Here is a collection of exploits I wrote under the moniker 'bind' in the late 90s and early 00s. I am releasing these just to show what things were like during that hacking era. I doubt these are useful anymore but some of the techniques and coding style are valuable and entertaining to look at. They are listed in the order written.
This was the first stack overflow exploit I wrote in 1999 for a publicly known vulnerability in POP2 servers that were running by default on most popular Linux distributions. My partner and mentor 'xdr' from teamTESO helped me understand how stack overflows worked and taught me how to write my own exploits. This pop2 exploit was very reliable and worked 95% or more of the time.
Details: A buffer overflow exists in the pop2 server distributed
with imap packages 4.4 and earlier. Exploitation of this bug allows
remote access to the machine with the user id of nobody. This program
allows you to exploit pop2 without the need of a third party IMAP server.
If you are behind a firewall, resort to using a third party, internet
routable IMAP server. For accuracy purposes, this exploit autodetects
the version of the server it is exploiting and performs alignment calculation.
This was my first format string exploit written for a publicly known vulnerability in the rpc statd daemon shipped with Redhat 6.2 and earlier. I do not remember this being a very reliable nor useful exploit as the service was turned off by default (if i remember correctly). I wrote it simply to understand how format string vulnerabilities worked.
Details: A format string bug exists in the rpc.statd daemon
shipped with Redhat 6.2 & earlier. The bug occurs due to
the lack of handling format characters passed to the syslog()
function. Exploitation yields remote root access.
The is by far the best exploit I have ever written not only due to the fact that the Washington University 2.6.1 FTP server was ubiquitous and turned on by default, but also because it was the most reliable exploit for this bug in the world. The most widely used exploit was written by teamTESO and my exploit was actually more reliable and required less information, resulting in me feeling pretty 31337 at the time.