Powered by Sourceforge. Valid XHTML 1.0
This page contains attacks trapped with honeytrap. Some of the data has been sanitized. Most of the files contain malicious code and can smash your computer system. If you download and analyze them, be careful!
| Date | File | Port | Description |
|---|---|---|---|
| 2007-02-19 | xmldb_ftp_bo.htdump | 2100/tcp | Exploitation attempt of a buffer overflow in XDB FTP UNLOCK command in Oracle 9i. |
| 2007-01-30 | ssl_too_open.htdump | 443/tcp | OpenSSL still too open. |
| 2006-12-29 | sql_slammer.htdump | 1434/udp | SQL Slammer infection attempt (exploited vulnerability described in CERT advisory CA-2003-04). |
| 2006-12-28 | snmp_get_public.htdump | 161/udp | A SNMP GET request on the public community. |
| 2006-12-28 | opaserv_w.htdump | 139/tcp | Another variant of the Opasoft worm that spreads via open network shares on Windows machines. |
| 2006-12-17 | ssh_connect.htdump | 22/tcp | Rejected Secure Shell (SSH) connection attempt. |
| 2006-12-17 | dht_ping_query.htdump | 61764/udp | BitTorrent "distributed sloppy hash table" (DHT) protocol ping query. |
| 2006-12-12 | opasoft_infect.htdump | 139/tcp | A sample of the Opasoft.D worm that exploits weak share level password in old Windows flavors. |
| 2006-12-07 | big_yellow.htdump | 2967/tcp | Big Yellow worm exploiting a remote stack overflow in Symantec Remote Management. |
| 2006-11-29 | messenger_spam.htdump | 1026/udp | Windows Messenger spam message that tries to trick you into installing an "update". |
| 2006-11-21 | weird_backdoor.htdump | 17300/tcp | An IRC bot spreading via a backdoor left behind by a virus from 2001 called Win32.Weird. |
| 2006-11-20 | rtvscan_bo.htdump | 2967/tcp | A buffer overflow exploit, maybe for the stack overflow in Symantec's realtime virus scanner. |
| 2006-11-13 | pnp_exp.htdump | 5000/tcp | Exploit for the Microsoft Plug and Play vulnerability (see MS05-039). |
| 2006-11-10 | msdtc_exp.htdump | 1025/tcp | Shellcode for the remote code execution vulnerability in the MSDTC (MS05-051). |
| 2006-11-08 | dameware_bo.htdump | 6129/tcp | 3 years old stack overflow exploit for a Dameware vulnerability (see this posting). |
| 2006-10-22 | optix_backdoor.htdump | 3410/tcp | Attempt to log into a backdoor in the Optix trojan using a built-in leaked master password. |
| 2006-10-08 | grims_ping.htdump | 21/tcp | Output from a tool called Grim's Ping that scans for anonymous ftp servers. |
| 2006-10-01 | mydoom_hunter.htdump | 3127/tcp | MyDoom Hunter still spreading! (Infos at W32.Doomhunter description). |
| 2006-10-01 | ftp_dl_run.htdump | 48879/tcp | Yet another set of commands to download an executable via FTP and launch it. |
| 2006-09-29 | netbios_spread.htdump | 139/tcp | A portable executable submitted via NETBIOS, probably a malware (not analyzed). |
| 2006-09-15 | webmail_inc.htdump | 32000/tcp | GET request that includes a php script via an IceWarp WebMail weakness (OSVDB ID 22077). |
| 2006-09-09 | phpmy_worm.htdump | 80/tcp | A malware spreading via phpMyAdmin by inserting the binary executable into the database. |
| 2006-09-01 | dipnet_scan.htdump | 15118/tcp | Dipnet scan for already infected hosts (details can be found in the analysis by LURHQ). |
| 2006-08-31 | sserv_meta.htdump | 445/tcp | Exploitation attemts using the Metasploit server service exploit. |
| 2006-08-28 | vbs_dload.htdump | 4444/tcp | VBS script to download and run a bot executable echoed on a backdoor shell. |
| 2006-08-17 | me_imapd_bo.htdump | 143/tcp | Buffer overflow exploit against the LOGIN command in MailEnable Imapd (reported here in 2005). |
| 2006-08-12 | sserv_exp.htdump | 445/tcp | Exploit for the critical remote code execution hole in the Windows server service (MS-06-040). |
| 2006-08-12 | veritas_exp.htdump | 6101/tcp | Buffer overflow exploit against Veritas Backup Agent Browser (exploit by Hat-Squad). |
| 2006-08-10 | dirtr_cmd.htdump | 80/tcp | A directory traversal cmd.exe access successfully mirrored back to the miscreant. |
| 2006-08-07 | weak_vnc.htdump | 5900/tcp | Exploit for weak vnc servers (most likely without password) to download malware via http. |
| 2006-08-06 | dirtr_shadow.htdump | 10000/tcp | Directory traversal attack to retreive /etc/shadow via http. |
| 2006-07-29 | licmgr_exp.htdump | 10616/tcp | Exploit for buffer overflow vulnerability in EIQ Licence manager (see Metasploit exploit). |
| 2006-06-30 | arcserve_bo.htdump | 41523/tcp | Exploit for one of those buffer overflow vulnerabilities in BrightStor ARCserve Backup. |
| 2006-06-20 | wins_exp.htdump | 42/tcp | Buffer overflow exploit against Microsoft WINS (see Microsoft Security Bulletin MS04-045). |
| 2006-05-27 | ftp_dl.htdump | 8655/tcp | Commands subitted to a backdoor shell to download a file via ftp (honeytrap did) and run it. |
| 2006-05-27 | lsass_exp.htdump | 445/tcp | Buffer overflow exploit against Microsoft LSASS (see Microsoft Security Bulletin ms04-011). |
| 2006-05-25 | relay_scan.htdump | 25/tcp | Scan for open SMTP relays. |
| 2006-05-23 | pop3_bo.htdump | 110/tcp | Buffer overflow exploit attacking the POP3 APOP command (could be CVE-2000-0840). |
| 2006-05-23 | mw_ftp_bo.htdump | 1023/tcp | Buffer overflow attack against the FTP PORT command, most likely for malware builtin servers. |
| 2006-05-15 | dcerpc_exp.htdump | 135/tcp | Exploit for the Netbios DCERPC vulnerability (see Microsoft Security Bulletin MS03-026). |
| 2006-04-20 | mysql_worm.htdump | 3306/tcp | Worm-like MySQL exploit that bruteforces root password and then installs and runs itself. |
| 2006-04-15 | xmlrpc_exp.htdump | 80/tcp | Exploit against PHP XMLRPC (see CVE-2005-1921) that installs and runs a file. |
| 2006-03-25 | ascii2pe.htdump | 46695/tcp | Batch script that creates a vaild PE executable by printing base64-like strings into a file. |
| 2006-02-07 | asn1_exp.htdump | 139/tcp | Remote root exploit for a buffer overflow in NetBios NTLMSSP (MS04-077). |
| 2005-10-29 | cpanel_rstpass.htdump | 2082/tcp | Malware download attempt via the cpanel password reset weakness (OSVDB ID 4205). |
| 2005-09-06 | distcc_exp.htdump | 3632/tcp | DistCC daemon remote exploit that opens a reverse shell (using this Metasploit exploit). |
honeytrap was written by Tillmann Werner.
Powered by Sourceforge. Valid XHTML 1.0