exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files from Patrik Karlsson

Email addresspatrik at cqure.net
First Active2001-10-24
Last Active2005-12-23
iDEFENSE Security Advisory 2005-12-16.t
Posted Dec 23, 2005
Authored by Patrik Karlsson, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.16.05 - Remote exploitation of a heap overflow vulnerability in Citrix, Inc.'s Program Neighborhood allows attackers to execute arbitrary code. The vulnerability specifically exists due to insufficient handling of corrupt Application Set responses. A heap-based buffer overflow will occur when the Citrix Program Neighborhood client receives an Application Set response containing a name value over 286 bytes. iDefense has confirmed the existence of this vulnerability in Citrix Presentation Server Client 9.0. All prior versions are suspected vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2005-3652
MD5 | 04dfd03b75798b5122cb858ce296af9e
iDEFENSE Security Advisory 2005-01-20.t
Posted Jan 25, 2005
Authored by Patrik Karlsson, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 01.20.05 - Remote exploitation of an input validation vulnerability in 3Com Corp.'s OfficeConnect Wireless 11g Access Point allows attackers to glean sensitive router information.

tags | advisory, remote
advisories | CVE-2005-0112
MD5 | acfc625efa1ee4feddc219dcaca1ce3e
iDEFENSE Security Advisory 2004-12-16.5
Posted Dec 30, 2004
Authored by Patrik Karlsson, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.16.2004-5 - Remote exploitation of a stack-based buffer overflow vulnerability in Veritas Backup Exec allows attackers to execute arbitrary code. The vulnerability specifically exists within the function responsible for receiving and parsing registration requests. The registration request packet contains the hostname and connecting TCP port of the client which is stored in an array on the stack. An attacker can send a registration request with an overly long hostname value to overflow the array and take control of the saved return address to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2004-1172
MD5 | 0bdbea7721db97f2068ded18fe5b51af
sqlat-src-1.1.0.tar.gz
Posted Jun 18, 2004
Authored by Patrik Karlsson | Site cqure.net

SQLAT is a suite of tools which could be useful for pen-testing a MS SQL Server. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. SQLAT works over port 1433.

Changes: Applied patches from Eric Augustus and minor changes.
tags | registry
systems | unix
MD5 | 244ddbb483724666dbad252dd8916360
cifspwscan-1_0_3.tar.gz
Posted Jun 18, 2004
Authored by Patrik Karlsson | Site cqure.net

A CIFS/SMB password scanner based on the jcifs implementation. The scanner and jcifs are both 100% pure Java, making it possible to run the scanner on a few different platforms. Both the Java source and binary distributions are included.

tags | tool, java, scanner
systems | unix
MD5 | e6e80ca7923622aa55c17d56fc6176ce
cqurecitrix.txt
Posted May 4, 2004
Authored by Patrik Karlsson | Site cqure.net

MetaFrame XP Presentation Server and MetaFrame 1.8 have a flaw that allows an administrator account to mount any client drive available in any user's Citrix session.

tags | advisory
MD5 | 4e78bb9e52e44f87d4c6a271a57bcf50
iehist-src-0_0_1.zip
Posted Apr 3, 2003
Authored by Patrik Karlsson | Site cqure.net

IEHist dumps Internet Explorer history from index.dat files into delimited files suitable for import into other tools.

MD5 | a27a5c5e28e8ed10f599dc3da80177bb
vncpwdump-src-1_0_0.zip
Posted Apr 3, 2003
Authored by Patrik Karlsson | Site cqure.net

VNCPwdump can be used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways. It supports dumping and decrypting the password by: Dumping the current users registry key, retrieving it from a NTUSER.DAT file, decrypting a command line supplied encrypted password, and injecting the VNC process and dumping the owner's password.

tags | cracker, registry
MD5 | a141b2e8e7fdaa5e61cba208b9188a46
passifist_src_1.0.0.tgz
Posted Apr 3, 2003
Authored by Patrik Karlsson | Site cqure.net

Passifist is a tool for passive network discovery. It could be used for a number of different things, but was mainly written to discover hosts without actively probing a network. The tool analyzes broadcast traffic and has a plugin architecture through which it dissects and reports services found. Initial version holds support for the following protocols and plugins: CDP, CIM, HSRP, IPX, NETOP, SMB, TFTP.

tags | tool, sniffer, protocol
MD5 | f0a993b8873691afbd384ffd1449a727
oat-source-1.3.0.zip
Posted Jan 5, 2003
Authored by Patrik Karlsson | Site cqure.net

OAT v1.3.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

Changes: Added support for manually specifying remote os when running (O)racle (S)ystem (E)exec. Bugfixes.
tags | java
systems | linux, windows, unix
MD5 | 48614184126e5cf6766faa4b17f95377
oat-source-1.2.0.zip
Posted Jul 15, 2002
Authored by Patrik Karlsson | Site cqure.net

OAT v1.2.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

Changes: Support for command execution on Solaris was added. Now includes OracleQuery, a minimal commandline sql query tool. Many Bugfixes were made.
tags | java
systems | linux, windows, unix
MD5 | 39eaac0f37eb7ecc8eec588b7302fa54
sqlbf-all-src-1.0.1.zip
Posted Jul 15, 2002
Authored by Patrik Karlsson | Site cqure.net

This tool should be used to audit the strength of Microsoft SQL Server passwords offline. The tool can be used either in BruteForce mode or in Dictionary attack mode. The performance on a 1 Ghz Pentium (256mb) is around 750,000 guesses/sec. This is the source - Windows and Linux binaries available here.

tags | cracker
systems | linux, windows
MD5 | bc0981277e76bacff2daa4b159363de9
iXsecurity.20020404.4d_webserver.a
Posted May 10, 2002
Authored by Patrik Karlsson, Jonas Landin | Site cqure.net

The 4D webserver v4.7.3 has a buffer overflow condition in the username or password field in a basic authentication resulting in EIP overwrite and possible arbitrary code execution.

tags | overflow, arbitrary, code execution
MD5 | b7f34beda1ad7abdbe43c3f7f6a6b569
cqure.net.20020412.bordermanager_36_mv1.a
Posted May 10, 2002
Authored by Patrik Karlsson, Jonas Landin

Cqure.net Security Advisory cqure.net.20020412.bordermanager_36_mv1.a - Three vulnerabilities were identified in Novell Border Manager 3.6. The vulnerabilities will cause the handling NLM to abend, and in some cases result in a denial of service to to Novell server.

tags | denial of service, vulnerability
MD5 | 83c1993b7eb83b5019c7ac7e0f97f64c
cqure.net.20020412.netware_sdmr.a
Posted May 10, 2002
Authored by Patrik Karlsson, Jonas Landin

Cqure.net Security Advisory cqure.net.20020412.netware_sdmr.a - The IPX compatibility issue Posted to BugTraq on July 11, 2000 by Dimuthu Parussalla applies to Netware 6.0 SP 1 as well. An attacker could cause the SDMR.NLM to abend and in some cases reboot the server.

MD5 | 1d01e80087f59b3183b4e655b0898856
cqure.net.20020412.netware_client.a
Posted May 10, 2002
Authored by Patrik Karlsson, Jonas Landin

Cqure.net Security Advisory cqure.net.20020412.netware_client.a - Multiple buffer overflow conditions exist in the Novell Netware client for Windows v4.83 which allow an attacker to crash any software relying in name resolution.

tags | overflow
systems | windows
MD5 | b12676d8638b51cf97a6a7360974c0d8
cqure.net.20020408.netware_nwftpd.a.txt
Posted May 10, 2002
Authored by Patrik Karlsson, Jonas Landin

Cqure.net Security Advisory 20020408.netware_nwftpd.a - A vulnerability found in the Novell Netware 6.0 SP1 FTP daemon can be used in a denial of service against this application. Exploitation of this problem can result that the daemon starts consuming all CPU resources.

tags | denial of service
MD5 | d889488789a9e9fe1549bd6687cf0f6e
sqlat-src-1.0.0.tar.gz
Posted Feb 26, 2002
Authored by Patrik Karlsson | Site cqure.net

SQLAT is a suite of tools which could be useful for pen-testing a MS SQL Server. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. SQLAT works over port 1433.

tags | registry
systems | unix
MD5 | d3ea5274c317e3c1b93feb79ab4f80d2
oat-source-1.1.0.zip
Posted Feb 26, 2002
Authored by Patrik Karlsson | Site cqure.net

OAT 1.1.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

Changes: The password guessing is now done on all SIDs of the database. The SIDs enumeration should now be more reliable, Errors reported in a more readable form.
tags | java
systems | linux, windows, unix
MD5 | af9c1635782aa7913afb7614e4679196
wavestumbler-1.2.0.tar.gz
Posted Feb 26, 2002
Authored by Patrik Karlsson | Site cqure.net

WaveStumbler is console based 802.11 network mapper for Linux and supports WEP, ESSID, MAC and more. This package includes a kernel patch (for the wireless nic drivers) which can be applied to the linux-2.4.17 sources and a program called wavestumbler. The program interacts with the patched network drivers to map wireless networks.

Changes: New kernel patch + massive bugfixes! WEP, Noise and channel should now be displayed properly. Added time fields "firstseen", "lastseen", "maxsignal". Added curses support.
tags | tool, kernel, wireless
systems | linux
MD5 | 2e91753758a890fc4beb213a3b5fb504
wavestumbler-1.0.4.tar.gz
Posted Feb 5, 2002
Authored by Patrik Karlsson | Site cqure.net

WaveStumbler is console based 802.11 network mapper for Linux and supports WEP, ESSID, MAC and more. This package includes a kernel patch (for the wireless nic drivers) which can be applied to the linux-2.4.17 sources and a program called wavestumbler. The program interacts with the patched network drivers to map wireless networks.

tags | tool, kernel, wireless
systems | linux
MD5 | 78f047175b8d3bf30bf80e6e3fc29d80
smbbf-0.9.1.tar.gz
Posted Oct 24, 2001
Authored by Patrik Karlsson

The SMB Auditing Tool is a password auditing tool for the Windows and the SMB platform. It makes it possible to exploit the timeout architecture bug in Windows 2000/XP, making it extremely fast to guess passwords on these platforms. Running a large password file against Windows 2000/XP, shows statistics up to 1200 logins/sec. This means that you could run a commonly used English dictionary with 53 000 words against a server under a minute. Supports SMB over Netbios and native SMB over tcp port 445. Compiles on Linux, BSD, and Cygwin.

tags | cracker, tcp
systems | linux, windows, 2k, bsd
MD5 | ddee38c0194ecef0bc0fe41aa6429ceb
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close