7350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD.
33f1db59facbfa0648cc1b9e7fac8958fdfbe6056b000bfbd7ca175b8b29af23German speech given at the CCC - "exploiting format string vulnerabilities". Including examples.
fb6f4bbc3e3270eb0fdf54421051b06b4537b3129ca000b5f781fac055d4b629The SSL client stress tool is a small program which is capable of stress testing any SSL-based server. It has been tested with Apache+mod_ssl and IIS. It can be easily modified to stress test any custom SSL implementation, and can also stress test static-page HTTP servers.
688bde5e911922669bcf69ea6c926cdf387f615721ea14b6b29290958febf4ecLogtool is a syslog file parser, report generator, and monitoring utility. It takes syslog (and syslog compatible) logfiles as input from stdin, and depending on command line switches and/or config file settings, will parse and filter out unwanted messages from the logfile accordingly, and generate output in ANSI color, formatted ASCII, CSV (for spreadsheets), or HTML format. It is very handy for use in automated nightly reports, and online monitoring of logfile activity. It comes with some simple example scripts and documentation.
52da48299fdc9fef7e589153e5385e54faf30c4c17e7212f7418061057c04869tcpinject allows you to send a wide variety of TCP/IP-packets to a given host. It is possible to specify source and destination IP address/port, packet size, payload, TCP control flag, TCP window size, and a few other things. Based on Libnet by Mike Schiffman, tcpinject is a nice tool to test your ipchains/netfilter packet-filtering settings.
e83a34af8faba87e1a85e62d4f7689e56b64001bda38ad30f47076421ab71640The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
2afd9fec0749cfc1288b7e3161a38854552fc3560ebe67a6fdcef84b0ddda4e1motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email, SMS messages, or invoke an external command when detecting motion.
3a8f40c9f0df2a5343a84373b9413223e93f4e39c9ea67762d5db15eba083ed8LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
f787b36002ce4d2d6001b47c3533437f755824dcd4b4080972e60e7a3672c773Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.
fbb53acabdaa213d7add08cf749f4a4920bfa411ceae2c8b7b0612ebb94897a8CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.
11261e3cd8bd45a4178f07d974e5a2b91e9e20a0c77d5fba11f521db6774ee11sslwrap is a simple unix daemon that sits over any simple TCP service such as POP3, IMAP, SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can run from inetd and encrypt data for services located on another computer. It works with the servers you already have, and does not require any modifications to your existing servers.
596a1bf61a457662e754b9fcfec6b3df7fb2f6c88498bd76ef8027f08c3af336floppyfw is a router and simple packet filtering firewall on one single floppy. It uses Linux ipchains firewall capabilities and includes a simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines using both static IP and DHCP. It is simple to install, you only need to edit one file on the floppy.
8eef7dec66866fbb51e3d4a786e888d91c32c455b3812033fc9956532f594443SAINT (Security Administrator's Integrated Network Tool) is an updated version of SATAN, designed to assess the remote security of computer networks. Features include scanning through a firewall, frequently updated security checks, 4 levels of vulnerability severity, and a feature rich HTML interface.
92a1d1b8da20e2e2479fa4f55c5551193f52cd93e75659de99f6f70fd42510c0Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset.
45ca5a83e4e3b2935bbcc030e7aa7274b856c0e76c603e32c6c7565d8a05ad2aThis little utility will use a public service (netcraft) to check the web server version and operating system of a remote host.
9daeb72af38ace3ab3f9e5d03f959dc534f506d19b3bca2a347b14881c7f11c5Shellcode which plays audio (knock knock) vi /dev/dsp and setreuid(0,0) + execve shellcode for Linux/x86.
a45331428e22c886119ae7325c4e640708d51d8be28eb45a5a5c17f3fa5b13a9Expect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application.
8a69e04abc43d9ebdcd6198de5a7b5431ff007a5dca07c47115be8df48b6e33dGnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0.
b91af559b80952154115640a2ad71c7a3af251836cff99bde6dad6259ee95e28Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here.
763a21a0317bfb6f2998e4af7bd10b8c567fd24381ff2cea8e0f004f377ce176Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2.
5ccc4924acae3a7b73ecd24a19febb73d31ccc8e7ed7d704614e4dcbd8d4550aKwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0.
d44863b348783f75efca589a0a0b99b6a150e833cd2e1dd95d32999361050380Fancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1.
6a6d636b942d55b3a7cd1edceb5b8ba35821afd8196ce14ad6e2f04d65c3d913Generic ELF .dtors exploit.
7e4fcc9e325b71ea4dd0f30de481f4eb9dcb0403da041f927b6e200a7a9d57d4Ipchains firewall frontend - Prompts enabled.
79f4d5c6dd2281fff7d8406580199d4e0cd4abdc137d8e7af428569d2d60ced3Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
db15b26c1ef17181b646ad4699d10da1c66d99a828057522c686f9f47a7d82c1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed