exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2001-11-06

Posted Nov 6, 2001
Authored by Gorny | Site gorny.ath.cx

Btk is a little Python extension module allowing one to create and play with raw sockets and TCP/UDP/ICMP packets from within Python.

tags | udp, tcp, python
systems | unix
SHA-256 | decaec6232a915f53abf02a4f0b4640a48f4b16a8776802c6985da925ffaa4c4
Posted Nov 6, 2001
Site cipherdyne.com

Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.

Changes: Fixed a problem that would drop packets that are part of legitimate TCP sessions. The --USR1 command line option was added to have psad automatically send a running psad process a USR1 signal, which is useful for peering into a running scan data structure. An email installation subroutine was added to install.pl.
tags | kernel, perl, tcp
systems | linux
SHA-256 | 4f24865b58a950757f31ad67a84f2ba3e74358d411ac6ade255ca2b8dbf97e40
Posted Nov 6, 2001
Site dwheeler.com

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Recursively checks source in directories, support for RATS's "ignore" directive (for compatibility with RATS), minor improvements in the vulnerability database, and a new option for suppressing status information ("--quiet") have been added.
systems | unix
SHA-256 | af2a2072a15847c8460565babe13b2a8d6b095b9daaedade52ba28abf8ec86f6
Posted Nov 6, 2001
Site sourceforge.net

fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.

Changes: Fixed a remote DoS caused by stack based buffer overflow (not exploitable to run shellcode), and removing limitations on size of printable packets.
tags | tool, root, firewall
systems | linux
SHA-256 | eba87138d1120e49a4460896f06ae1fa50da180902872dde33f33a56141f5fdc
Posted Nov 6, 2001
Authored by Zenomorph | Site cgisecurity.com

Fingerprinting Port 80 Attacks - This paper looks at some of the signatures that are used in web server attacks and what to look for in your logs.

tags | paper, web
SHA-256 | 418fdba08b5342ce96f2eb897abfc3f48546f0a39066b51571a722980b2c603f
Openwall Linux Kernel Patch
Posted Nov 6, 2001
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Ported to 2.2.0. This version moves even more of the support for combined ELF/a.out setups under the configuration option introduced with 2.2.19-ow4. Readme available <a href="http://www.openwall.com/linux/README"here.</a>
tags | overflow, kernel
systems | linux
SHA-256 | 26a737a43a7486f9aed74043808e07b57d7dc15a1afbf6b49577eb73f0befd66
Posted Nov 6, 2001
Site original.killa.net

The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.

Changes: Updated for kernel v2.2.20.
tags | denial of service, kernel, root, patch
systems | linux, unix
SHA-256 | 74f541ebcfbcbfb32968d1b03e66685c04d902f786a780492eb07f47cdd69604
Posted Nov 6, 2001
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. Windows binaries available here.

Changes: A bad file descriptor leak was fixed.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
SHA-256 | 376a383c5fad43306cef871664c81a31a86007458d75750c0053d4e77332c020
Posted Nov 6, 2001
Authored by Martin Roesch | Site snort.org

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.

Changes: New stable release! Fixed bugs increasing stability and improved logging of reassembled streams. Full changelog available here.
tags | tool, overflow, cgi, sniffer, protocol
systems | unix
SHA-256 | c305a83d444273f36fe616be53e47889e553f1076437495c3cb20aa4dea2051c
Posted Nov 6, 2001
Site steghide.sourceforge.net

Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data. It is able to embed data in BMP, WAV, and AU files.

tags | encryption, steganography
SHA-256 | 7023049ea27d26db23073fd0c280a93cc283531e40fc3edf84638e441e68e288
Posted Nov 6, 2001
Authored by Guile Cool, Nyo

IPV6 Flooder.

tags | denial of service
SHA-256 | 840f1e7f1a6630975736391461079a35d92a25fde20d2c2df2d20980cfe278b1
Posted Nov 6, 2001
Authored by Malcom-x

Tux web server remote dos attack. Sends a large host parameter inside the get request. Tested again RedHat 7.2.

tags | exploit, remote, web
systems | linux, redhat
SHA-256 | 029a738f9b68551f68b054c1d398abfbab7c1c19c344eabb37256f52d1ec0928
Posted Nov 6, 2001
Authored by Nyo

FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.

tags | tool, rootkit
systems | unix, freebsd
SHA-256 | 846d1a294f28721aa038c839384a72e8fc9b706324f5426a23df837e297075f2
Posted Nov 6, 2001
Authored by eSDee | Site hoepelkoe.cjb.net

IIS 5.0 remote win32 exploit for the null.printer buffer overflow.

tags | exploit, remote, overflow
systems | windows
SHA-256 | ce2073743bd10136edc549bb174a68f191651fd565885d653fb6d128c2ecc388
Posted Nov 6, 2001
Authored by Andrea Barisani

The Firewall Tester consists of two simple perl scripts, the client part (ftest.pl) and the listening "daemon" (ftestd.pl). The client injects custom marked packets, while the daemon listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall.

Changes: added the ability of spoofing real connections for stateful inspection firewalls testing, added custom TOS and checksum settings, verbose flags. Requires: Net::RawIP, Net::PcapUtils, Net::Packet.
tags | tool, perl, firewall
systems | unix
SHA-256 | 19387661c89041849369c4ecd4045d750ecfdf4e449cd3b7f4df259233febdf6
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By