Enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts. &nbs;
ef78f9a8ba0b828bd878764098066000235132b2f9fef67ca988cb1f8dd17470
Porttool is the proof-of-concept code for the Windows LPC ports vulnerabilities reported by RAZOR to Microsoft.
8638fb3a54caa3088878ac46ac7f1f2c080dd71ed386b32ba7d5007f372c9070
ACL tools contains two tools: lsaacl and samacl. lsaacl allows allows you to display and edit security descriptors for LSA objects. samacl allows you to display and edit security descriptors for SAM objects.
ba7775253e27a833211ff12358821b81fad79f0e34f49f7581c5e1897feabf1a
The RPC tools package contains three separate tools for obtaining information from a system that is running RPC services. rpcdump allows you to dump the contents of the endpoint mapper database. ifids is similar to rpcdump but allows you to query a single RPC server and can even allow you to query an RPC server which is not listed in the endpoint map obtained with rpcdump above. walksam is a tool which allows you to dump the information of each user found within the SAM database via Named Pipes or using the additional protocol sequences used by Windows 2000 domain controllers.
1526cb1947be29fc1bf338f36f7c4b647ca7000ccaf9d08eccbceccb426bffcc
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
9db900b88bac67205c493bfdf4780d55020f71d6cf69ea0fd2a01fa148619d7e
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
3a78f90ba3e009725dd21c6697b5a180836d3047bf155818439009389e28658f
Razor Advisory - A locally exploitable vulnerability is present in the util-linux package shipped with Red Hat Linux and numerous other Linux distributions. Chfn and chsh are affected. Tested against Red Hat Linux 7.3 and below.
f33c78e000c95226dc9e980eef83fefd8f6895c01bda0b30a85f012ad3ca7906
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
447932c5e732d97ca339be5ddc5f94b42a695561b36cbd93615154bb8cd4e733
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
0505286f46a92eb98b135d52dc93d6949ecd18418ec1911d8d5d74825a2b4099
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
e14cf365038e3721d3bd54233921777299724de0333f64d9953c009fe8fe0887
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
f3e73051c8780f7ebb6d3106fec7d584c33baff1a3a3aa5e831467983b03a4a6
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
918de9718405630e09b3b3c2dfc3fea4d577479adfc90c8f21b79790fc3cf58d
RAZOR Advisory: Multiple Local Sendmail Vulnerabilities. Sendmail v8.12.0 and below contains multiple local root vulnerabilities. This is fixed in v8.12.1.
33a10f0706c2b3d321f18b41f224a271bb8c7eb422d8bad8f87b3a52f6c7a860
Bindview Advisory - Many DCE/RPC servers don't do proper parameter validation, and can be crashed by sending an improperly formatted request. Affected systems include W2K SCM, NT4 LSA, NT4 Endpoint mapper, W2K Endpoint mapper, SQL Server 7, W2K's DHCP Server, W2K's IIS Server, Exchange 5.5 SP3, Exchange 5.5 SP3, NT4 Spooler, W2K License Srv, and NT4 License Srv. Microsoft bulletin on this issue available here.
5e096213ca28870ef36905370680122f6491ef0eb55cc4941841a9ce21274fe7
Bindview Advisory - A remotely exploitable IP masquerading vulnerability in the Linux kernel can be used to penetrate protected private networks which have loaded the IRC masquerading module. There was a discussion last year that detailed exploiting NAT packet inspection mechanisms on Linux and other operating systems by forcing a client's browser or MUA software to send specific data patterns without the user's knowledge (see http://www.securityfocus.com/archive/82/50226) in order to open an inbound TCP port on the firewall. Appropriate but not sufficient workarounds were incorporated in Linux kernels released after the original advisory. Unfortunately, protocols other than those mentioned in the original discussions seem to be vulnerable as well. We found that IRC DCC helper (the Linux 2.2 ip_masq_irc module, and modules shipped with some other operating systems / firewalling software) can be exploited.
bcaf95982e917edd271016e86d6d77bc40fd5dd9c9b427da27e25b0f3c3b78f8
Bindview Advisory - SMBD remote file creation vulnerability. Insufficient parameter validation and unsafe default configuration on popular Linux platforms make systems running samba SMB file sharing daemon vulnerable to remote attacks. Tested on SMBD 2.0.7 and 2.0.8. Samba daemon allows remote attackers to create SMB session log files (*.log) with highly attacker-dependent contents outside outside logs directory. This vulnerability itself can be used to perform DoS attacks, or, if combined with unprivileged local access, can be used to gain superuser privileges.
cd04a10ae9f3510f12059b264b6521eb10a3a3ea5a56ac1c4ae8a772b263273c
Razor / Bindview Advisory - There is a buffer size checking related fault condition in Microsoft Windows 2000 telnet server. This vulnerability is present only if telnet service is running and plain-text logins are allowed. If there are already 4300 characters in the buffer, username length range checking does not work. Perl exploit included.
be12ffcb3f00a8aa6f4162cd3e7951feb76a5d093a8d28f0c9847b0b212e51c2
Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.
72f0b876373954999b3e48c286d832d9874353833141a0ee8db15f4cd9b2c873