sql++

Full details at https://samy.pl/sql++/
an easily configurable, feature-rich, portable command-line SQL tool (works with mysql, oracle, pgsql, mssql!, and more)

posted on december 20, 2000

pdump

Full details at https://samy.pl/pdump/
advanced packet sniffer/injector with the features of all sorts of programs from tcpdump to ngrep to dsniff

posted on december 20, 2000

3.pl

Full details at https://samy.pl/3.pl
a calculator with userland namespace, list operations and advanced base conversion (ascii/bin/dec/hex/oct/dotted dec|hex|oct/bcd/packed bcd/etc)

posted on december 20, 2000

superpositions.h

Full details at https://samy.pl/superpositions.h
C++ header I wrote for 'quantum superpositions'. this allows a layered data type for easy arithmetic comparisons. for example, when you include the header in your programs, you can now compare an array or list of numbers or chars to something else. good examples and description is in the header file, check it out! examples:

posted on december 20, 2000

tracertspoof.pl

Full details at https://samy.pl/tracertspoof.pl
this is just a proof of concept I wanted to make which spoofs routes when someone traceroutes you. that means if someone traceroutes your host and you're running this program with any ips, the user tracerouting you will see those ips as routes before they see your ip as the last hop

posted on december 20, 2000

killmon.pl

Full details at https://samy.pl/killmon.pl
this program attempts to kill all sniffers/network monitors/IDSs on your local network or a remote host by using different denial of service attacks on passive network monitors

posted on december 20, 2000

arpredir.pl

Full details at https://samy.pl/arpredir.pl
program I wrote (still beta) that uses Packet:: to arp poisen a switch, meaning...say you're on a switch and you can't sniff/inject into anyone elses connections, you can use this to actually make all machines on the network think you are that IP, then your box forwards those packets to the real machine via eth packets (you'd have to use ip forwarding for that) enabling you to sniff them up without even setting your eth device in promiscuous mode

posted on december 20, 2000

screamingCobra

Full details at https://samy.pl/scobra/
an advanced application for automated, remote CGI vulnerability discovery of CGIs with unknown code

posted on december 20, 2000

frontdoor.pl

Full details at https://samy.pl/frontdoor.pl
old program I worked on as a simple 'replacement' of telnetd, has some nice things such as pty opening so all the good ANSI stuff can pass through the socket and some other fun stuff

posted on december 20, 2000

inject.pl

Full details at https://samy.pl/inject.pl
program that uses Tk for a GUI, allows you to inject tcp/udp/icmp packets with a nice little interface

posted on december 20, 2000

console-inject.pl

Full details at https://samy.pl/console-inject.pl
same as above but for console

posted on december 20, 2000

ping.pl

Full details at https://samy.pl/ping.pl
this program is neat since it allows you to ping a host through multiple protocols such as ICMP, tcp, etc...but it doesn't always use the actual ICMP header all the time, it will use different methods to see if a host is up for systems that block off icmp requests

posted on december 20, 2000

raw-ident.pl

Full details at https://samy.pl/raw-ident.pl
an identd daemon that controls it's connection raw, not using functions such as socket(), send()/recv(), etc. as an example 'base' for other raw daemons

posted on december 20, 2000

pdoor

Full details at https://samy.pl/pdoor/
an old 'backdoor' I made that doesn't open any ports and allows you to run programs remotely with a client that spoofs the source of the host and portscans will never find the backdoor since it only looks for certain types of packets and needs no 3way handshakes

posted on december 20, 2000

mp3-stream.pl

Full details at https://samy.pl/mp3-stream.pl
this is a program that allows you to switch between using your microphone and playing random mp3s on a live mp3 server for anyone to connect to. you can have something like a small radio show, have people listen to music then switch over to microphone and talk about music and then play some more music when everyone starts disconnecting :)

posted on december 20, 2000

rc4.pl

Full details at https://samy.pl/rc4.pl
RC4 encryption in 146 bytes of code

posted on december 20, 2000

passtc.pl

Full details at https://samy.pl/passtc.pl
1st place winner in the toorcon password challenge. the challenge was to create an algorithm/program that generates passwords for users that are easy to remember for them but difficult to crack/brute force for others

posted on december 20, 2000

crypt.pl

Full details at https://samy.pl/crypt.pl
2 functions to addon to programs, an encryption function and checking of a plain text password and encrypted password to see if they match

posted on december 20, 2000

cp5qrpff-fast.pl

Full details at https://samy.pl/cp5qrpff-fast.pl
my version of the original 531-byte qrpff-fast (DeCSS descrambling code). i was able to cut it down to 504-bytes using the same algorithm so no speed cuts of any sort

posted on december 20, 2000

cp5qrpff.pl

Full details at https://samy.pl/cp5qrpff.pl
my version of the original 526-byte qrpff (DeCSS descrambling code). i was able to cut it down to 500-bytes using the same algorithm so no speed cuts of any sort

posted on december 20, 2000

enigma.pl

Full details at https://samy.pl/enigma.pl
an enigma 3 rotor simulation program...takes you back, doesn't it?

posted on december 20, 2000

vnchown.exe

Full details at https://samy.pl/vnchown.exe
stand alone win32 executable for adding https support to a VNC+http server

posted on december 20, 2000

clear.txt

Full details at https://samy.pl/clear.txt
converting perl code to 'nothing' and executing it from 'nothing'

posted on december 20, 2000

DCCp5bot

Full details at https://samy.pl/dccp5bot.pl
this is an automated IRC bot from a few years back, it connects to an IRC server, joins a channel and automatically queues up specific files within DCC Fservs. has resume support and automates the downloading of files as quickly as possible from multiple sources

posted on december 20, 2000

mp3get.pl

Full details at https://samy.pl/mp3get.pl
recursively scans Apache dir structures looking for MP3s and downloads them (doesn't go below specified directory unlike other programs) Win32 binary>

posted on december 20, 2000

crawl5b.pl

Full details at https://samy.pl/crawl5b.pl
this is a program I made for Caezar's Challenge, 5B at DefCon 9. it recursively scans all pages it can find on a specified host and attempts to find CGI holes remotely and gives you an example CGI exploit for everyone it finds (see screamingCobra)

posted on december 20, 2000

c2p.pl

Full details at https://samy.pl/c2p.pl
a replacement of perl's h2ph (C header to perl header), this does stuff like convert structs to hashes, create the %SIZEOF hash for the size in bytes of actual structs, and other stuff. to be used with Packet::

posted on december 20, 2000

hybbot.pl

Full details at https://samy.pl/hybbot.pl
an IRC operator and channel service I specifically wrote for SUIDnet, an IRC network which I run a big chunk of (irc.LucidX.com:6667 or with SSL at irc.LucidX.com:9999). I do actaully spend a lot of time with this occasionally so it has evolved

posted on december 20, 2000

greph.pl

Full details at https://samy.pl/greph.pl
program that takes a list of C/C++/header files and looks through all of them for a regexp but recursively, which can be neat. say you're looking for a certain function in a program, but it's not in that program, and it's not in any of the headers that program uses, it would have to be in one of the headers of one of the headers, or could even go further or further. greph.pl will look all through these and keep on looking recursively without repeating files

posted on december 20, 2000

mass.pl

Full details at https://samy.pl/mass.pl
this allows you to run one command on multiple files when that command only allows you to run it on one file. an example is tar, say you want to tar -xvf a few different tarballs, but tar only allows you to do one at a time. with mass.pl you can easily do something like ./mass.pl 'tar -xvf *.tar'

posted on december 20, 2000

mkmod.pl

Full details at https://samy.pl/mkmod.pl
this lets you take a normal perl program and easily convert it to a module, making the easy work easier :) good to use when you're doing this with a lot of programs and want something automated

posted on december 20, 2000

burn.pl

Full details at https://samy.pl/burn.pl
program that uses Tk as a GUI to interface with mkisofs and burncd to easily burn cds

posted on december 20, 2000

tkscan.pl

Full details at https://samy.pl/tkscan.pl
old and simple port scanner I made, first time I used Tk also

posted on december 20, 2000

Outsmart

Full details at https://samy.pl/outsmart.txt
code for local Microsoft Outlook contact database security evasion (has not been successfully done before) to gain remote access to protected contact data

posted on december 20, 2000

cracker patcher

Full details at https://samy.pl/crack/
this is actually an old application that I just dug up. it's useful for easily creating small, easily distributable cracks/patches for win32 binaries

posted on december 20, 2000

5balgo1.html

Full details at https://samy.pl/5balgo1.html
my algorithm for automatic bug/exploit discovery in CGIs for Caezar's Challenge (see screamingCobra)

posted on december 20, 2000

5balgo2.html

Full details at https://samy.pl/5balgo2.html
algorithm for automatic bug/exploit discovery in remote software for Caezar's Challenge

posted on december 20, 2000

bofgen

Full details at https://samy.pl/bofgen/
a buffer overflow exploit generation program I recently wrote to take in certain data and create an exploit for a buffer overflow of a local program. has some neat features. check it out

posted on december 20, 2000

5bhack

Full details at https://samy.pl/5bhack/
code for the algorithm on bug/exploit discovery in remote software for Caezar's Challenge

posted on december 20, 2000

testenvs.pl

Full details at https://samy.pl/testenvs.pl
this will take a binary program, find all of the environment variables, and fill them up with data to attempt to overflow it. it's good with use of `find / -perm -4000`. it will easily help you find some exploitable (through ENV variables) programs and it will also attempt to exploit the program with a basic arguement buffer overflow

posted on december 20, 2000

getenvs.pl

Full details at https://samy.pl/getenvs.pl
this is a nice version of v9's getenv program. this retrieves environment variables from a binary program when you don't have the source to it. this can be helpful with finding buffer overflows, especially :)

posted on december 20, 2000

infobot advisory

Full details at https://samy.pl/infobot.html
an old advisory concerning infobot, an IRC automated chat bot

posted on december 20, 2000

pijack

Full details at https://samy.pl/pijack/
very old and ugly program I wrote when I started getting into sockets, it takes over IRC DCC connections before they get fully established

posted on december 20, 2000