MS-SQL client (DBD::FreeTDS).
symantec_firewall
Symantec FireWall/VPN Appliance model 200 displays its administrator password in clear text over a non-encrypted HTTP connection
thc_leapcracker
The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication. Also tools for spoofing challenge-packets from Access Points are included, so you are able to perform dictionary attacks against all users.
unicode
SSL and Proxy enabled IIS 4/5 Unicode exploit.
webdav
Exploit for the webdav/ntdll.dll overflow in IIS
webstore2000
S-Quadra Advisory #2004-02-18 - WebCortex Webstores2000 version 6.0 has a SQL injection vulnerability that allows a remote attacker to add an administrative account and it also has a cross site scripting flaw. Homepage: http://www.s-quadra.com/advisories/Adv-20040218.txt. By Nick Gudov
win_blast
Windows XP/2003 Samba file sharing resource exhaustion exploit that commits a denial of service.
xploit_dbg.cpp
Exploit that tests for several vulnerabilities in one of Windows XP kernel's native API functions. Related advisory here. By randnut
More XPLOITS coming SOON! You can request your exploit here at