Category:ExploitTree

From SecurityForest

Image:Icon_exploit.png

SecurityForest Exploitation Framework beta has been released!


What is the ExploitTree ?

The ExploitTree is a categorized collection of ALL available exploit code. ExploitTree's ambition is to become the most organized, rich and up-to-date exploit repository on the internet. The ExploitTree is based on CVS (Concurrent Versioning System) (http://www.cvshome.org/) and therefore allows the user to keep an up-to-date offline mirror of the repository on their hard drive. When an ExploitTree Administrator updates their local copy with a new/updated exploit, it updates the repository and keeps everyone else up-to-date. Furthermore, a web interface for web browsing is available.

ExploitTree v.2 is out!!!

Originally, the ExploitTree (v1) could be updated by all registered members. After recieving alot of uncertainty about the contents of the ExploitTree due to the openess, it has been decided that only a few trusted members will have access to update the ExploitTree.
ExploitTree (v2) includes all exploits from v1, the ExploitTree_Update_Phase_1, some private stashes, some compiled exploits for use with the Exploitation Framework and is more categorized and organized than ever before. It is also now open for read-only anonymous access.
Huge thanks goes out to Laramies for all his help on v2 - THANKS !!!!

ExploitTree Online Browsing

You can browse the Tree using the ExploitTree Online Interface (http://www.securityforest.com/cgi-bin/viewcvs.cgi)

Download ExploitTree

Downloading and keeping an up-to-date copy of the ExploitTree on your harddrive is done by use of the Client Utility.

Perl Version

Updated: Loni 23:40, 12 Feb 2005 (EST)

Download: Perl Version 0.60 (http://www.securityforest.com/downloads/ExploitTree-pl.tar.gz)

  • Windows Requirements - ActiveState Perl (http://www.activestate.com/Products/ActivePerl/), Cygwin (http://www.cygwin.com) environment including CVS Binaries (dev-cvs)
  • Un*x Requirements - Perl Interpreter. CVS client - Available at http://www.cvshome.org

Win32 Binary Version

Updated: Loni 23:40, 12 Feb 2005 (EST)

Download: Win32 Binary Version 0.60 (http://www.securityforest.com/downloads/ExploitTree-Win32.zip)

  • No Requirements. Includes everything needed to run out-of-the-box.
Users upgrading from v1 are urged to delete the whole ExploitTree directory and start over.
Version 0.60 is primarly an update to work with ExploitTree.v2, please see the Changes page for more details


Tested on:

  • FreeBSD 6-STABLE i386 by ShakingSpirit
  • FreeBSD 5.2.1 i386 by kralor
  • Gentoo 2.6.7 Linux by Loni
  • OpenBSD 3.5 GENERIC#34 i386 by ports
  • CYGWIN_NT-5.1 1.5.10(0.116/4/2) i686 Cygwin by ports
  • Windows 2000 Native, with Cygwin binary's in $PATH by Loni
  • Windows XP SP2, with Cygwin CVS binary and Activestate Perl by Physaro
  • Slackware Linux 10, Kernel 2.4.26 by Neonomicus
  • Windows 2000 SP4, Win32 Binary Version by Loni
  • Windows XP SP1, Win32 Binary Version by Loni
  • Debian Linux 3.1, Kernel 2.6.7 by Az0te
  • Fedora Core 3 Linux, Kernel 2.6.9-1.667 by Laramies
  • Fedora Core 3 Linux, Kernel 2.6.9-1_681 by DeviceZ
  • FreeBSD 5.3 i386 by sleepless
  • Mandrake 10.0, Kernel 2.6.3-7mdk by Bagheera
  • Mandrake 10.1, Kernel 2.6.8.1-12mdk by Blad3
  • Fedora Core 3 Linux, Kernel 2.6.10-1.737 by xternal
  • Suse Linux 9.2 Pro, Kernel 2.6.8-24.11-default by DKay
  • Darwin Kernel Version 7.8.0 / OSX 10.3.8 by fdomartin
  • Debian Linux 3.1, Kernel 2.6.9 by Karman
  • Windows 98, by TheChara (See ExploitTree_Problems_and_Solutions)
  • Slackware Linux 10, Kernel 2.6.7 by Qnix
  • Red Hat release 9, Kernel 2.4.25 by Nuno Treez
  • Fedora Core 4, Kernel 2.6.12-1.1398_FC4 by Nuno Treez


Please Note:

  • If you find a bug, or would like more functionality - add a note to the Todo_List
  • Please add to the Tested on section new environments that you have tested the utility on.
  • Request: Update your local copy a maximum of TWICE a day to minimize bandwidth consumption. Thank You!



Notes

Problems and Solutions:
If you have any problems, please see the ExploitTree Problems and Solutions to see if it is a known problem. If your problem doesn't not appear there - please contact us: support@securityforest.com (mailto:support@securityforest.com)

.csvpass issue:
As you might propably notice, The client utility creates a file named '.csvpass' in your homedir. If you 'cat' that file you will see, that the last string fits from the count of characters to your pass. In fact this is your encrypted password. We would like to point out that the used algorithm *cough* is quite weak. Within the next version this problem should be fixed. --ports 00:52, 18 Sep 2004 (IDT)

The algorithm being used is a CVS issue. This issue was cannot be fixed in a new version - the best that can be done is deleting the file when quiting the client utility. The .csvpass also holds other encrypted passwords to other servers. It is recommended to delete this file manually after connecting to any cvs server. A quick google search brought up this for those interested: http://oelewapperke.studentenweb.org/programs/cvscrack/crackcvspass.tar.bz2 --Loni



loni@securityforest.com (mailto:loni@securityforest.com)

Articles in category "ExploitTree"

There are 10 articles in this category.

C

E

E cont.

E cont.
Retrieved from "http://www.securityforest.com/wiki/index.php/Category:ExploitTree"
Advertisement