A simple web server fingerprinting tool that has a large database of fingerprints. The author welcomes all user feedback for improvements.
c7ad40e4908ea23ddc3e11942886918d1a5949c57f566a479db28a8a8f7cc9e1libwnet is a packet creation and injection framework for building raw 802.11b frames and injecting them on BSD based systems. Included in this base package are dinject v0.1, a command line 802.11b packet injection package based on nemesis, and reinj v0.1, a proof-of-concept utility for the tcp/arp re-injection attack to generate traffic on a weped network. This tool will allow an end-user to crack WEP on a low-traffic network in less than 60 minutes. It is for OPENBSD 3.2 only.
83fb5b9c48098c69a352cefb9f8a20f97622260a6f71dc8183a388e8c594acc5bsd-airtools is a package that provides a complete tool set for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curses based ap detection application similar to netstumbler (dstumbler) that can be used to detect wireless access points and connected nodes, view signal to noise graphs, and interactively scroll through scanned ap's and view statistics for each. It also includes a couple other tools to provide a complete tool set for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2's monitor debug mode.
f61db60cd3fcb1273e22d688348fa72cdcc0f5b1a3efef5afb3e941dfa242a23Maelstrom local exploit that gives gid of user games which makes use of an overflow in the -player switch.
67470dae44d553ff5bdfdb06c34df89c6957f89e17b1a050a444bc48dbc1bcf4BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by 127.0.0.1 and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.
f852c3fef86aa05736d86e2685e0f3081337c1845300cb0286f034f7f66f44f0Local root exploit for the game Maelstrom with is sometimes setuid to root for the purpose of faster frame rates.
e07645aeabbaf038cafeecdfb6fbf60ab0e0be505d4f223387bcc0c96bfa3486INetCop Security Advisory #2003-0x82-017.b - New versions of WsMP3d are not patched against an old remote heap corruption overflow vulnerability. Remote exploit and advisory included.
bea05768421c2354342197437d34277cb5984897a68518e4181beeb625f26463INetCop Security Advisory #2003-0x82-017.a - WsMP3d, a web server that streams MP3s much like shoutcast but is GPL, suffers from a directory traversal vulnerability that not only allows viewing of files outside of the webroot, but allows for remote command execution as well.
bc72d07b2004ab7e987341e534050ec07ea4699fd37effc980c5656ccf6a0bd6A simple utility to probe for the etherleak vulnerability discussed in the Atstake paper where multiple platforms have ethernet Network Interface Card (NIC) device drivers that incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory due to poor programming practices.
9b38eed6a90cbaeff291ef0210cff9d02cc4611556b55e9c0a6a03af70b6e037Two papers that focus on writing basic and generic shell code on the Linux and FreeBSD platforms.
36dd91020106a10631362d85923743289e1f0641ee58b4164b72d6603153fb36Two articles that present an introduction to reverse engineering a disassembly dump from gdb into an accurate C program. Armed with this knowledge, it will allow a researcher to depict potentially vulnerable functions and gather further information as to the inner workings of the program.
bf1e8cddd02f2b9a3596e09d9b6339416a963224a6f82253a05b301170ac8ff9iDEFENSE Security Advisory 05.22.03 - iisPROTECT is a utility designed to provide password protection to web directories similar to the htaccess method utilized by Apache. When protected files are referenced through different URL-encoded representations, this authentication can be completely bypassed.
f460e1b02669bdb9fe3b25b9e246fb9c7a395b68df3500dac06e8767db51041bUnmask is a simple md5 cracking utility that will attempt to find the true IP address of a fake host using Trircd 5.0.
c09d569ac05aab022487053282c903661ec3635b53ba6cf08d7cd21266311645A simple denial of service exists in the Pi3 webserver that allows a remote attacker to crash the daemon by feeding it a GET request with 354+ forward slashes after it.
d0d216a28eaf4658a4d2b9ad6dbe5182010977d617055973a17d6620ae03dea4XRunAs is a tool that allows administrators to run commands on remote computers under the context of a specified user account without the use of the Schedule service. If XRunAs is used in conjunction with a domain account, commands that are run will be able to access network resources given that the domain account used to run the command has access to the network resource. All information that is transferred over the network while using XRunAs is encrypted using a standard encryption algorithm.
42179d2850178e26d5697d6b192cabde3db9cfc16344ffeb6bf0abd7104b482aWin32 port of Libnids version 1.17 RC1. This library provides the functionality of E-component, one of the NIDS (Network Intrusion Detection System) components.
926ac4f23747f4df76591f247e7d0df0a98f262690ea7600a7a20e85979d6354A simply netcat utility much like the Windows version released by Atstake but smaller in file size.
e355a8decae502578e5bb649b4336b89b13c5daa07b2b23c6737989ecc0fa851The Linux networking code makes extensive use of hash tables to implement caches to support packet classification. One of these caches, the routing cache, can be used to mount effective denial of service attacks, using an algorithmic complexity attack.
2232e1d6ae76ccd63cea548cdd83eb57b45777bd4164b311315385eeb1c8df58Mailmax Version 5 has a buffer overflow condition in its IMAP4 server that can cause the service to stop responding and allows a remote attacker to overwrite the exception handler on the stack. Doing this could allow arbitrary code execution as the SYSTEM user.
77a4c3f55a95ea74b2243674c8580202f49806febff62a751e26591ada15dac5Aimhol is a simply utility that will allow an end user to query OSCAR/BOS servers on a large scale to retrieve multitudes of screen names. MASM32 source included.
135c7a2cc51e6f413cabf71800966b05bfd70bcd81b584feb1ead7c6aff8c34a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed