exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2000-02-17 to 2000-02-18

005.txt
Posted Feb 17, 2000
Authored by Suid | Site suid.kg

SUID Advisory #5 - DCFORMS98.CGI Advisory - Anyone can create / truncate any file owned by the web server user.

tags | web, cgi
SHA-256 | 622d24605c915932cd5a7cb660b480ecd49f2adef13453625c046a4da0b01370
NSS_2000pre7.tar.gz
Posted Feb 17, 2000
Authored by Narrow

Narrow Security Scanner 2000 searches for 297 remote vulnerabilities. Written in perl, tested on Redhat, FreeBSD, and OpenBSD, Slackware, and SuSE.

Changes: Fixes: SSH plugin & Named/Bind plugin, new config file, updated rootshell plugin.
tags | tool, remote, scanner, perl, vulnerability
systems | linux, redhat, unix, freebsd, suse, slackware, openbsd
SHA-256 | cbf5dbf759a6a030ab9ce87d2def68d57adcbc9526f9099ec608606574c2616d
spidermap-0.1.tar.gz
Posted Feb 17, 2000
Authored by H D Moore | Site secureaustin.com

Spidermap is a collection of perl scripts which enable you to launch precisely tuned network scans. The goal of this project is to create an integrated suite of tools for low-impact network reconnaisance with features including custom packet rates and scan types for each network with increased efficiency by mapping multiple networks in parallel. The target users are system administrators and network security professionals seeking a non-destructive way to inventory network services and do so in a resaonable amount of time.

tags | tool, scanner, perl
systems | unix
SHA-256 | 227c95431fe91294242b54435a1eb2cb5d29e240b010ccc7499f72d566fb108e
biew500.tar.bz2
Posted Feb 17, 2000
Authored by Nick Kurshev | Site biew.sourceforge.net

The best of the Linux hexeditors, with integrated assembler and disassembler.

systems | linux
SHA-256 | fd0a47cda0c097fd98011e26388fb565341d0fc33f612b02b303298e6302e60e
dasm
Posted Feb 17, 2000
Authored by SiuL+Hacky | Site huclinux.cjb.net

A script to parse output from the objdump binutil and write in cross refrences (read: Linux disassembler!)

systems | linux
SHA-256 | 4716bd3e21efb02c6725d7654ed9a02dc27fdd9dc590696bc703a118a8b48911
objdump-output-beatifier.pl
Posted Feb 17, 2000
Authored by Squeak | Site xirr.com

A perl script that parses objdump's output, and cross refrences it. The major advantage over dasm: oob seperates out functions, even if the binary has been stripped.

tags | perl
systems | linux
SHA-256 | 3483e5be5c1d11a73b71c516d45a38f237d5550820661f6baf28b32854ba4533
reap-0.4B.tar.gz
Posted Feb 17, 2000
Authored by The Grugq | Site reap.cjb.net

The Reverse Engineer's Assembly Producer is a GUI to dasm with some added functionality, the ability to include hexidecimal opcodes in the assembler listing.

systems | linux
SHA-256 | 5f09d5a74cc0a7f4617bd9e9dd9937c913f633c2c9c64d8f7253acec58b385dc
reqt-0.7f.tar.gz
Posted Feb 17, 2000
Authored by The Grugq

The Reverse Engineer's Query Tool is a script that will attempt to exstract as much information from a binary as possible, strings, symbols, hex dump, disassembly, etc.

systems | linux
SHA-256 | a55ea388601ffaa88b28fa2393c79b09247a94d6530db7b188f7f272d0eb9433
Bastille-1.0.3.tar.gz
Posted Feb 17, 2000
Authored by Jay Beale | Site bastille-linux.org

Bastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat Linux 6.0/6.1. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.

Changes: Red Hat 6.1 support, better automation with the curses front-end, a curses front-end for script, and type-editing and bug fixes.
systems | linux, redhat
SHA-256 | c52d5c43dfe145876b42336b82f4e89038c43871d439c9c4b2327954b8a2e33f
lids-0.8.1pre1-psk-2.2.14.tar.gz
Posted Feb 17, 2000
Authored by Xie Hua Gang | Site soaring-bird.com.cn

The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off online and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.

Changes: LIDS can be locally switched off, ability for some programs to change routes/firewall rules, and a more secure interpretation of lids.conf.
tags | kernel, root
systems | linux
SHA-256 | b863cdc56b792b66a6990e090eba0966614e3d3f7c36f85b41d358d043c46f9b
css.htm
Posted Feb 17, 2000
Site oliver.efri.hr

Cross Site Scripting Summary - Malicious HTML tags (especially scripting tags) can be embedded in client web requests.

tags | exploit, web, xss
SHA-256 | 9c3ae91b3585c42ccfc911b0c21507edb3a0aa2e02019c97dbcf50880d0da02b
ElectricFence-2.2.2.tar.gz
Posted Feb 17, 2000
Authored by Bruce Perens | Site perens.com

Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years.

Changes: Fixed shared library to be position-independent code.
tags | paper, overflow
SHA-256 | e5be3a38a0d2b71ba558eb310a2db44ea6e7c208e16d4fd907dc6ed11c46b1a7
fw-13.htm
Posted Feb 17, 2000
Site oliver.efri.hr

Checkpoint-1 and other firewall vulnerability - The low-down of it is fooling a firewall into opening "a TCP port of your choice" against an FTP server. Or, if you're running an evil FTP server, having it open ports against clients accessing the server.

tags | exploit, tcp
SHA-256 | d3c08340f210729ab1830b529790957de036e964233c20d7dcad334c181bc68a
ignite.htm
Posted Feb 17, 2000
Site oliver.efri.hr

Ignite-UX bug in HP-9000 Series700/800 running release HP-UX 11.X only. Each password field in /etc/passwd should be "*" in a trusted system. This is normally handled automatically. One way for the password field to be set to a blank is to create a system image of a trusted system with Ignite-UX and not save /etc/passwd.

tags | exploit
systems | hpux
SHA-256 | b11a24cc1c75ed0842663732f1a37175e911393590dd0651271d4b3a4c315e19
openssl-0.9.5.tar.gz
Posted Feb 17, 2000
Authored by The OpenSSL Team | Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

tags | encryption, protocol
SHA-256 | ec129084c3a579d30ddba65070b8d75a7dd74cff73650905d92704281c08cb5a
openssl-0.9.5a.tar.gz
Posted Feb 17, 2000
Authored by The OpenSSL Team | Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: This is revision a.
tags | encryption, protocol
SHA-256 | 98bda0b01d2dafc993d98fd87638c583b4084b98cffa8ffb6538a37cb12f1ae7
rpcclnt.htm
Posted Feb 17, 2000
Site oliver.efri.hr

When an NT 4.0 workstation or backup domain controller is joined to a domain, the trust account password is set to a well-known initial value. If you are concerned about internal network security, this is not really an acceptable risk.

tags | exploit
SHA-256 | 68323e351a6c2397613bb4b0fc46638389b1e97ca43f93e696395cce94ef330e
snmp10.htm
Posted Feb 17, 2000
Site oliver.efri.hr

Monty originally cobbled this together to keep the network admins he worked with from doing annoying things like keeping tftp daemons running on his Unix hosts for weeks on end. Its pretty handy for that too. May this script (grabrtrconf.sh) help make SNMP die the sad lonely death it deserves once and for all!

tags | exploit
systems | unix
SHA-256 | b10303fcc51c90a6d201075efe4f67a027ca4794f56d6e741bb7f4b814941a74
lsadump2.zip
Posted Feb 17, 2000
Authored by izar

This is an application to dump the contents of the LSA secrets on a machine, provided you are an Administrator. It uses the same technique as pwdump2 to bypass restrictions that Microsoft added to LsaRetrievePrivateData(), which cause the original lsadump to fail.

SHA-256 | 11b494a6f6ac8a8656a5c685d550ae53883a9d7cf65fe206745bacef5cd910a5
ntreg.tar.gz
Posted Feb 17, 2000
Authored by Todd Sabin | Site razor.bindview.com

This is a file system driver for linux, which understands the NT registry file format. With it, you can take registry files from NT, e.g., SAM, SECURITY, etc., and mount them on linux. Currently, it's read-only, though I may add read-write capability in the future.

tags | tool, registry
systems | linux, unix
SHA-256 | fbd28017cf1376b3ebdb20590e0a8ad28f3e175df8176d40ca1d701f7c442aed
md5-tool.tgz
Posted Feb 17, 2000
Authored by Simple Nomad | Site razor.bindview.com

If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.

tags | tool, intrusion detection
systems | unix
SHA-256 | 5105f0110153435688b633709392243a2b67d2f33b49e68780fa2df4ee6e043e
sfs-0.5.tar.gz
Posted Feb 17, 2000
Authored by David Mazieres | Site fs.net

SFS is a secure, global file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. At the same time, SFS uses strong cryptography to provide security over untrusted networks. Thus, you can safely share files across administrative realms without involving administrators or certification authorities.

Changes: Full linux support and removal of source code export restrictions.
tags | encryption
SHA-256 | 798cd8a703502cf681454ac0cf54df040463558e56f714bf5d6d7916b131fa50
denial_of_service.htm
Posted Feb 17, 2000
Site cert.org

CERT FAQ on Denial of Service attacks.

tags | denial of service
SHA-256 | aa308bbdd7a84b75ac107867e1d3be42b7e8b8e32a695161cc3c74c92478cca7
yahoo.txt
Posted Feb 17, 2000

Technical details of the attack on Yahoo! last week. Includes information on what kind of packets were sent, how they were affected, and how they fixed it.

tags | denial of service
SHA-256 | 6ef68ee3bb6800bd3f2021946e09a1eb30e71b8d0e1ee3b57e7c296d180467e2
ms00-009
Posted Feb 17, 2000

Microsoft has released a patch for a security vulnerability in IE. The vulnerability allows a malicious web site operator to read certain types of files on the computer of a visiting user. Microsoft FAQ on this issue here.

tags | web
SHA-256 | 373220b8ad63829aaf03d782ef020e89f78437740678899327cdc39fe4ca3dc2
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close