exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Roy Hills

Email addressroyhills at hotmail.com
First Active2002-09-05
Last Active2013-07-25
ARP-Scan ARP Generation Tool 1.9
Posted Jul 25, 2013
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: This release adds support for ARM 64-bit CPUs and Dragonfly BSD, adds a --rtt (-D) option to display the packet round-trip time, uses libpcap functions to obtain the interface IP address and send the packet (to increase portability), requires libpcap 0.9.3 or later, raises the default timeout from 100ms to 500ms to avoid missed responses from slow-responding hosts, modifies the get-iab and get-oui scripts to the support new IEEE website URL and new file format (also fixes the -u option in these scripts), updates MAC/Vendor mapping files from the IEEE website, and adds additional arp-fingerprint patterns.
tags | tool, scanner, protocol
systems | unix
SHA-256 | ce908ac71c48e85dddf6dd4fe5151d13c7528b1f49717a98b2a2535bd797d892
ARP-Scan ARP Generation Tool 1.8.1
Posted Jul 20, 2011
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: The data file "pkt-custom-request-vlan-llc.dat" was added to the tarball to allow the ARP request packet generation self test to complete successfully.
tags | tool, scanner, protocol
systems | unix
SHA-256 | 61055bf9e7c15e34f8adabebb4a9b035cb0030a3cd19b4f00df9fea483c0256f
ARP-Scan ARP Generation Tool 1.8
Posted Mar 7, 2011
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: The IEEE OUI and IAB files were updated. Support was added for trailer ARP replies. Support for LLC/SNAP packets with the 802.1Q tag was added. Full help output is no longer displayed for usage errors. Apple Mac OS X Tiger, Leopard, and Snow Leopard are now supported. The license was changed from GPL v2 to v3. A DoS warning was added to the manpage and help output. New arp fingerprints were added. gcc compiler security options were enabled. "make check" tests were added. The Perl scripts were modified to work on systems where the perl executable is not in /usr/bin. Various minor bugfixes and improvements were made.
tags | tool, scanner, protocol
systems | unix
SHA-256 | 3e4d2ddb0634dad07cbe7206349e0eb389e37510883b0735a450adef41df6f26
ARP-Scan ARP Generation Tool 1.7
Posted Aug 1, 2008
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

tags | tool, scanner, protocol
systems | unix
SHA-256 | f50e2f3a2ec6cfe4e4d15a6de0cfb5c707b7e703687800deb35456f914492ee4
ike-scan-1.9.tar.gz
Posted Jan 27, 2007
Authored by Roy Hills | Site nta-monitor.com

ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

Changes: Multiple bug fixes and enhancements.
tags | tool, scanner
systems | unix
SHA-256 | 05d15c7172034935d1e46b01dacf1101a293ae0d06c0e14025a4507656f1a7b6
ciscoVPN.txt
Posted Jul 28, 2006
Authored by Roy Hills | Site nta-monitor.com

NTA Monitor discovered a denial of service vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer in July 2005. The vulnerability affects Phase-1 of the IKE protocol. Both Main Mode and Aggressive Mode over both UDP and TCP transports are affected. The vulnerability allows an attacker to exhaust the IKE resources on a VPN concentrator by sending a high rate of IKE requests, which will prevent valid clients from connected or re-keying. The attack does not require a high bandwidth, so one attacker could potentially target many concentrators. This mechanism behind this vulnerability is similar to the well-known TCP SYN flood vulnerability.

tags | advisory, denial of service, udp, tcp, protocol
systems | cisco
SHA-256 | be9e71e7ed762a62e165c493b33ebe9e8bc248cea205d65985b9212c0de7e083
ike-scan-1.8.tar.gz
Posted Jun 26, 2006
Authored by Roy Hills | Site nta-monitor.com

ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

Changes: Added backoff patterns for Netgear ProSafe and Netgear ADSL Firewall Router. Various other tweaks and enhancements.
tags | tool, scanner
systems | unix
SHA-256 | fc7b4aea32e4cf577411237410323c8bc327f65e54b88184b1a85118d79c918c
juniperEnum.txt
Posted Aug 19, 2005
Authored by Roy Hills | Site nta-monitor.com

NTA Monitor has discovered a VPN username enumeration vulnerability in the Juniper Netscreen integrated Firewall/VPN products while performing a VPN security test for a customer. The issue is believed to affect all models of Juniper Netscreen running all ScreenOS software versions up to 5.2.0.

tags | advisory
systems | juniper
SHA-256 | c62ad783ef552c15a0b4c2b7381e46c7d0b0f66225ab7c1191509fba5dade3fc
NTAdos.txt
Posted Aug 14, 2005
Authored by Roy Hills | Site nta-monitor.com

Nortel VPN Router products are susceptible to a denial of service attack via a malformed IPsec IKE packet.

tags | advisory, denial of service
SHA-256 | 3757ae9bdbba6788484a12d306d65e40e70d5721c7b1adb352c54fee941eaf06
ciscoEnum.txt
Posted Jun 21, 2005
Authored by Roy Hills | Site nta-monitor.com

A vulnerability in Cisco VPN concentrators allows an attacker to enumerate valid groupnames on a through either a dictionary attack, or a brute-force attack. The issue exists because the concentrator responds to valid groupnames differently to the way in which it responds to invalid groupnames. The issue is believed to affect all models of Cisco VPN 3000 Concentrator: 3005, 3015, 3020, 3030, 3060 and 3080. It is believed that all software versions prior to 4.1.7.F are vulnerable.

tags | advisory
systems | cisco
SHA-256 | 2e460ecbb84d0cf7cfa5a0a6fbd7103c9f804914e042195662abb8fd2f0a6d00
nortelVPNpass.txt
Posted Mar 24, 2005
Authored by Roy Hills

NTA Monitor has discovered a password disclosure issue in the Nortel Windows VPN client. The Nortel client stores the password in an obfuscated form in the Windows registry, but it also stores the unencrypted password in process memory.

tags | advisory, registry
systems | windows
SHA-256 | b5520600578557d7becbbed66dbfcd57616c4dd922b9a02a69974e53503b38a9
safenetVPN.txt
Posted Feb 23, 2005
Authored by Roy Hills | Site nta-monitor.com

The SafeNet SoftRemote VPN client has an issue where a password is stored as clear text in memory.

tags | advisory
SHA-256 | 4ddf3ab879d0979c09c314bbcf63db87068c3b3d1bffa3e1403cc152a76748af
ike-scan-1.7.tar.gz
Posted Feb 22, 2005
Authored by Roy Hills | Site nta-monitor.com

ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

Changes: New psk-crack program, support for IKE over TCP, ability to use the OpenSSL MD5 and SHA1 hash functions, and much more.
tags | tool, scanner
systems | unix
SHA-256 | 52d5be7cfeddbc5fd01bec42fc8d39f1d86ce5584bc8e2553ab2b55673835e60
chkptFW1-IKE.txt
Posted Jun 18, 2004
Authored by Roy Hills | Site nta-monitor.com

Checkpoint Firewall-1 version 4.1 and later with IPsec VPN enabled will return an IKE Vendor ID payload when it receives an IKE packet with a specific Vendor ID payload. The Vendor ID payload that is returned identifies the system as Checkpoint Firewall-1 and also determines the Firewall-1 version and service-pack or feature-pack revision number. This is an information leakage issue which can be used to fingerprint the Firewall-1 system.

tags | advisory
SHA-256 | 440208d725a4ec5c0d16e26260994618621b0231f531a80db7b7c381d24b4f4f
ike-scan-1.6.tar.gz
Posted Feb 27, 2004
Authored by Roy Hills | Site nta-monitor.com

ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

Changes: ISAKMP payloads are now decoded, new switch options added, various bug fixes.
tags | tool, scanner
systems | unix
SHA-256 | 50fa57f374ffd7a9406734dc7e7d5d00813ae61122ca580dd8221720e77d2ce2
ike-scan-1.5.1.tar.gz
Posted Nov 25, 2003
Authored by Roy Hills | Site nta-monitor.com

ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.

Changes: More backoff patterns added, more flexible pattern specification, man page added, and more.
tags | tool, scanner
systems | unix
SHA-256 | ef4da0b8fb8c43faed743d094966384c7c9a1e8041a8e811b657bc9863951839
checkpoint.ike.txt
Posted Sep 5, 2002
Authored by Roy Hills | Site nta-monitor.com

Checkpoint Firewall-1 SecuRemote IKE usernames can be guessed or sniffed using IKE exchange and can be guessed separately from the password. Firewall-1 versions 4.0 SP 7, 4.1 SP2, 4.1 SP6, NG Base, NG FP1 and NG FP2 allow username guessing using IKE aggressive mode.

SHA-256 | 5a400ed8f87e890c92da75c23f927c0c3da387065ed5af4a3ab88c33d6c785a6
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close