exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 123 RSS Feed

Files from Michal Zalewski

Email addresslcamtuf at coredump.cx
First Active1999-11-03
Last Active2015-04-14
p0f-2.0.5.tgz
Posted Sep 15, 2004
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.

Changes: Bug fixes and feature enhancements.
tags | tool, remote, local, scanner
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | 563c62f63acfbef79e79659c3f483813816c7d032ef73e96e462a3b4f9a2fc7f
p0f-2.0.4.tgz
Posted Jul 10, 2004
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.

Changes: Bug fixes and feature enhancements.
tags | tool, remote, local, scanner
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | fc6827f3792a325e79c300d9d45e526eb2da3a8c759cfe3695710b5016f3cfd3
2c2.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

2c2 implements a deniable (and thus subpoena-proof) encryption by creating a file that can be decrypted into several variants, depending on the key, and for which the presence of any of the variants cannot be detected without knowing the key. Please don't use it for an evil conspiracy to take over the world, mmmkay? Also check out James's 4c, a successor to this tool.

tags | encryption
SHA-256 | 8ab2ccdd6ad01164a0ac0b9ec08123e7500a906c94df03689121a249a3d691d5
p0f-2.0.3.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.

Changes: Masquerade detection code now checks for time going backwards in timestamps, added uptime in query data and p0fq.c, added -F fuzzy TTL matching option, added more signatures, and fixed some bugs.
tags | tool, remote, local, scanner
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | e2d58c71a5e014e8391789f48f787c493b1c81901001c55d5ce888aba5b84a41
snowdrop-0.02b.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Snowdrop adds invisible watermarks to text or source code documents. Similar to steganography, watermarking adds invisible information to the document which allows you to track which copy of the document leaked, for example. Separate logical channels are used to carry a highly redundant watermark to ensure it is extremely difficult to remove this information by accident, simple reformatting, etc. Tested on Linux and FreeBSD.

tags | encryption, steganography
systems | linux, freebsd
SHA-256 | 0956fa7b69fc405cc4c00ff224e5435d4165a1298ffd1ba107c7cb07d1891573
memfetch-0.5.tgz
Posted Oct 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Memfetch dumps the memory of a program without disrupting its operation, either immediately or on the nearest fault condition (such as SIGSEGV). It can be used to examine suspicious or misbehaving processes on your system, verify that processes are what they claim to be, and examine faulty applications using your favorite data viewer so that you are not tied to the inferior data inspection capabilities in your debugger.

Changes: Introduces script for easier regex lookups in memory snapshots, and some other minor fixes.
systems | linux
SHA-256 | 923fe5dc11e4bcd611853c42d637da11941ea83c7f53d5c16f741be116573140
fenris-0.7-m.tgz
Posted Oct 21, 2003
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: maintenance release: new fingerprints, bug-fixes.
tags | protocol
SHA-256 | 9db900b88bac67205c493bfdf4780d55020f71d6cf69ea0fd2a01fa148619d7e
juggle.txt
Posted Oct 6, 2003
Authored by Michal Zalewski, Wojciech Purczynski | Site isec.pl

Juggling with packets: floating data storage - White paper discussing the use of network traffic as a storage medium for data and how this could be utilized to not leave an audit trail.

tags | paper
SHA-256 | 7729c506c6789c1f397e325fee04b369ccf9758ca045af5579673f7a9b1017c1
p0f-2.0.2.tgz
Posted Sep 22, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.

Changes: Complete rewrite of version 1 code, making signatures more flexible and to improve fingerprint accuracy.
tags | tool, remote, local, scanner
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | 57b018734a1da31984bc73e7a7590a507e27914441e24a65bb17e879a0078742
sendmail8.12.9.txt
Posted Sep 18, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

There is a remotely exploitable vulnerability in Sendmail versions 8.12.9 and below that allows an attacker to overwrite heap and stack structures.

tags | advisory
SHA-256 | 28c280e02042929b8acc8cdcb07a215783ebdfe53633e6f8410bce341f4bbb14
postfix1112.txt
Posted Aug 5, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Postfix versions 1.1.12 and below suffers from a remote denial of service attack due to a vulnerability in the address parser code.

tags | advisory, remote, denial of service
advisories | CVE-2003-0540
SHA-256 | e8e28a863997588aef90fb4e62ff99a22c91cdc08e3b2cd835651486388fcd55
bios.zalewski.txt
Posted Jul 24, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Various configurations of CPU/BIOS/OS can lead to a denial of service on a server by a local user due to certain BIOSes not zeroing out MSRs on reboot. Patch included.

tags | advisory, denial of service, local
SHA-256 | ca31052b05fc2352ad297512130b304003132d25354bf262fd89aa8fc1a9205a
mz.sendmail.txt
Posted Apr 1, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. This problem is not related to the recent ISS vulnerability announcement.

tags | advisory
SHA-256 | e56c207e41ff83acb9da15ebf18f6f1fbeb72d0a5ba1c4f489470c49b23fc690
tmpwatch.txt
Posted Dec 21, 2002
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Common use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications, sometimes allowing privilege escalation. Includes information on races, file removal, fixes, and more.

tags | paper
systems | unix
SHA-256 | b15d4299f68a0564b2dbf1976f2695381bb7cba4b78e5f66221c135ce941492e
newtcp.htm
Posted Sep 11, 2002
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections.

tags | paper, spoof, tcp, protocol
SHA-256 | 8386fe49e309794b7189962fc049c48f76491712ae797906588405f871f5b1dc
fenris-0.7.tgz
Posted Sep 5, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Includes some fixes and enhancements, including bugfixes to the build process and companion tools.
tags | protocol
SHA-256 | 3a78f90ba3e009725dd21c6697b5a180836d3047bf155818439009389e28658f
razor.chfn.txt
Posted Jul 30, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Razor Advisory - A locally exploitable vulnerability is present in the util-linux package shipped with Red Hat Linux and numerous other Linux distributions. Chfn and chsh are affected. Tested against Red Hat Linux 7.3 and below.

systems | linux, redhat
SHA-256 | f33c78e000c95226dc9e980eef83fefd8f6895c01bda0b30a85f012ad3ca7906
fenris-0.7b.tgz
Posted Jun 13, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Repaired syscall breakpoint functionality in Aegir, problems on RedHat 7.3, and made some minor fixes.
tags | protocol
SHA-256 | 447932c5e732d97ca339be5ddc5f94b42a695561b36cbd93615154bb8cd4e733
fenris-0.06.tgz
Posted Jun 3, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: GUI is now stable. There are several bugfixes, efficiency improvements, anti-debugging trap detection, better blocking syscall handling, and many more features.
tags | protocol
SHA-256 | 0505286f46a92eb98b135d52dc93d6949ecd18418ec1911d8d5d74825a2b4099
fenris-0.05.tgz
Posted May 25, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Interactive debugging capabilities introduced and added burneye tracing.
tags | protocol
SHA-256 | e14cf365038e3721d3bd54233921777299724de0333f64d9953c009fe8fe0887
fenris-0.03.tgz
Posted May 19, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Includes a new utility called dress which reconstructs symtabs in ELF static stripped binaries, and write new ELFs suitable for use with gdb, objdump, nm, etc, and other minor improvements.
tags | protocol
SHA-256 | f3e73051c8780f7ebb6d3106fec7d584c33baff1a3a3aa5e831467983b03a4a6
fenris-0.2.tgz
Posted May 15, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Many fixes, new fingerprints, op5ionw and several optimizations.
tags | protocol
SHA-256 | 918de9718405630e09b3b3c2dfc3fea4d577479adfc90c8f21b79790fc3cf58d
adv_sendmail.txt
Posted Oct 3, 2001
Authored by Michal Zalewski | Site razor.bindview.com

RAZOR Advisory: Multiple Local Sendmail Vulnerabilities. Sendmail v8.12.0 and below contains multiple local root vulnerabilities. This is fixed in v8.12.1.

tags | local, root, vulnerability
SHA-256 | 33a10f0706c2b3d321f18b41f224a271bb8c7eb422d8bad8f87b3a52f6c7a860
adv_LkIPmasq.txt
Posted Aug 5, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Bindview Advisory - A remotely exploitable IP masquerading vulnerability in the Linux kernel can be used to penetrate protected private networks which have loaded the IRC masquerading module. There was a discussion last year that detailed exploiting NAT packet inspection mechanisms on Linux and other operating systems by forcing a client's browser or MUA software to send specific data patterns without the user's knowledge (see http://www.securityfocus.com/archive/82/50226) in order to open an inbound TCP port on the firewall. Appropriate but not sufficient workarounds were incorporated in Linux kernels released after the original advisory. Unfortunately, protocols other than those mentioned in the original discussions seem to be vulnerable as well. We found that IRC DCC helper (the Linux 2.2 ip_masq_irc module, and modules shipped with some other operating systems / firewalling software) can be exploited.

tags | web, kernel, tcp, protocol
systems | linux
SHA-256 | bcaf95982e917edd271016e86d6d77bc40fd5dd9c9b427da27e25b0f3c3b78f8
adv_smbd_log.txt
Posted Aug 5, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Bindview Advisory - SMBD remote file creation vulnerability. Insufficient parameter validation and unsafe default configuration on popular Linux platforms make systems running samba SMB file sharing daemon vulnerable to remote attacks. Tested on SMBD 2.0.7 and 2.0.8. Samba daemon allows remote attackers to create SMB session log files (*.log) with highly attacker-dependent contents outside outside logs directory. This vulnerability itself can be used to perform DoS attacks, or, if combined with unprivileged local access, can be used to gain superuser privileges.

tags | remote, local
systems | linux
SHA-256 | cd04a10ae9f3510f12059b264b6521eb10a3a3ea5a56ac1c4ae8a772b263273c
Page 4 of 5
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close