Microsoft Internet Explorer 5 and accompanying mail and news clients on win95, win98 and win2000 enjoy a unique status in that they choose to ignore user input. This document will show you how to manually force a file onto the target computer despite all prompts and warnings. Demonstration available here.
7ee1f183e67576845d5933f7a7c1c7ed4d66b3108afe965dc0696834b71ac633Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
cba979b649e12b0f5b3b05c196e31d6ea1f8a43d81ac109c8be92cc7e1977e16Format Bugs - What they are, Where they came from, and How to exploit them. Users can often input format strings into printf and other statments, causing the stack to be overwritten. Includes code samples and debugger output.
a591a666146efb26ddfc36a8bc0226770a35257ba749a6efc8797ecf52f3289cWingate.py is a dos exploit for Qbik wingate 3.0. Connects to tcp port 2080 and sends 2000 characters, causing all wingate services to crash. Origional bug found by eEye.
afd3c1b45990cec90d6d28919ea835f444a7fef236f733a9dc69806fde9832f3Georgi Guninski security advisory #14 - Internet Explorer 5.01 and Access 2000 allow executing programs when viewing a web page or HTML email message. This allows taking full control over user's computer. Access 2000 allows executing VBA code which has access to system resources and in particular executing files. Includes exploit code which silently opens and executes VBA code from Access 2000. Demonstration available here.
fe568442ae8f90da9486762f3cbbcbf6148ba69298f95dfc55f9dce550ddbebfGeorgi Guninski security advisory #13 - Internet Explorer 5.01, Excel 2000 and PowerPoint allow executing programs when viewing a web page or HTML email message via insecure ActiveX controls. This allows taking full control over user's computer. Demonstration available here.
f41e05939819ebcc5e580519c20fa7f242ed21f010334bb9e1e5c4204510a020B0g Issue 6 - In this issue: A Look Into Wiretapping, getting root; the b0g way, interview with cr0bar, The SS7 Signaling Connection Control Part Relay System, Sniffing and spoofing explained, How to crack macromedia products, Fun with noise in QBASIC, pulling people's doc's on irc, IRC Quotes, and much more.
14df912c8324c58e5698de4a6c8108df9453bc48b810f92cdebaff1435cb9286FreeVSD facilitates true Linux Virtual Servers within a 'chroot' environment, allowing Web servers and other applications to be deployed and administered discretely, without compromise to security. Each Virtual Server has its own IP address(es), Apache webserver, and view of the process table. FreeVSD expands the Linux system by creating a pseudo-'super user' (admin) for each Virtual Server. The admin user has the ability to create extra POP3/FTP and Telnet users and also administrate vital services such as the webserver.
f3c6f5917da78914473d0c645dfa4aa519baa58c3a256bb935dacfa72d4ded6brvscan v3 beta one is a high quality unix remote vulnerability scanner. It is based on fts-rvscan but has many new additions, such as 100 new cgi checks, new bind checks, ftpd checks, bsdi vulnerabilities, more rpc checks, solaris vulnerabilities, new pop3 checks, bootp and mdbms, more sendmail checks, and better logging. It does a very thorough job, even includes some non-published exploit checks.
ef42dc9c0cad12930c5c5765f90ccd09e61f0706df7ae9f7e6d9ae5e685d5ac9Quick perl script to search through the history file of each user on your system for a certain command (i.e. "cat /etc/passwd").
9bff10e0b13f74501fe381001cf0e37279e3be5fca0e60e87cb1c850a547780fsploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
a9a2d6cb059ca360921cfea53192a86691abc7cab592a0d3711c7ca85e80a471A simple yet sophisticated perl script that runs in the background and monitors for user attempts to su to root. If one is detected, the log file is immediately mailed to a specified user and a backup is created in /tmp. Very useful for attempting to keep track of logs after an intrusion has occured.
9d5a05a262ce5c62f5af07164aa226ee20f05a3529a13f4c3b10f6642e980ec1suidbofcheck.pl searches the system for suid binaries in /usr/bin, /bin, /sbin, and /usr/sbin and tests each one against a standard buffer overflow (both with and without the use of environmental variables) at a specified offset.
cdfabbf02010e314aaf0717fec7794934ca6e1c28d934c051807997557d665e4Exploits the auto registration feature of most ChanServ bots and causes it to die. This exploit has been known to work on networks including DalNet, CobraNet and RelicNet.
865f6f01d3cc5bf17ccb21f2ea7ad728f0e13a90f25b6ff1a1fe00b5b3a4ad68iMesh 1.02 builds 116 and 177 for Windows are vulnerable to a buffer overflow that can be exploited to execute arbitrary code. Once iMesh connects to a server, it begins listening on a TCP port (varies). An attacker can connect to this port and cause an overflow which will overwrite EIP, effectively redirecting the flow of execution.
7e6502a1050bf172ba5bec4d156f3a8bc7a2d4a1cece70a84fffcb07c167cf9cSmit is a simple ARP hijacking tool for switched and unswitched networks. The source is based on arpmitm and arprelay and includes nice features such as automatic ARP MAC query and an improved MAC cache consistence algorithm. You can also run Smit in transproxy-only mode and use your favourite sniffer to capture 'hijacked' packets on switched networks.
f6b0bbb9acb2b5247541f8e9327ba3a86e30a865317acd35438ed13ae74ed9ebSawmill 5.0.21 is a site log statistics package for UNIX, Windows and MacOS which has remote vulnerabilities. Any file on the system can be read, and password is stored with a weak hash algorithm and can be decrypted using the included C program. This is dangerous because the previous security hole will allow you to read the hash and decrypt the admin password.
2c2c58f021857e688f36ad471178bf0306d758fc5829abf90f77a22c58174057Microsoft Windows secret options - More aggrivating display properties.
65aa1e22a2068f5a58c7fbf967d3454c99c326426193757ad360e388913713fcMicrosoft Windows secret options - Aggrivating display properties.
9f400b96cf3bca5423aa8c2457b299c9d2c66c709c5aed663ab61bdba4657db5Microsoft Windows secret options - Endourance options, etc :)
05779917700f59917b9bcfa81aa76d564e760f168128947370d0ace0ea56469eSING sends fully customized ICMP packets from the command line. It is a replacment for ping which adds certain enhancements such as fragmentation, send/read spoofed packets, sends many ICMP types (Address Mask, Timestamp, Router Discovery, etc) and Error (Redirect, Unreach, Time Exceeded), oversize packets, etc. Tested on Linux, FreeBSD and Solaris.
0f37eb69dc449eea1282ba221917ed9864952f9a3b3cbaae762260af8982bf0eKNmap is a new KDE frontend for Nmap which supports all the scan methods and a great deal of options.
c79a3b333615c49733b9cb6caf849384756302a1b80d1e2206ce9cadaea2ae95BFBTester is a utility for doing quick, proactive security checks of binary programs by performing checks of single and multiple argument command line overflows and environment variable overflows. It will also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names. While BFBTester can not test all overflows in software, it is useful for detecting initial mistakes that can red flag dangerous software.
74db8d4c5d35b7c0f1826f9ebd93f8fcb8ffb78cdb0e453cbff11369557d33f7slackUp is a Slackware auto-upgrade utility. It will download upgrades to the programs you currently have installed on your system from the slackware-current tree. No user interaction required. Just type the command, go for a coffee break, and after a reboot, your system should be upgraded. Until the Slackware team comes up with an official auto-upgrade utility, slackUp will hopefully help fill in for it. This will make your slackware system much more secure.
3f286e777b0746bd01c925bbb30f98d7dd8404f6427d0f54a2afb4d7fa31bba1motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email, SMS messages, or invoke an external command when detecting motion.
4b99b6d1c13acc4acf9cfbeed78334a0323b65bb21cac5e08cd72aac985b1e4d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
