pcds is a Perl script written to monitor processes on a system and report changes.
5f198c35bda7d05c078a7a683a87be3ceb477bc374af209b621c46a0a2c6e406Env_audit is a program that ferrets out everything it can about the environment. It looks for process IDs, UID, GID, signal masks, umask, priority, leaked file descriptors, and environmental variables. It comes with test configurations for anacron, Apache, atd, crond, GDB, inittab, logrotate, PHP, pppd, procmail, rsh, rxvt, Sendmail, SSH, stunnel, sudo, xinetd, and xterm.
2ded505c9776412372ae67832707fe5e29399cee84b389c485c1bfc340a0fe2cJay's Iptables Firewall is a bash script that allows one to easily install and configure a firewall on a Linux system. It features support for multiple interfaces, TCP/UDP/ICMP control, masquerading, synflood control, spoofing control, port forwarding from specific interfaces, VPNs, ToS, denying hosts by IP or MAC address, ZorbIPTraffic, Spyware list IP, Pre/Post scripts, log options, and more. The firewall is able to launch custom iptables rules, and the configuration of the firewall is assisted by an optional, interactive, curses-based Perl script.
7cebbf7fd1aa9923bb8d2fa34d7818752a7195080fb0c036e19ab4e96350b332Whitepaper detailing how to successfully patch the linux kernel in order to allow ptracing /sbin/init, and subsequently inject a connect-back shellcode into the target process. Patch code included.
8f53ec04bcff41e9accc09e517f1377b092c491fe8ae8d1ad5bb913474b9c162Exploit code that makes use of the showHelp() vulnerability found in Microsoft Explorer versions 5.x-6.0. This file must be renamed with a .html extension to work.
df1ca6fa1d9d5d0313b50e8210ed14c64f175b0dd2ee7b9c9100c8e99159e329A flaw exists in Microsoft Internet Explorer 5.x-6.0 that allows a remote attacker to execute a file using chm in showHelp().
74dacbfe84a67a971cd82b2d9a84831f67dbb9786abc754990bc01ccd23a36b1Gallery versions 1.3.3 and below suffer from a cross-site scripting vulnerability in its searching functionality.
3b40870b0304d5f379e4c14f009bb9a9df94a16511285d52a426f305dbde5f76php-ping improperly filters user inputs, allowing for a malicious remote attacker to execute arbitrary commands as the webserver uid.
eb4c1e1ec0ead88df0513af866db209a8221dfe268483b81a69311c05b77cf3aAlt-N Technologies MDaemon Mail Server versions 6.52 to 6.85 suffer from a remote buffer overflow in its raw message handler. Sending more than 153 bytes in the From field to FROM2Raw.exe creates a raw file, that when processed by mdaemon, will cause a stack buffer overflow.
4daf75c0f5e15aad52aebd515291656487a499b4fb5e7b31fe3229b19871d00aThe Landesk Management Suite versions 8.0 and below suffer from a buffer overflow in their SetClientAddress function inside of YAUTO.DLL.
5a625063a7cfb000b398dba689f5dbde9099a3be80474bd16b2c97f3b3361e10The QuikStore Shopping Cart suffers from directory traversal vulnerabilities that allow a remote attacker to gain access to files outside of the webroot and also discloses installation path information on error pages.
1909b9205f8e858593bf6fbdf9e7a9ba9e814a40508c1059dd391f12655794d9Opera versions 7.22 and below allow for a remote site to overwrite local files during temporary file creation due to a lack of sanitizing filenames.
60c29d87a6f9de9b85286c7f945db2574fa8ee1f7e1c33632321555b1477c9eaSnort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
0bb7a8d015a1f2cc56d65197e31374fa0fec10870324898559b13a6b6923f7c4Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
191f6a9725e1d3015a41cc4c7207d9959ff3d140fa59f49644b3ec059fa1d540mysecrep version 0.8 generates an audit-report from the syslog messages from snort, pcds and samhain, thus covering a whole range of security-tools, packed in 1 report. The report written is to disk and send via email. Written in Perl.
0df458bec8eacdea74ecd5c7d843a9bce89a4fe855d42ea37e933e4ea92037f3Bilbo is a wrapper for nmap which makes it easier to scan lots of machines or networks.
d69982957f0f54d4ceae216094b518432c1528519f150e2a4d95575a51cece5343-byte linux x86 shellcode which does the following: setuid(0);chown("/tmp/n2n",0,0);chmod("/tmp/n2n", 04755);exit();
c9cfe186139032a40d3f9ddb38c191be71b284f24d4febdc1da027d250896d17Gspoof is a GTK+ program written in C which makes easy and accurate the building and the sending of TCP packets with or without a data payload. It's possible to modify TCP/IP fields or the Ethernet header.
65f12bf8ca23d3fa6af0cedda4fb6c28c955a909e1787bd5dda14404a0280019Xlcrack is a small tool to recover lost and forgotten passwords from XLS files. Works on most Un*x systems, but it needs libgsf, most commonly installed along with Gnumeric. Some newer XLS files are not suitable for password recovery using this software.
ae2fbbc185ad866a37135c142e56280d3648ddc60eb4dc5ff19437556b2f7c54Vampiric Shellcode - Url Download + Execute for Win32. Vampiric shellcode links to system DLL's so create shellcode that works on many different service packs, more information here.
201361e794813ba49cea12713cc3fdc15fb0b13f46867a91505a6cd6886b717dIMSPd v1.7 and below remote root buffer overflow exploit which takes advantage of a bug in abook_dbname(). Tested against IMSPd 1.7 and 1.6a3 under RedHat 8.0. Fix available here.
dc0aa6e93e9bb6463287bd22ecb1839942ead074a40a8c08959583111f75ac38CGI hacking tutorial which explains how to find many vulnerable systems using google and contains an awful lot of URL's.
8f5bd59a5a7375fa7149f34226f9495228de9311afd316ccfc4005837cc4449bExp_unix2tcp.c is a local exploit for unix2tcp below v0.8.0 which gives root access if unix2tcp is setuid, which it is usually not. Tested on Redhat Linux 9.
090081e4d5414fd808dae2631f05e4e974bba1a9cb222618b3b73d8dbae56e84Reducing human factor mistakes.
99ea04714acb22ad5f76d9890154aea28225a30990fa7a573ab431a1c1e1961cRootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
5ee9d66059fc15346bb7105eacba1628035dc38a3712759132700c61a273e02a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed