Mod_Protection is an apache module that integrate basic function of an IDS (intrusion detection system) and of a firewall (not yet). Your apache administrator have only to install mod_protection and define rules. When a malicious client sends a request that matches on your rules the administrator will be warned and the client gets a user defined page or a error or something that notifies that now he will be persecuted or ... The warning system just write on a socket, so you can put on the other side of the socket an application that send you a mail, an SMS, a message in your favorite IM or a notify in your IRC client.
fedec261dcfefb47d49d4aad9eaaae14c3e6b08a32f5da790b24482440ffc473"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.
007cc93f8790a53659368914af4edfb50070e6df7bd9611be2379803052a050fOnesixtyone 0.2 is an efficient SNMP scanner which utilizes a sweep technique to achieve good performance. It finds SNMP devices on your network and brute-forces the community strings using a dictionary. It is possible to scan a class B network (65536 ip addresses) in under 13 seconds with a high degree of accuracy.
c38ddf5c0728cab9405505ecd67ca0397428815f22a15c5856c6770b5df41a44Cygwin Windows port of the Interscan VirusWall 3.23/3.3 exploit. Ported by Luigi Grandini
05f43fdbf94156c9c364d54d64758eb6a1fced90e548b15aaf5fea66d7058250Cygwin port of the unix port of the real own realserver exploit. Ported by Luigi Grandini
20abe8d21d2de932d57a058537ec620c0871a319d67ef7fdfe2ab4b895b10a0bCygwin Windows port of the Apache 1.3.x + php 4.0.6 proof of concept exploit for the multipart/form-data POST requests bug. This exploit crashes the daemon. Ported by Luigi Grandini
9bd5efd995d4a0aa8e38f318ff15ec7976b46d451ed6ced284feb168e890c768Avirt Gateway 4.2 remote exploit ported to Windows with Cygwin.
4c988b03ba646bbf041cef1f9f6ed9edc921325d376b3df2494d4ace7440fed7Dirbx is a brute force executable directory and file enumerator. It could prove to be very useful in local pen-tests where you don't have UID 0 and some directories have "--x" permissions.
b0e0b720fa3c303ce92debc4b07554f0042f16e8c5249ac5e14a020390d8df75Mothra is a monstrous yet graceful banner grabber for OpenBSD, NetBSD, Freebsd, and Linux.
cb9644237c77b9f90cc59dd7d8b65622f9da08315a11d006df88293cb519808dThe SphereServer Ultima Online Roleplay Server v0.5x for Linux, FreeBSD, and Win32 runs on tcp port 2593 and has a denial of service vulnerability. Includes exploit.
ad4a2bfc1b85559174cec3fa6a4fc85f3b99d3b2231f712c52acb33f61a97c09The future of viruses and operating systems.
32464c1664cc47a4bf3c0b876cddde062fddee18fae70800755ea07d8d03b00dAmap is a scanning tool that allows you to identify the applications that are running on (a) specific port(s). It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
1c3ecd0a4363f4c64267e66bacdc383383ad7bbb4691f4d438aaece8d92ae73dThe Ettercap log parser is a tool to parse ettercap logs.
c88c3a6506d0d9772bcaf6c80249027819691fa7b6d442fabfdf0b72202d9facLscan3 is a re-write of Mixters' lscan02.c to include ssh, smtp, http, https, snmp and a few other small additions.
2a07e83249e2a5389786f63dc636522e9f152b6ee8faef6c9bb23a3e39e5f67eThe Firewall Tester consists of two simple perl scripts, the client part (ftest) and the listening "daemon" (ftestd). The client injects custom marked packets, while the daemon listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall.
9b1a25935ccf8849377822d71eccbd50bd942cab050caf6dd2fef312f5e288d9Php-ssl-brute is a php script that uses curl to brute force ssl protected website login screens.
8138deb0f058f8ce8e57f600c7a987e9ee82eef72ee6487cf0caf36b8c3b2b24Microsoft Security Advisory MS02-013 - The version of the Microsoft VM that ships with Internet Explorer version 4.x and 5.x contains a flaw affecting how Java requests for proxy resources are handled. A malicious Java applet can exploit this to re-direct web traffic once it has left the proxy server to a destination of the attacker's choice. An attacker could use this flaw to send a user's Internet session to a system of his own control, without the user being aware of this, then forward the traffic on to the intended destination. Microsoft FAQ on this issue available here.
8c295687f73fa987218731ee8d853453ca72931d7a330e2a088ca03a8bec73f4CERT Advisory CA-2002-06 - Multiple remote vulnerabilities have been discovered in several implementations of the RADIUS protocol. One of the bugs is a denial of service which allows attackers to execute arbitrary code if they know the shared secret. Affected systems include: Ascend RADIUS versions 1.16 and prior, Cistron RADIUS versions 1.6.4 and prior, FreeRADIUS versions 0.3 and prior, GnuRADIUS versions 0.95 and prior, ICRADIUS versions 0.18.1 and prior, Livingston RADIUS versions 2.1 and earlier, RADIUS (commonly known as Lucent RADIUS) versions 2.1 and prior, RADIUSClient versions 0.3.1 and prior, YARD RADIUS 1.0.19 and prior, and XTRADIUS 1.1-pre1 and prior.
0a33e6e8ed0831f06280aed47272fadc8cf4478e6c1f4d4482f36a35747833a2Ntop v2.0 has a remotely exploitable format string vulnerability in the syslog function.
0a6cbe274d2c5b10423d42341985f35bd9654328e67a0f836c5c98578583a426
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed