The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. LIDS FAQ available here.
d7548f59b3973f98bdf19dc654a963244f3639ac752c377a382018717e9a1191
Phrack Magazine Issue 58 - In this issue: Advanced return-into-lib(c) exploits (PaX case study), Runtime binary encryption, Advances in kernel hacking, Linux on-the-fly kernel patching without LKM, Linux x86 kernel function hooking emulation, RPC without borders, Developing StrongARM/Linux shellcode, HP-UX (PA-RISC 1.1) Overflows, The Security of Vita Vuova's Inferno OS, Phrack Loopback, Phrack World News, and more.
ee77a8d4f48fe30a69ff0924cfc8de40748da8c69b2e4e854bd0ba5d410e233c
The hp-ftp trojan pretends to be an exploit created by the Last Stage of Delirium that targets HP-UX FTP servers. Upon executions this file will try to add two new accounts to the password file and will send an email with netstat information to aborted@yahoo.com LinuxPir8@yahoo.com. Archive password is set to p4ssw0rd. Use at your own risk.
323f34db83b7d6108a4f23c73d3afb15
Solaris x86 v2.8 /bin/login via telnet remote buffer overflow exploit. Uses fixed addresses. Executes any command as root.
8d3fd288df4995d5d3f1e2fea300e371c51d0455b03a428ac1c07e3ded29d2ab
Pmake <= 2.1.33 local root exploit. Some distributions have pmake suid root by default.
2b080511384ae8e213adb366947433c6146e524aa2bfafbf50c32312f1454f8f
Kaitan.c is an IRC based DDoS client.
a4ad354cdca50b144490f75cf9193af1925f2308ee52514a7ffb5fc9d8b0bb79
Nb-isakmp.pl is a proof of concept exploit for Bugtraq # 3652 - ISAKMP/IKE remote denial of service against Win2k. This code may exploit other bugs as well. Perl version.
6ef25b8d1ba114841a8d4ccc55e140f50dd17a4700763333202bc66f1293b338
Nb-isakmp.c is a proof of concept exploit for Bugtraq # 3652 - ISAKMP/IKE remote denial of service against Win2k. This code may exploit other bugs as well. C version.
f5486daacf1b331ad898ccb4e9629d84abc8a606c7e8d3b2b80234edda1df027
AdStreamer is a cgi package with several remote vulnerabilities, one of which allows remote command execution. Buggy open calls were found in addbanner.cgi, banner.cgi, bannereditor.cgi, and report2.cgi.
b45aa093198822646a56eced2418259c61c1cd33a6793264a56045e50d87c79a
Aesop is a TCP-proxy which supports many advanced and powerful features. It's designed to be secure, fast and reliable. Aesop makes use of strong cryptography (RC4) for all its data-transmission up to the end-link. Another powerful feature of Aesop is that Aesop proxies can be transparently stacked into a secure chain. Aesop is implemented using multiplexing and is therefor fast and lightweight.
d5ad647ce2d30f7b5f15fb6162d4d7bb8a79761c151ac939a4267d4d7952d017
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
25fa62a5d1ba6dce074e67e25601464c57e75a1ecb506bdcfac4d533d9dc70c5
A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL Man-In-The-Middle attack without the majority of users recognizing it. In fact the only way to detect the attack is to manually compare the server name with the name stored in the certificate due to a flaw in the way IE checks HTTPS objects that are embedded into normal HTTP pages.
be656d7d8e024e7317da02518924572f3527b139ee72d711816b35515804709c
Plesk, a popular server administration tool used by many web hosting companies, has a bug which allows remote users to view the source of .php hosted files. All versions prior to v2.0 are affected.
086915112cab9f9dc4dd1793e8217e3b54220f795ea7084a433c309e15fa6430
The Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here.. RPM's available.
c68b2bc856ef76b4934210205be2188b0e1e4ecb37ebf40e5fa829daa0f2f3f2
Microsoft Security Advisory MS01-060 - SQL Server 7.0 and 2000 have several vulnerabilities. Some allow remote code execution while others are denial of service attacks. An attacker could exploit the vulnerabilities in either of two ways. The most direct way would be for the attacker to simply load and execute a database query that calls one of the affected functions. Alternatively, if a web site or other database front-end would accept and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call an affected function with the appropriate parameters. Microsoft FAQ on this issue available here.
0530d56484cb8b2a5215cdfe4eb3ed9d93faf7299a0ea4afaab538a52aa688f5
Microsoft Security Advisory MS01-059 - Two unrelated buffer overflows have been found in the Microsoft UPnP service. A overflow in the NOTIFY directive allows remote attackers to execute arbitrary code. The second vulnerability crashes the machine. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed. Microsoft FAQ on this issue available here.
a44bee6a9162db8db90b17837abd4cad322825fb0c509ebb1aad45b1e928b6cc
The Firewall Tester consists of two simple perl scripts, the client part (ftest.pl) and the listening "daemon" (ftestd.pl). The client injects custom marked packets, while the daemon listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall.
53aba6a00e93b66c9d0092c9704525d2851c6e2f20d70e521e5046590cf7376d
Sec is a free and platform independent event correlation tool that was designed for network and application management, but it can be applied for solving any other task where similar event correlation operations are relevant. Since sec uses powerful regular expression concept for matching input and also supports named pipes as input files, it can not merely be used for matching events from a single logfile, but also for more general purposes. You can integrate sec with arbitrary network management (or other) application, provided that output from that application can be directed to a named pipe, which most modern network management platforms provide. Written in perl, works on Unix and Windows. FAQ here.
207a4804d03e2d8b75b7babeaa2ffa17d2483ed2719354c92c2d8ed7e76345ac
Microsoft HK local exploit - Executes any command as SYSTEM, as described in MS01-003. Good for recovering lost admin rights. Includes C source and binary.
cd88e00055d120a493e12b4c85d7918cb835d162033519a2bfc4df5c703507c9
Knetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.
97f93e9a7e42ac6bdac9a90c261af29d6589bbb1c510ee05d4f0b01033d3b45b
The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
57185b1b202c202ab312683c0cec2e72f46ca731ef9489300166d8c329124370
IPFC is a framework to manage and monitor multiple types of security modules across a network. Security modules can be as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from servers to embedded devices). Features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used
35da85916f89ffe63c21bbd2e6dc451a2045d24980edb9862b30db9e2c9a9bea
The Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
848342a5d5417eb00d5a2621a8ecd05922765397c2559d33af29be18b511c60c
TCT is a collection of tools which are geared towards gathering and analyzing forensic data UNIX system after a break-in. TCT features the grave-robber tool which captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. TCT is tested on Linux, BSD, Solaris, and SunOS. For more information see the handouts from Dan Farmer and Wietse Venema's computer forensics analysis class.
40c43f9dd527192a2d17123c639020ca7431eb4a2af3dc31432c14373fcc0856
Infostego is a program for Windows to hide information in pictures. Shareware. From www.anity.net.
9b1b01d5b6485133375896ffced032e70a9ce44849aa9257dfe8ebbfe39ac015