Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files

enum.tar.gz
Posted Oct 21, 2003
Site razor.bindview.com

Enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts. &nbs;

systems | windows
MD5 | d794d231882d077051110e0da3f321c9
porttool.zip
Posted Oct 21, 2003
Site razor.bindview.com

Porttool is the proof-of-concept code for the Windows LPC ports vulnerabilities reported by RAZOR to Microsoft.

tags | vulnerability
systems | windows
MD5 | 1b9c2cfa1364b4bfe7e9f85fb3dc5b94
acltools-1.0.zip
Posted Oct 21, 2003
Site razor.bindview.com

ACL tools contains two tools: lsaacl and samacl. lsaacl allows allows you to display and edit security descriptors for LSA objects. samacl allows you to display and edit security descriptors for SAM objects.

MD5 | 0edcb88053e9854406383872242571e8
rpctools-1.0.zip
Posted Oct 21, 2003
Site razor.bindview.com

The RPC tools package contains three separate tools for obtaining information from a system that is running RPC services. rpcdump allows you to dump the contents of the endpoint mapper database. ifids is similar to rpcdump but allows you to query a single RPC server and can even allow you to query an RPC server which is not listed in the endpoint map obtained with rpcdump above. walksam is a tool which allows you to dump the information of each user found within the SAM database via Named Pipes or using the additional protocol sequences used by Windows 2000 domain controllers.

tags | protocol
systems | windows, 2k
MD5 | 267fdac8812b478ed0ccd57b56326eda
fenris-0.7-m.tgz
Posted Oct 21, 2003
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: maintenance release: new fingerprints, bug-fixes.
tags | protocol
MD5 | 14c1fe47e00fd5fc1f7e72f12c056334
fenris-0.7.tgz
Posted Sep 5, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Includes some fixes and enhancements, including bugfixes to the build process and companion tools.
tags | protocol
MD5 | c5d8079bd95aaf61fb13a5a4e4ac8d82
razor.chfn.txt
Posted Jul 30, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Razor Advisory - A locally exploitable vulnerability is present in the util-linux package shipped with Red Hat Linux and numerous other Linux distributions. Chfn and chsh are affected. Tested against Red Hat Linux 7.3 and below.

systems | linux, redhat
MD5 | f338e29596f3d2d5261b07f2e890e404
fenris-0.7b.tgz
Posted Jun 13, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Repaired syscall breakpoint functionality in Aegir, problems on RedHat 7.3, and made some minor fixes.
tags | protocol
MD5 | 78bd4aef0e9f06942f65ee30fe961b0e
fenris-0.06.tgz
Posted Jun 3, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: GUI is now stable. There are several bugfixes, efficiency improvements, anti-debugging trap detection, better blocking syscall handling, and many more features.
tags | protocol
MD5 | ab497d7ebddf114494111e46554adb7c
fenris-0.05.tgz
Posted May 25, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Interactive debugging capabilities introduced and added burneye tracing.
tags | protocol
MD5 | 0b76e98eddacbfae87f9c708e87671a2
fenris-0.03.tgz
Posted May 19, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Includes a new utility called dress which reconstructs symtabs in ELF static stripped binaries, and write new ELFs suitable for use with gdb, objdump, nm, etc, and other minor improvements.
tags | protocol
MD5 | 5dd6c9697781870e900251e84aa8ef27
fenris-0.2.tgz
Posted May 15, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Many fixes, new fingerprints, op5ionw and several optimizations.
tags | protocol
MD5 | 24ee1e381afc257d01778820be79d88d
adv_sendmail.txt
Posted Oct 3, 2001
Authored by Michal Zalewski | Site razor.bindview.com

RAZOR Advisory: Multiple Local Sendmail Vulnerabilities. Sendmail v8.12.0 and below contains multiple local root vulnerabilities. This is fixed in v8.12.1.

tags | local, root, vulnerability
MD5 | 108765b10a32bb3a0bfaa117b367b6ce
adv_DCE-RPC_DoS.txt
Posted Aug 5, 2001
Site razor.bindview.com

Bindview Advisory - Many DCE/RPC servers don't do proper parameter validation, and can be crashed by sending an improperly formatted request. Affected systems include W2K SCM, NT4 LSA, NT4 Endpoint mapper, W2K Endpoint mapper, SQL Server 7, W2K's DHCP Server, W2K's IIS Server, Exchange 5.5 SP3, Exchange 5.5 SP3, NT4 Spooler, W2K License Srv, and NT4 License Srv. Microsoft bulletin on this issue available here.

tags | denial of service
MD5 | 4a14c5755a8272d507093367d2092c1e
adv_LkIPmasq.txt
Posted Aug 5, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Bindview Advisory - A remotely exploitable IP masquerading vulnerability in the Linux kernel can be used to penetrate protected private networks which have loaded the IRC masquerading module. There was a discussion last year that detailed exploiting NAT packet inspection mechanisms on Linux and other operating systems by forcing a client's browser or MUA software to send specific data patterns without the user's knowledge (see http://www.securityfocus.com/archive/82/50226) in order to open an inbound TCP port on the firewall. Appropriate but not sufficient workarounds were incorporated in Linux kernels released after the original advisory. Unfortunately, protocols other than those mentioned in the original discussions seem to be vulnerable as well. We found that IRC DCC helper (the Linux 2.2 ip_masq_irc module, and modules shipped with some other operating systems / firewalling software) can be exploited.

tags | web, kernel, tcp, protocol
systems | linux
MD5 | 9d276686b2da12b3bba7b179f1acb6ee
adv_smbd_log.txt
Posted Aug 5, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Bindview Advisory - SMBD remote file creation vulnerability. Insufficient parameter validation and unsafe default configuration on popular Linux platforms make systems running samba SMB file sharing daemon vulnerable to remote attacks. Tested on SMBD 2.0.7 and 2.0.8. Samba daemon allows remote attackers to create SMB session log files (*.log) with highly attacker-dependent contents outside outside logs directory. This vulnerability itself can be used to perform DoS attacks, or, if combined with unprivileged local access, can be used to gain superuser privileges.

tags | remote, local
systems | linux
MD5 | 2b1032b27041ccb6933652ca97925691
adv_mstelnet.txt
Posted Jun 8, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor / Bindview Advisory - There is a buffer size checking related fault condition in Microsoft Windows 2000 telnet server. This vulnerability is present only if telnet service is running and plain-text logins are allowed. If there are already 4300 characters in the buffer, username length range checking does not work. Perl exploit included.

tags | perl
systems | windows, 2k
MD5 | 6ee028c03f526273bad46c971bb256b8
adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close