Twenty Year Anniversary
Showing 1 - 24 of 24 RSS Feed

Files Date: 2000-09-06

Posted Sep 6, 2000
Authored by Benjamin Thomas | Site

Linux Security Week September 4 - In this issue: Our feature this week, "Setting up a Linux Log Server to enhance System Security," provides clear step-by-step information on how to setup a log server. Also includes papers on Intrusion Detection Level Analysis of Nmap and Queso, PAM - Pluggable Authentication Modules, Anyone with a Screwdriver Can Break In (physical linux security), Inexpensive measures to solve security problems, Attacking Linux, Firewalls - Placement, The Emotional Side of Cryptography, Ain't no network strong enough, Encryption Could Starve Carnivore, The next era for Internet security, Review of Debian 2.2 Security, Justice shops for Carnivore review, Interview with Lance Spitzner, and much more.

systems | linux, debian
MD5 | 31df971348fd6490b9d4b01a0ff2044f
RNmap 0.4 Beta
Posted Sep 6, 2000
Authored by Tuomo Makinen | Site

Remote Nmap is a python client/server package which allows many clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all thier scans come from a dedicated machine.

Changes: Now includes command-line rnmap client. Also code cleanups and new server loggin form.
tags | tool, remote, nmap, python
systems | unix
MD5 | 08dd77a672d5008b4c83d095becd2006
Posted Sep 6, 2000
Authored by Telehor | Site

Auction Weaver 1.02 Lite remote proof of concept exploit. Spawns an xterm by exploiting an insecure open() call.

tags | exploit, remote, proof of concept
MD5 | ae24849f8d924869e91ff82ba910ad80
Posted Sep 6, 2000
Authored by Meliksah Ozoral | Site

The ICQ Greeting Card service allows HTML commands to be sent to the target user. Any malicious HTML such as file:///c:/con/con can crash the system or exploit other HTML based vulnerabilities.

tags | exploit, vulnerability
MD5 | 91d97ab6956757b6e2e2caa2176cb5ad
Posted Sep 6, 2000
Authored by Trashmonk | Site

unix.txt is a unix reference guide and learners manual. Useful for beginning unix users, people who want to participate in "Hacker Wargames" or windows users who are concidering makeing the switch to unix.

tags | paper
systems | windows, unix
MD5 | d1417c52a7087ef3de1dbe7f2f641397
Posted Sep 6, 2000
Authored by Advanced Research Corporation | Site

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.

Changes: Improved tutorials for http and smb, Added multi tasking support, Fixed error reporting date in daemon mode, Fixed errors in introduced in 3.1.7, Added test for IRIX telnetd vulnerability, Fixed a problem importing SARA Report data into Office 2000, and Fixed problem with get_targets (FW vs non FW).
tags | tool, cgi, scanner
systems | unix
MD5 | 033ea789e61f77df9bfd97434dff735a
Posted Sep 6, 2000
Authored by Vigilante | Site

Vigilante Advisory #8 - NTMail Configuration Service v5 & v6 denial of service. The web configuration running on TCP port 8000 does not flush incomplete HTTP requests, and thus it is possible to use up all the server ressources within a very short time.

tags | exploit, web, denial of service, tcp
MD5 | 27c9190c1e8ea1fa6610c1fed7b1c059
Posted Sep 6, 2000
Authored by El Nahual | Site

cpmdaemon is a program that runs as a daemon or a cgi which allows changing of passwords. It allows brute force dictionary attacks against user passwords without any logging. Includes exp_cpmdaemon.c proof of concept code.

tags | exploit, cgi, proof of concept
MD5 | 2cee74adc38f27a0987c0761daee7d36
Posted Sep 6, 2000

Debian Security Advisory - A format string bug was recently discovered in screen which allows local users to obtain root access if screen is setuid. This is fixed in version 3.7.4-9.1 and 3.9.5-9.

tags | local, root
systems | linux, debian
MD5 | 68e60099188baca4cca9424730989d5c
Posted Sep 6, 2000
Authored by NT Wako | Site

Windows NT allows remote users to find out the SID remotely if certain conditions are met. The logs need to be viewable remotely, auditing must be enabled, and policies must block the account after a certain failure count.

tags | remote
systems | windows, nt
MD5 | c07d5857c9508cf4ba534a2c81c92a99
Posted Sep 6, 2000
Authored by Neon-Lenz is a Local / Remote GET Buffer Overflow dos exploit for AnalogX SimpleServer:WWW HTTP Server v1.1. Based on USSR Advisory #29.

tags | remote, web, overflow, local
MD5 | 8c96c7c57e3dffd4c72a43bd2894485b
Posted Sep 6, 2000
Authored by TSS | Site

TWWWscan is a Windows based www vulnerability scanner which looks for 227 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan. Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me.

Changes: Web Server Detection Improved, added http_port, addded info option, and bugs were fixed.
tags | web, cgi, vulnerability
systems | windows, 9x, unix
MD5 | f78a3197f7f3d25c4d244b0be4645a32
Posted Sep 6, 2000
Authored by Robert Osterlund | Site

PIKT is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations. PIKT is quickly gathering potential as a serious security management system. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.

Changes: Added new 'piktc -m#' option for doing checksum compares (file integrity checking). Speeded up associative array processing. Fixed a serious memory leak in the script parser, also several other bugs and new features.
tags | tool
systems | unix
MD5 | cc683428aa755467ed46eef14a797e30
Posted Sep 6, 2000
Authored by Blue Panda | Site

WFTPD/WFTPD Pro 2.41 RC12 devulges sensitive information by revealing the full path of the current directory. This is fixed in WFTPD/WFTPD Pro 2.41 RC13. Exploit details included.

tags | exploit
MD5 | c194b70de1a0821e70ae086138d2206b
Posted Sep 6, 2000
Authored by Blue Panda | Site

WFTPD/WFTPD Pro 2.41 RC12 contains a remote denial of service vulnerability which does not require a valid login/password. Perl exploit code included.

tags | exploit, remote, denial of service, perl
MD5 | d9ffc0e536459e510de6dc4d4526a47c
Nmap Scanning Utility 2.54 BETA 4
Posted Sep 6, 2000
Authored by Fyodor | Site

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.

Changes: Fingerprint adjustments for better windows box detection, Fixed a SYN scan problem that could cause a major slowdown on some busy networks, Added an "SInfo" line to most printed fingerprints, Fixed RPCGrind (-sR) scan, Upgraded to the very latest Libpcap version, and various other small fixes/improvements.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
MD5 | d8ef19e84b6238685004616482ef63c6
Posted Sep 6, 2000
Authored by Initd_ is a tool which automatically attacks local linux binaries and attempts to exploit buffer overflows in command line switches.

tags | overflow, local
systems | linux, unix
MD5 | a2bb4b981f448f18cceae76361c2f958
Posted Sep 6, 2000
Authored by Zorgon is a source code scanner which uses regular expressions to search for 12 common insecure C calls and 8 common insecure perl functions.

tags | perl
systems | unix
MD5 | eed466047c1775f5831cc825c8de9bee
Posted Sep 6, 2000

Debian Security Advisory - Recently two local vulnerabilities have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

tags | arbitrary, local, vulnerability
systems | linux, debian
MD5 | 937c29c6008182445465a9e00b781bf2
Posted Sep 6, 2000
Authored by teso, Palmers | Site

Telnetfp is an OS detection tool which uses do / dont requests via telnet to determine remote OS type. Contains 23 OS fingerprints.

tags | remote
MD5 | 826448f8419c26b5eb603ee19b4dd532
Posted Sep 6, 2000

ISS Security Alert - A new Distributed Denial of Service tool, "Trinity v3", has been reported. Each client joins an undernet IRC channel to take commands. A bindshell is usually installed on TCP port 33270.

tags | denial of service, tcp
MD5 | bf31b109e8c23a901996de22d6471e8d
Posted Sep 6, 2000
Authored by Sean Trifero | Site

Patch for linux kernel 2.2.17 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags.

Changes: Now works with kernel v2.2.17.
tags | kernel, tcp
systems | linux
MD5 | 53833b817e53285259d8e0a1426920f4
Posted Sep 6, 2000
Authored by Sean Trifero | Site

Landmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.

tags | tool, intrusion detection
systems | linux, unix
MD5 | f21184a3e76e3758813651b77d1c092e
Posted Sep 6, 2000

SAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.

Changes: This version features a check for the newly discovered distributed denial-of-service tool, Trinity, the bboard vulnerability in Sun Java Web Server, netauth.cgi, htgrep (cgi), root accounts with empty passwords, guest and administrator accounts with empty passwords, and writable Netbios shares.
tags | tool, scanner
systems | unix
MD5 | 2db4216e8d465ce524396cf5c2d23096
Page 1 of 1

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By