How to Exploit Format String Vulnerabilities under Alpha Linux. Includes techniques and example code.
fb0fd3f5ea1da71d3480f0ab3b12774cb66642a7b3267859fa03b1b693e6053e
Majordomo v1.94.4 local exploit in perl. Binds a shell to port 1234 with uid=Majordomo.
3a1bfea6bba3d9ea6fd7f66f9211de9ecce5dbe5b859d9ffa9613bbeeeb45ced
This howto walks you through building a FreeBSD-STABLE firewall with IPFILTER. This is a checklist that walks you through the entire process from beginning to end: installing FreeBSD-stable, recompiling the kernel, OpenSSH security, TCP-wrappers, VESA video modes, and special syslog logging for your firewall.
90a89638a1bb7a689710c7cb260fddd1887bc75eeb83cc49e93d7f7220e9ce8a
Cisco Security Advisory - The Cisco Secure PIX firewall feature "mailguard" which limits SMTP commands to a specified minimum set of commands can be bypassed. To exploit this vulnerability, attackers must be able to make connections to an SMTP mail server protected by the PIX Firewall. All users of Cisco Secure PIX Firewalls with software versions 6.0(1), 5.2(5) and 5.2(4) that provide access to SMTP Mail services are at risk.
844d365f0b47bcd0fed7bc74723706ea4c035e7ea51e5d953adcdb2706897b20
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
3dd87a3456ea61151d0bd2287b3d8b9e9371d8472d0f756b9fe3ac2800478e1a
THC-RUT (aRe yoU There) is a local network discovery tool developed to brute force its way into wvlan access points. It offers arp-request on ip-ranges and identifies the vendor of the NIC, spoofed DHCP, BOOTP and RARP requests, icmp-address mask request and router discovery techniques. This tool should be 'your first knife' on a foreign network.
57ed9bd93003205ae3738dab5fe7d6c2d887404f5fcbc0a7ef08c05f22715a55
Hydra v1.4 is the world's first parallel login hacker. With this tool you are able to attack several services at once (FTP, POP3, IMAP, Telnet, HTTP Auth, etc).
1e7c26a3b9c5840830cbfe4b20c5f8dc16d52e1db7dc42711e493c8035da5d70
THC-WarDrive v2.0 is a linux based tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, supporting NMEA GPS devices.
867fdb212fef9c2ee86ba52fd23b7ca63a5d5187f61ddb0c34345adb112a82cf
iptables is the new packet alteration framework (firewall utility) for Linux 2.4. It is an enhancement on ipchains, and is used to control packet filtering, Network Address Translation (masquerading, port forwarding, transparent proxying), and special effects.
565eabdc7cea7f1203810b37c30dfedc37fb979e145ffa30b7c25d5a9c21d48a
The Linux Port/Socket Pseudo ACLs project is a patch to Linux kernel v2.4 which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
a73ebf143d0739e1eb292453bf559c1f9cdec32058f30c2394eb8715caa2e556
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
25d1a40d6e0adbf5ed62b143d1f7a0e416617b5b67d9c4f0e55d11e094db97b4
802.11b Network Discovery Tools is a gtk tool to scan for 802.11b networks using wavelan/aironet hardware and Linux wireless extensions. It includes the ability to log coordinates of found networks from a NMEA compatible GPS device, and can be linked to a serial port.
1fd449b3cfcfecf2aff18bf6d9c0c6c0363c62e10cd530785328adb191408365
Proxy Toolkit is coded in Java and checks to see what information a web proxy forwards.
29df10b97dc837a93d9fbf6d310c5ccfc8236ae4560a8bdac470fa265c494422
Microsoft Security Advisory MS01-049 - A security vulnerability exists in Exchange 2000 Outlook Web Access, because it will accept and process a request for an item in an authenticated user's mailbox without verifying first that the folder structure is valid. An attacker can mount a denial of service attack by repeatedly levying a request for a non-existent but deeply nested folder in his own mailbox. Microsoft FAQ on this issue available here.
94946005340865173ae7c47cce980ae07ca0a2c50db2342cc2005aa10fb1d1f3
FreeBSD Security Advisory FreeBSD-SA-01:60 - Procmail versions prior to procmail 3.20 performed unsafe actions while in the signal handlers. If a signal is delivered while procmail is already in an unsafe signal handler, undefined behavior may result, possibly leading to the ability to perform actions as the superuser under unprivileged local user control.
a15e547ec286cb5b926fcb77bad3b9f6485a830f74e96e8d626520438447fb28
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
2bc9444be7624a764f02de03965505a1408853ddd196b038dba3a8d08cd9505e
Sendmail is a very popular unix Mail Transfer Agent, a program that moves mail from one machine to another.
ef37bf77cb9f2b3ce65d8d7fdf266366f6640a62409b57907ed953fd86a9261e
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. LIDS FAQ available here.
3e13d68114e1d23e557d6f3380af20b67b224328e7e1951b82b181c1a107fa27
MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
f61d2b74017f34d562ef1f8005602a6819466baf7b6498a42f91e32a9baad685
Remote Nmap is a python client/server package which allows many authorized clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all their scans come from a dedicated machine.
dfbb52e97f0f0884cb02942e7db1b6327bb76edb3174c3be78889275eb88fe2b
Ghost Port Scan is an advanced port scanner and a firewall rule disclosure tool. Uses IP & ARP spoofing, sniffing, stealth scanning, arp poisoning, IP fragmentation, and other techniques to perform stealth and untrackable information collection. GPS is especially efficient in LAN pen-testing, due to its ability to disclose the firewall settings of a host.
8b0c46b51c8ec5007ef24990765445686e08ac8a7fa8aca2da9311c6e1987e7d
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
65218b8628ccf90b31968d77f356467c7ff3ab2195dd393e39834620308e4c3b
Form Scalpel v1.0.11 for Windows is designed to aid security professionals to assess the resilience of a web sites forms to various forms of attack. Given the growing sophistication and variety of sites and development techniques utilized, a generic tool specifically aimed at making this job easier was required. Thus "Form Scalpel" was born. The tool automatically extracts form/s from a given web page and automatically splits out all fields for editing and manipulation - making it a simple task to formulate detailed GET and POST requests. The application supports HTTP and HTTPS connections and will function over proxy servers.
7e07602b66b9a90c888f9c066ea1852defe0f6f2cc036b7160b45d979aad1fdc
netl v1.09 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback which provides functionality not found in similar programs. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
5c0f37cb666914e50b01575f936c4800c589f5a6b7f0052d172debf882e961f7
LaBrea v2.0 is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
23b2e7cad2a4578ea03587998eac0e122e2899f608739aa1a517864514a77f26