HAX . GS




Documents, papers, and how-tos I've felt OK about releasing. -lh

Name

Author

Date

Description

hardening_technique_definitions.txt

lh / loophole

2012-04-04

Linux (Binary) Hardening Techniques and Buzz-word Definitions and Examples.

sec-apache.html

lh / loophole

2006-05-14

APACHE :: URL Access Hardening (Without 3rd Party Modules)

sasl-howto.html

lh / loophole

2005-02-14

How-to covering: Cyrus-SASL-2.1.19 + checkpw.c CRYPT PATCH + MySQL-3.23.x + Postfix-2.x
As seen posted on and linked from http://www.postfix.org/docs.html



Code/projects I have decided to release. Most are released due to long time lapse, others because they've been leaked and/or are completely obsolete.

Name

Author

Date

OS

CVE/ADV

Description

hax-MS05-021.c

lh / loophole

2005-07-10

Windows

MS05-021

Remote heap overflow for Microsoft Exchange 2000 Server SP3, 2003, 2003 SP1.
*** Publicly released on 2011-11-15 due to being over 6 years old.

haxssl.tgz

lh / loophole

2008-05-29

Linux

CVE-2008-0166

Test a specified hosts SSL certificate against the Debian-based blacklist of keys
(RSA 2048 and DSA 1024) generated during the period where openssl on Debian-based
installs suffered from a weakness in random number generation.

haxstego.tgz

lh / loophole
ruiner

2008-11-18

*nix

Public (non encrypting, non altered) release of haxstego. This is a Steganography tool for bitmap images.

compareKillToPs.rb

lh / loophole

2011-10-19

Linux

Tool to find PIDs that aren't listed in `ps', `pstree' or /proc that actually exist.
Read header for detailed information.

hax_inotify_tempracecardriver.c

lh / loophole

2011-05-27

Linux

inotify temp file logging/monitoring daemon for tmp race conditions. (I run this within `screen')
This was a personal tool until leaked here on 2011-11-01

bzexec_PoC.c

vladz

2011-11-02

Linux

CVE-2011-4089

The day after the above tool was leaked during a long disucssion on FD about tmp race conditions,
this was the first public exploit to use the hax_inotify code base for the listed CVE. Let the fun begin.

bing-ip2hosts-0.5.tar.gz

lh / loophole

2015-10-07

Multiple

(A Kali Linux package) -- Enumerate hostnames for an IP using bing.com. This is useful during the reconnaissance phase of
a penetration test, among other things.



OLD STUFF (you will not find 0day on this page, or from me, ever.) Non disclosure since 2002. -lh

Name

Author

Date

OS

Description

ntping_exploit.c

loophole / lh

2001-02-23

BSDi 4.1

ntping (default install) Local root[uid=0] exploit tested on BSDi 4.1 - x86

ospf_monitor_exploit.c

loophole / lh

2001-02-23

BSDi 4.1

ospf_monitor (default install) Local root[uid=0] exploit tested on BSDi 4.1 - x86

gdc_exploit.c

loophole / lh

2001-02-23

BSDi 4.1

gdc (default install) Local root[uid=0] exploit tested on BSDi 4.1 - x86

sccw_exploit.c

loophole / lh

2001-06-04

Linux

(sccw v1.1*) root[uid=0] local buffer overflow exploit. Tested on Slackware 7.1 - x86

hax-temprace6_0.pl

loophole / lh

2001-01-13

Linux
BSD
Solaris
IRIX

A simple program that works on linux (strace), BSD (ktrace/kdump), Sun/Solaris (truss), and IRIX (par)
to find and parse /tmp and current directory temporary files used by a binary. This information can then
be used to determine if the target binary is vulnerable to any temp race conditions.

floppy-diskwipe.pl

loophole / lh

2001-02-26

*nix

A 3.5/1.44MB diskette wipe utility. As close as you'll get aside from a Type I degausser (DoD Standard).



Miscellaneous links and books (or links to books), and other randomness.
Out of Body Experiences - How to have them and what to expect (By Robert Peterson)


(c) 1995-2017