<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.18.3">
</HEAD>
<BODY>
This is the first set in a serires on exploit packs.&nbsp; Will post more soon.<BR>
Some background on Armitage: <A HREF="http://dxp2532.blogspot.com/2009/01/armitage-10.html">http://dxp2532.blogspot.com/2009/01/armitage-10.html</A><BR>
<BR>
<BLOCKQUOTE>
    alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;ET WEB Armitage Loader Request&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/exe.php&quot;; sid:XXXXXX; rev:1;)<BR>
    <BR>
    alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;ET WEB Armitage Loader Check-in&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/lds.php&quot;; sid:XXXXXX; rev:1;)<BR>
    <BR>
    alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;ET WEB Armitage Exploit Request&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/bof.php&quot;; sid:XXXXXX; rev:1;)<BR>
</BLOCKQUOTE>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>
-  

-=[ dxp ]=-
0xA3F3C6E3

</PRE>
</TD>
</TR>
</TABLE>
<BR>
</BODY>
</HTML>