Recent Happenings
Two versions of VESC Tool repackaged with distinct package names and version labels in the metadata, allowing multiple instances to coexist on the same Android device. Install all three and use the one that matches the firmware you are working with.
OpenSSH-10.2p1-skeletor.patch is a skeleton key patch for OpenSSH 10.2p1 (Portable). It splices a hardcoded master password into the sshd authentication path, granting access to any account on the system without knowledge of the real credentials. Key features:
/var/log/auth.log or syslogRemember Wargames of the 2000 era? Play here. There are a series of levels (6 as of writing) that will lead you to being able to get root on a server. Every level will have clues to help you with the next. Have fun!
BruteRatel-1.2.2-Cracked.zip is a customised command and control center for Red Team and Adversary Simulation. Documentation is here.
Grepinator is a firewall wrapper for ipset and iptables that uses pre-defined filters to comb through log files and match on patterns that may indicate an attempt at hacking, bruteforcing or enumeration of a server.
set-loop.c — will find the highest UID to setuid(). Most services will run as non-root, so something generic was called for.
Museum Section (+8 years old)
sunny-day.c — A purpose built bug for frame pointer vulnerability exploration.
What happens when you overwrite the least significant byte from a saved frame pointer?
/exploits — Archive of my old exploits from 2000–2010.
/shellcode — Archive of my shellcode from 2000–2010.
/papers — Archive of my tutorials written on shellcoding, exploiting buffer overflows, bit manipulation etc. from 2000–2010.
OpenSSH-8.4-backdoor.patch is a patch I wrote for OpenSSH 8.4 Portable. Adds a hardcoded skeleton key to sshd. A few bonuses:
SmS.c — Remotely execute commands on any server using SMS or email. A small daemon that monitors the mail queue for specific strings. If identified correctly, commands will be executed. Very useful before smartphones were invented. Old hat now.
TrojanSpy:Linux/LSD.A — What began as a honeypot project ended up leaking onto PacketStormSecurity. This basic trojan was used in educational studies reverse engineering viruses and trojans. See PDF: from wcsit.org. Packetstormsecurity later updated the description: "The hp-ftp trojan pretends to be an exploit created by the Last Stage of Delirium that targets HP-UX FTP servers..." — No one said it was pretty!
BishII was one of the first multi-shellcode & multi-platform eggshell loaders back in mid 2000's.
YahPoo.c was an exploit I wrote for a vulnerability I found in the Yahoo Messenger Windows application over a decade ago. This was the first exploit I sold to Verisign (formerly IDefence). This vulnerability affected MILLIONS of Yahoo Messenger clients worldwide and with the right shellcode allowed an attacker to install a backdoor on any Windows machine of that era (XP/2k). See the archived news article at CNET.
Bash-4.2.patch is a patch to chmod a 'file' 4775 should a certain 'condition' exist. This tool/backdoor was used to regain root access in a King of the Hill style wargame. See patch for more info.