LibMix v1.05 is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread).
a43c83e60f1526ed38138346b9102a4cb27bc1531e235eb0bd78c583dea8a013Coding in C - a summary of some popular mistakes. Most of them are not detected at compile time with all warnings enabled, which makes them very nasty and hard to detect.
737d50616c03d55f8e032bb3348892b062e5ced53d2c378786dbda33ef725c28shlog.c is a small program that will do getpeername on its input descriptor, and log a remote host, if it is invoked via a remote session, along with uid/gid to syslog. can be used as additional logging tool for login shells (by putting it into the system profile).
bd42d52088d6edf926cf9b9ece53c386df3616f092ad9588f1a8757e43cc353fTFN3k is a paper about the future of DDOS tools, how they can be used, and the dangerous features that can and probably will be implemented in the future. Also has information on establishing Network Intrusion Detection (NIDS) Rules for DDOS attacks.
81f6b4c0bc45d0a32a93a7d9053beb1a229a36193e7cbb36d1a180bcf41cc5f6pcfs.c is a tool that creates a fake CFS (cryptographic file system) encrypted directory tree, which is reasonable indistinguishable from a real CFS directory. It proves that just having a CFS styled directory doesn't prove it actually contains real encrypted data.
cb278ff823f8b81b672492dcb35960e85ed6420efa14288465dab6f4d48d20aeMixters guide to defending against DDOS - 10 Proposed 'first-aid' security measures which should be implemented by anyone at risk.
a45bc9efc6b77fa911f41e367dd8ef7a0a6a867f5d47435a7fe799d7074c2ae5webscan.c is a fast multithreaded CGI and HTTP version scanner that is based off cgichk and can easily be updated. the cgi scanning y2k problem has been fixed in this version.
372b8f130488d7e78531ef9c5af3f4d89272bf0bea639a363479d76074b96827virii.tgz is a collection of files that are supposedly infected by a linux/elf virus that could be out and spreading in the wild. it also contains a detailed description of the suspicious actions the virus performs and the patterns that can be found in the files.
691df8cc678c2caba81db01501a7fea033cd8923437ce4c457b094a89f4c0b82trojans.txt is a paper that deals with methods of analyzing, debugging and disassembling unix binaries, looking for viruses, trojans and other malicious code.
2f61e64d50b8c2d733f5e9c50f4c109ea0f3666891cdbb2f2f1d557a1acfded7rawpowr.c can access a block device containing an EXT2 file system in raw mode, changing all executables into suid executables. this demonstrates that security can easily be breached as soon as block devices are directly writable by the attacker.
f5afd86837980a670a4ef1348fba298322ae697efa523ae82d8a9196380a98bfStasis is a tool to fool atime/mtime timestamp checking. It records the timestamp of files, then periodically finds atime/mtime changes and restores the old timestamps, as if the files were never accessed / changed.
eb63609efc1350e5ecc18faffda1b59339dc10d5a460127fa971feb32673d225Intrusion Detection Evasion System is a daemon that monitors connections, and forges additional packets to hide from and disturb network monitoring processes of IDS and sniffers. It does this by inserting rst/fin and ack packets with bogus payloads and invalid sequence numbers that only affect network monitors. It also sends a custom amount of SYN requests from arbitrary sources on every real connection attempt it sees, which can for example be used to simulate coordinated scans.
70928c72e9594e3b31e86cabaaf959e292ac9e456f7add9f9d4fb015debc78bcWinning Packet Storm Contest Entry - Protecting Against the Unknown - A guide to improving network security to protect the Internet against future forms of security hazards.
0e6222b8be5665deed5eefcf97e95600e15395e70fc048b75e1a1963cb6c8da9Q 1.0 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports. This version is downward compatible and includes a few bugfixes that make the remote access daemon work reliably.
35ffdfbefeac850bb2ce4ff8a3613dbf68aaa7ef7147b5b4a9a14bcbff725692webdecoy.tgz is a small script that can find, remove and replace vulnerable CGI scripts on the local webserver with "decoy" CGIs, which log exploit attempts.
853f3f8326f0656b1f9c046c35b006d4d37ff9fd19357e3909da8eb0e31eb4f8Nsat is a fast bulk security scanner designed for long-range scans written in C++ which scans and audits about 60 different services and 170 cgis with different scan intensity.
3ab2a97528f2860fe8da6c53e97c0b30414f7de6150a4d2fb4dfed024c39a521"solinger" Denial Of Service - bind 8.1.*, 8.2, 8.2.1 - causes a bind8 server to stop responding to requests for up to 120 seconds. Quick proof of concept of the bug pointed out by ISC.
c00f49a4683589b7cdfeab5c617c94f4a65bf5320693b205eae0c9f7ca5745e1Echelon for Dummies is a distributed sniffer which tries to show how the "echelon" network could be designed. It uses sniffer servers that can be installed and run on remote hosts, and will dig through local network traffic, useing custom pattern/keyword matching to find packets with interesting content, which are then forwarded to a central loghost on which the logging daemon is run that gathers and logs the data. For stealth purposes, Sniffers and the logger communicate via random protocols and encryption, and are compatible to many Unix systems and NT.
70592b2730b49a0cb5f11ce7b3258462d9a60e8f4b8feb94b9d5590f6af2438cNsat is a fast bulk security scanner designed for long-range scans written in C++ which scans and audits about 60 different services and 170 cgis with different scan intensity. Updates in this version include detection of sendmail 8.9 remote exploitability, more CGI scripts that can be used in MDAC IIS attack, improved rpc service and -backdoor scanning, all latest solaris RPC vulnerabilities added, and detection of trinoo distributed DoS masters with default ports.
6f56824e13f9d05aa0eb1eef2be048cfcf35fd35354da8cabd0ade5d70de5df4Tribe Flood Network 2000. Using distributed client/server functionality, stealth and encryption techniques and a variety of functions, TFN can be used to control any number of remote machines to generate on-demand, anonymous Denial Of Service attacks and remote shell access. The new and improved features in this version include Remote one-way command execution for distributed execution control, Mix attack aimed at weak routers, Targa3 attack aimed at systems with IP stack vulnerabilities, Compatibility to many UNIX systems and Windows NT, spoofed source addresses, strong CAST encryption of all client/server traffic, one-way communication protocol, messaging via random IP protocol, decoy packets, and extensive documentation. Currently no IDS software will recognise tfn2k.
07f94c742546e490bd6c8ab103c0ffa31399129812380e0bece242fcdf7a4cbaPaper on exploiting security issues in client and other non-server software. Includes a sample exploit against tar.
67a289316796316f40e67df6386dfe291a4eba9fce5c20763db7bc76da920954spidernet uses a network of host-based IDS and a logging monitor that allows to watch a large amount of remote systems for file changes of a defined list of files and for promisc network interfaces. Sessions are strongly encrypted with cast, and checksums are generated using the reliable md5 algorithm.
baf7f2637c9eb566884edd1a273592dc130ba3738d83a677d39d9c9321a2624eCommonly overlooked audit trails on intrusions. This is my attempt of compiling a 'top list' of audit trails that are being left after intrusions where the intruders try to cover their tracks but don't do a good job. To put it short, there are actually a lot of audit trails on a normal UNIX system, which can almost all be overcome, but with some effort, that most intruders evade.
62983ffce65d3105e159e3fe5efb6acaa712499108530acd484c96b44d5f628bExo is a handy little tool that 'sweeps' a range of ports on a list of hosts. It works by sending out raw packets and waiting for replies with two separate threads. This method makes exo able to find open ports without any delay, i.e. effectively at the rate that your bandwidth allows. A 56k dialup connection can scan for one open port on 65280 hosts in 160 seconds.
a60c48f440035e2d53ede947853d80e3f98e95622144113c2ad58eb2cf57a539Yet another wu-ftpd 2.5.0 exploit, which finds world writable directories automatically. Tested on Redhat5, Redhat6, and Debian linux.
070dcb17b0983c82941c323daaf00a487f9924adb8255f6edc18b6260baabac8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed