The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. LIDS FAQ available here.
d7548f59b3973f98bdf19dc654a963244f3639ac752c377a382018717e9a1191Phrack Magazine Issue 58 - In this issue: Advanced return-into-lib(c) exploits (PaX case study), Runtime binary encryption, Advances in kernel hacking, Linux on-the-fly kernel patching without LKM, Linux x86 kernel function hooking emulation, RPC without borders, Developing StrongARM/Linux shellcode, HP-UX (PA-RISC 1.1) Overflows, The Security of Vita Vuova's Inferno OS, Phrack Loopback, Phrack World News, and more.
ee77a8d4f48fe30a69ff0924cfc8de40748da8c69b2e4e854bd0ba5d410e233cThe hp-ftp trojan pretends to be an exploit created by the Last Stage of Delirium that targets HP-UX FTP servers. Upon executions this file will try to add two new accounts to the password file and will send an email with netstat information to aborted@yahoo.com LinuxPir8@yahoo.com. Archive password is set to p4ssw0rd. Use at your own risk.
323f34db83b7d6108a4f23c73d3afb15Solaris x86 v2.8 /bin/login via telnet remote buffer overflow exploit. Uses fixed addresses. Executes any command as root.
8d3fd288df4995d5d3f1e2fea300e371c51d0455b03a428ac1c07e3ded29d2abPmake <= 2.1.33 local root exploit. Some distributions have pmake suid root by default.
2b080511384ae8e213adb366947433c6146e524aa2bfafbf50c32312f1454f8fKaitan.c is an IRC based DDoS client.
a4ad354cdca50b144490f75cf9193af1925f2308ee52514a7ffb5fc9d8b0bb79Nb-isakmp.pl is a proof of concept exploit for Bugtraq # 3652 - ISAKMP/IKE remote denial of service against Win2k. This code may exploit other bugs as well. Perl version.
6ef25b8d1ba114841a8d4ccc55e140f50dd17a4700763333202bc66f1293b338Nb-isakmp.c is a proof of concept exploit for Bugtraq # 3652 - ISAKMP/IKE remote denial of service against Win2k. This code may exploit other bugs as well. C version.
f5486daacf1b331ad898ccb4e9629d84abc8a606c7e8d3b2b80234edda1df027AdStreamer is a cgi package with several remote vulnerabilities, one of which allows remote command execution. Buggy open calls were found in addbanner.cgi, banner.cgi, bannereditor.cgi, and report2.cgi.
b45aa093198822646a56eced2418259c61c1cd33a6793264a56045e50d87c79aAesop is a TCP-proxy which supports many advanced and powerful features. It's designed to be secure, fast and reliable. Aesop makes use of strong cryptography (RC4) for all its data-transmission up to the end-link. Another powerful feature of Aesop is that Aesop proxies can be transparently stacked into a secure chain. Aesop is implemented using multiplexing and is therefor fast and lightweight.
d5ad647ce2d30f7b5f15fb6162d4d7bb8a79761c151ac939a4267d4d7952d017Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
25fa62a5d1ba6dce074e67e25601464c57e75a1ecb506bdcfac4d533d9dc70c5A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL Man-In-The-Middle attack without the majority of users recognizing it. In fact the only way to detect the attack is to manually compare the server name with the name stored in the certificate due to a flaw in the way IE checks HTTPS objects that are embedded into normal HTTP pages.
be656d7d8e024e7317da02518924572f3527b139ee72d711816b35515804709cPlesk, a popular server administration tool used by many web hosting companies, has a bug which allows remote users to view the source of .php hosted files. All versions prior to v2.0 are affected.
086915112cab9f9dc4dd1793e8217e3b54220f795ea7084a433c309e15fa6430The Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here.. RPM's available.
c68b2bc856ef76b4934210205be2188b0e1e4ecb37ebf40e5fa829daa0f2f3f2Microsoft Security Advisory MS01-060 - SQL Server 7.0 and 2000 have several vulnerabilities. Some allow remote code execution while others are denial of service attacks. An attacker could exploit the vulnerabilities in either of two ways. The most direct way would be for the attacker to simply load and execute a database query that calls one of the affected functions. Alternatively, if a web site or other database front-end would accept and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call an affected function with the appropriate parameters. Microsoft FAQ on this issue available here.
0530d56484cb8b2a5215cdfe4eb3ed9d93faf7299a0ea4afaab538a52aa688f5Microsoft Security Advisory MS01-059 - Two unrelated buffer overflows have been found in the Microsoft UPnP service. A overflow in the NOTIFY directive allows remote attackers to execute arbitrary code. The second vulnerability crashes the machine. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed. Microsoft FAQ on this issue available here.
a44bee6a9162db8db90b17837abd4cad322825fb0c509ebb1aad45b1e928b6ccThe Firewall Tester consists of two simple perl scripts, the client part (ftest.pl) and the listening "daemon" (ftestd.pl). The client injects custom marked packets, while the daemon listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall.
53aba6a00e93b66c9d0092c9704525d2851c6e2f20d70e521e5046590cf7376dSec is a free and platform independent event correlation tool that was designed for network and application management, but it can be applied for solving any other task where similar event correlation operations are relevant. Since sec uses powerful regular expression concept for matching input and also supports named pipes as input files, it can not merely be used for matching events from a single logfile, but also for more general purposes. You can integrate sec with arbitrary network management (or other) application, provided that output from that application can be directed to a named pipe, which most modern network management platforms provide. Written in perl, works on Unix and Windows. FAQ here.
207a4804d03e2d8b75b7babeaa2ffa17d2483ed2719354c92c2d8ed7e76345acMicrosoft HK local exploit - Executes any command as SYSTEM, as described in MS01-003. Good for recovering lost admin rights. Includes C source and binary.
cd88e00055d120a493e12b4c85d7918cb835d162033519a2bfc4df5c703507c9Knetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.
97f93e9a7e42ac6bdac9a90c261af29d6589bbb1c510ee05d4f0b01033d3b45bThe goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
57185b1b202c202ab312683c0cec2e72f46ca731ef9489300166d8c329124370IPFC is a framework to manage and monitor multiple types of security modules across a network. Security modules can be as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from servers to embedded devices). Features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used
35da85916f89ffe63c21bbd2e6dc451a2045d24980edb9862b30db9e2c9a9beaThe Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
848342a5d5417eb00d5a2621a8ecd05922765397c2559d33af29be18b511c60cTCT is a collection of tools which are geared towards gathering and analyzing forensic data UNIX system after a break-in. TCT features the grave-robber tool which captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. TCT is tested on Linux, BSD, Solaris, and SunOS. For more information see the handouts from Dan Farmer and Wietse Venema's computer forensics analysis class.
40c43f9dd527192a2d17123c639020ca7431eb4a2af3dc31432c14373fcc0856Infostego is a program for Windows to hide information in pictures. Shareware. From www.anity.net.
9b1b01d5b6485133375896ffced032e70a9ce44849aa9257dfe8ebbfe39ac015
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed