Saturday, April 30, 2005 ExploitTree

This afternoon I was researching a bot for a chapter in my latest book. I don't spend a lot of time on exploit sites because I am not a penetration tester by trade. I think the last time I really looked at exploits, sites like were still around!

While searching for the bot in question, I happened to find, although the site was announced on BugTraq in March. is an impressive piece of work. The site is essentially a giant CVS archive of attack code, called the ExploitTree. They provide a Client Utility, which at least for UNIX, is an interface to a native CVS client. For Windows, they provide everything you need to access a CVS server.

Here is how a session using the ExploitTree Client Utility appears under UNIX.

./ anonymous

ExploitTree Client Utility Manager v0.6

1) Initialize (first time download)
2) Update Repository
3) Print Exploit Statistics
q) Quit

> 1
Password is blank (press enter), then wait...

Logging in to
CVS password:
cvs login: warning: failed to open /home/richard/.cvspass for reading:
No such file or directory
cvs server: Updating ExploitTree
U ExploitTree/_SecurityForest
U ExploitTree/_Ver
U ExploitTree/bids.txt
U ExploitTree/exploit_db.txt
U ExploitTree/
U ExploitTree/
cvs server: Updating ExploitTree/application
U ExploitTree/application/_SecurityForest
cvs server: Updating ExploitTree/application/_uncategorized
U ExploitTree/application/_uncategorized/0verkill-exploit.c
U ExploitTree/application/_uncategorized/0x82-GNATS_sux.c
U ExploitTree/application/_uncategorized/0x82-Remote.tannehehe.xpl.c
U ExploitTree/application/_uncategorized/0x82-libCGIfpxpl.c
U ExploitTree/application/_uncategorized/101_shixx.cpp
U ExploitTree/system/tru64/
U ExploitTree/system/tru64/_SecurityForest

Here's an example of what one finds when the download process is finished.

janney:/home/richard/exploittree/ExploitTree$ ls
CVS bids.txt
_SecurityForest exploit_db.txt
_Ver network
application system
janney:/home/richard/exploittree/ExploitTree$ cd system/
janney:/home/richard/exploittree/ExploitTree/system$ ls
CVS atheos irix novell tru64
_SecurityForest beos linux qnx
_uncategorized bsd mac_osx sco
aix hpux microsoft solaris
janney:/home/richard/exploittree/ExploitTree/system$ cd bsd
janney:/home/richard/exploittree/ExploitTree/system/bsd$ ls
CVS _SecurityForest local remote
janney:/home/richard/exploittree/ExploitTree/system/bsd$ cd remote/
janney:/home/richard/exploittree/ExploitTree/system/bsd/remote$ ls
CVS animal.c freebsd obooptd.c rpc.autofsd.c
_SecurityForest bsdi netbuf.c openbsd stream3.c
janney:/home/richard/exploittree/ExploitTree/system/bsd/remote$ cd freebsd/
janney:/home/richard/exploittree/ExploitTree/system/bsd/remote/freebsd$ ls
CVS fbsd-DoS.c ronin.c fbsd-bnc.c turkey2.c
_SecurityForest ftpspy.c ppp.c

I chose a sparsely populated set of directories. The Microsoft section is much longer.

What's nice about this set-up is that you can synchronize your local copy of the ExploitTree with the version using CVS.

Other helpful exploit sites include and ExploitWatch, which reports on newly available exploits by linking to them.

1 comment:

red said...
This comment has been removed by a blog administrator.