The domtools package allows you to traverse DNS domain hierarchies, list all hosts (or subdomains) within a given domain, convert host name to IP address and vice-versa, convert a normal IP address to the "in-addr.arpa." format and vice-versa, and more. These commands can be used manually, or included as building blocks for higher level DNS tools. They generate output that is easily computer parsable.
86bf882cd741514bb6774767fdbd85b74348876a104a9ea663a78df1a6627785
Remote denial of service attack against linux kernel 2.2.7 - 2.2.9, in perl.
ca4f3168b4556b5656aea0301813733aaa18edd7b2ddf602bb118a068d4fa223
syslog-ng as the name shows is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful.
6bc258d71caf71305a165c3cdf6028e3dd38d2e9544c106cb242f6dc855b65e1
Tool for scanning networks which generates an list of IP addresses between a starting and ending ip.
a1f8e25c3c7b61b129cb7c4fbb6f06e931da51c972b3ad396b0a0c01d00403d2
Y2k fix for cgicgk-1_35, which would return false positives on any server with a date of 2000.
85000facff02b8aebee3f019526d12443276a547a4db48d22bc22c7438b71837
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
f2a386b43c40c22d8549ec75a5d54013afc7341827cc5f1f0b0db2eb6989ed99
Hackn' for Newbies is an all in one package for someone who has never used trojans, but would like to start. It contains the deepthroat 2.0 and netbus 1.7 trojan interface along with various scanners,an exe patcher,pasword crackers,user configurable buttons and more.
4d319829f6057b4db38c5efd2053e7bb72e3ae15be3cee9813ab03c20789de8b
Winfingerprint 222: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controlller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
bc8bad07f30343e90c33d302c4e3c1e98cbbf79476f56cd511e0a3d50edaa03c
On iMail Server 5.0 for Windows NT 4.0 SP 6a, a malicous user can read and send emails as any other user on the system. The issue lies in how iMail handles the creating of new email accounts, and how it stores them. Exploit instructions included.
cb49e1323d568f5b7d79148336aa88d62ecb3e572bce33f67d97c57bca63383e
The mailinglist software "majordomo" was found having several local vulnerabilties. However, the licence of the program prohibites us providing a fix. You should either remove majordomo or trust your local users until an official fix from greatcircles is available. SuSE security website here.
6494ccefa98173cb286a431e760b4b3a72f1ed68c9f590f66271894a3ae50fd1
SuSE Compartment is a program to build secure compartments for running untrsted/insecure programs, and has got the usual uid/gid setting and chrooting abilitity, but the nice thing is the easy access to linux per process capabilities.
6faa41b9d39469855df1d035d5907b623f6b45bd05a59c93d59e807c750faf85
Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client.
3178aa5ca62b73b6781659600f9dae776ff19371a8a775fe0a58d906ded64341
Socks Scan V 2.0 - Scan a host for SOCKS servers. Includes the SOCKS perl module.
94a2842d6ffaae02a7bbdfbd30287e9ef131d3b4d7b0d167feaa43e7b810bff0
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicring browser behavoir almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning.
ebcbde7933ca179ae3f56f4ceb13d430e295bd301e4361c85dc54a042f565e5f
Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit.
931bf856df02a6b943a81ec00d6ae03423a858509db190e01a1c3ee4fbce96f8
The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.
bc4c022ff592ac5a5e926474eabe73cf1b4c0adf026de3eb391f6a929b9213ec
CERT Advisory CA-2000-01 - Denial-of-Service Developments. A distributed denial-of-service tool called "Stacheldraht" has been discovered on multiple compromised hosts at several organizations. X-Force released a paper on trin00 and TFN. CERT DoS homepage here.
6339c83f968cb750f6a8fb5ee9b7be786a3003fc9952c6968cb89beab356d156