SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. It is updated regularly and scans for just about all remotely detectable vulnerabilities. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
08d9d608d183e996ce3c72cb4c8e9b0a6a1c55598e3968e7759c99d3bcf4c46f
Recover is a tool to help undelete files in linux by automating some steps as described in the ext2-undeletion howto. It indexes all the deleted inodes with debugfs, then asks a series of questions about the deleted file. All deleted files which match your criteria are dumped to a directory.
e2fc9192f8fea4444fe4164dbd1554ce284504f8217b06fdb7d2839e400a645a
The ISC dhcp client contains a remote root hole. If the DHCP server gives out addresses containing backticks, shell commands can be run on the clients.
eef34ca1565e47d927a25f800efe9a7431b1dbae5b0b5733ac6817b7b74dc94f
Java source to remotely crash LeafChat clients.
111817cbf650dae4d8d9a1dcd33e4c66c71ecc474ea139cbb49939ee45e73755
Glftpd 1.18 through 1.21b8 has a serious problem with the privpath directives. Users with accounts can access directories on the site which they should not have access to.
447c8a95b7dd4d4d1f722081716ea2532f24a35d179abdb468144e471fc765c9
Netscape Enterprise Server for Netware 5.0 and Netware 5.1 contain remote vulnerbailities. By issuing a malformed URL it is possible to cause a denial of service situation and/or execute arbitrary code on the server with the privileges of the web server.
87b98315b06d4cb218a9eb746cb54ba814c7a256db807a3dd35fbfaddd3befa1
Nutcracker is a simple, fast, and effective password cracker for UNIX and Linux systems. It is faster than the other crackers available. Disabled accounts and accounts with no password are detected. Results are shown in a nicely-formatted table. A sample password file and dictionary file are included, although you can use any word list you wish (including the file '/usr/dict/words' included with most Linux distributions). Nutcracker will work with '/etc/passwd' or '/etc/shadow' files.
e7b8f62387296013de85198f7f51e2bf5494178987fd0ba798a78b2b1225e13f
SuSE Security Advisory - Linux Kernel 2.2.x allows local root up to linux-2.2.16.
c0076bac48adc2c9e2c3573d080067b19b42213b21a688c388da664bd56f11b2
SuSE Security Advisory - The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command, allowing a remote attacker to execute arbitrary machine code as root on a FTP server using wu-ftpd. SuSE recommends using the audited 2.4er version of wu-ftpd.
f75a345da50da0a1aeeb54882a3fe6fce1b92f2b6cf41bf6bbc6704dd7b20178
xfwm buffer overflow exploit for Linux / x86. This will give you a euid=0 shell if /usr/X11R6/bin/xfwm is SUID(=4755), which isn't anywhere by default.
43eac56faef522e18d373dc452cee020f39fd7369f6f0bda40e910c89734352f
xwhois buffer overflow, for Linux x86. This will give you a euid=0 shell if /usr/X11R6/bin/xwhois is SUID(=4755), which isn't anywhere by default.
cd3e6d87b5d6caa673ead4be3dac43675e7efaff01e57544d0ab5add0bd7a2fc
Qrack is a simple, fast, and quick unix password cracker. It brute forces ciphertext generated by the crypt() function. It can report disabled accounts as well as accounts with no passwords, a 2400 word dictionary file is included. Ideal for system administrators to look for weak passwords. Written in Perl, and tested on FreeBSD and Linux but should work on any Unix variety with Perl installed.
71db8c2bdc8b704a167349136c571d20bc502560957c657a6c0a0dcb3434d43e
Weekly Newsletter from Help Net Security Issue 19 - 26.06.2000 - Covers weekly roundups of security related events. In this issue: Writing buffer overflow exploits for the PowerPC, JRun 2.3.x sample code vulnerabilities, BlackICE vulnerable to BO, Net Tools PKI Server exploits, Panda Antivirus allows remote access, and more.
e7e5335419f90eb9fea557c2aadfbaa2c9d0465df424890c66d70d1a25edcab9
Linux Security Week June 26 - In this issue: The default configuration of wu-ftpd is vulnerable to remote users gaining root access, Simple Object Access Protocol (SOAP), Network Intrusion Detection Using Snort, Updates for Mandrake bind, cdrecord, dump, fdutils, kdesu, xemacs, and xlockmore, Remote users can cause a FreeBSD system to panic and reboot via bugs in the processing of IP options in the FreeBSD IP stack, Remote vulnerabilities exist with all Zope-2.0 releases, NetBSD: libdes vulnerability, RedHat: 2.2.16 Kernel Released, Bastille Linux Review, and Intel admits wireless security concerns.
c0d7ad7845e4e90d9f4129a48230f19515b41a6a9486eb4dafc7447bd62eed0c
PIKT is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations. PIKT is quickly gathering potential as a serious security management system. PIKT comprises an embedded scripting language with unique, labor-saving features.
bb923db7b45bf28cd668b582701807d3c15a4af79976b78c8f7bf479c8a87cfe
exim local buffer overflow exploit.
6c2ff838baf8851b374d45600a8b07c39ab9e3e947db5aeab59f0b03a3e099d8
iisdos.c is a dos attack against Microsoft Windows 2000.0 running IIS.
3a5391689ea601a5d266aaa724384ad438a4b0e2bd5af92c61ad494be825bb70
Sendmail & procmail & kernel less than 2.2.15 local root exploit.
4296222d1bf1930105daa59e2a5114c9af90add47c2081575d64f3a6d4215ae3
Linux kernel 2.2.X (X<=15) & sendmail less than or equal to 8.10.1 local root exploit shell script.
3b67ba848976793933d8e5cb6e27c246ec4bf7b79874530a6a791c5581d9d695
pms.pl is watches for certain running processes and alerts you via /dev/speech when they start.
e43969bd8b52cef54eed32fc170fda5e248565c948046a25250e12d54c508f9b
ARP0c2.c - ARP0c2 is a simple and powerful connection interceptor for switched networks. It features ARP redirection/spoofing, automated bridging, automated routing, progressive attacks of known IP connections, network cleanup on exit, and ARP flooding with random IP and Ethernet addresses. Known network connections can be intercepted by adding them to the routing table file. It is complely userland and tested on Linux.
d0dc915dfa26416aae4f90e45c03ddb5d999877e247e02f827d45f062098954e
Dopewars 1.47-current has two local security holes. Dopewars is SGID games. Remote buffer overflows also exist.
0f42ff1b37e66d07b86bb87e247d94963fa74c6ecd4315816a593792519e5108
Passive Mapping: The Importance of Stimulus - This paper is a follow-on to the first Passive Mapping paper. It examines the difference between active and passive mapping and gives some examples of how this difference can be implemented.
b7aee3df2ecda88f78698e55edb61103bf3a24346cb9a3ab238c14fbe4837b5d
Offensive Use of IDS - This paper explores ways Intrusion Detection Systems (IDS) can be used for offensive purposes. It gives a brief technical outline of determining which TCP services are running on a network using passive monitoring.
5afe13e0d8a24ba3581c61da0bde82429b9bc4336ab887010dcf199a7ad71979
The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux. The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts.
07778457a1e052e4fccfc4ae0c297622bd9202aede49d08639db1cdf824df16b