Winfingerprint 227: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controlller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
872e4aedf64c2ed56aeee1a2c908b456a1666b115776f44f8b3542a2fe59709c
A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc
eca37faae9a6a2eeba44799294fae819f847c9d8cb2db5b49509a50b9b29c9ac
Debian Security Advisory - On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Previous announcement and fix did not fully address the issues.
2d9b0e6f767a17c5b8a9b5386622e6b946a343abb9eea2336759a4c1f4dcd2bc
Htgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program.
c01230dec2a91deb2f424d3380ac2843757db64552164f3d93bd6365f519b20b
Cert Advisory CA-2000-17 - There is an input validation vulnerability in rpc.statd where the program passes user-supplied data to the syslog() function as a format string. Exploit allows user to execute arbitrary commands with the priviledges of the rpc.statd process, typically root.
e2c09423cd8b0c12f2ae82818c51410ae6fd13469ee6114738f0d90c8cc320bb
Remote Nmap is a python client/server package which allows many clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all thier scans come from a dedicated machine.
3089d834efd2e8436c61bf935b2ebfc501efb336a6ad166ab8fc8605642789f9
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
3cc87dd1562478c18490a1b8baa020c3d908aa44aaa16f9aba2567a9c5f8c8d7
Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets.
07ed48e6fd13f3860f822d7f95d7b0b4f7823da00d445ba93ea2955cfd2be651
Pdump is a sniffer written in perl which dumps, greps, monitors, creates, and modifies traffic on a network. It combines features from tcpdump, ngrep, tcptrace, dsniff (and its webspy and urlsnarf), pfilt, macof, and xpy. It understands tcpdump-like syntax and allows easy modifications via a plug-in system. Readme available here.
d05569ba5fbc44c585af68abb25e2585de22c98c3de46476ae91e271b796cf9a
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans, viruses, and hostile java. It reads an RFC822 or MIME message and removes or renames attachments, truncates unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
e47ca682150019a0f49791df35f7e0853d624e4578c0438578bbe1e5fdb44200
The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
650e85a7686077fba5f14317652accbeb57d16ceca08e9d6615f12598920446d
Remote Nmap is a python client/server package which allows many clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all thier scans come from a dedicated machine.
00804599e41cb0fadcf681fc9a84a041a36729433b6828c838605e33f921fe1e
Ldistfp is an identd fingerprinting tool which works well with all Linux and most *BSD hosts that have their auth service running.
1881f6c6fa07883c7a887aaf7ae735cd73ebac2d08bc4e0ecfac8d01639138a8
Srcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages.
33424ecc3ff3c935dcbae09202091459045e94a6f7ba54fa540a7133c419705e
Whodo.c is a simple local backdoor for the Solaris whodo command.
9bd70a4780275e088e049c94420b4d0122f7b242f949d8a861bf1a3c6d26405c
Debian Security Advisory - There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 installs xlock setuid by default, allowing local users to read /etc/shadow file.
c7b3b4531073b85c993a6f496d71e3ec40baa124fcbd4596fcd3ffbdf02accf3
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
bccef5c80d698caf2fa933ba5e6b844e5c373fe98a6d87327521a73e86cb632a
Core SDI Vulnerability Report For BEA Weblogic's Proxy - BEA's Weblogic server contains several buffer overflow which allow a remote attacker to execute arbitrary code on the system running the proxying web server as root on unix and as system on NT.
adc8dd33a9472b5d880597828e25334cbf516288499f6f81d3fb6a22f2279f5d
The ncftp client uses an easily decrypted scheme to save passwords to remote FTP sites in a bookmark file. Crackncftp.c provides the plaintext when from the encrypted string.
4ed56e4e5d88cc9b9c62d4ce74ab7b94bc9d98b285cadb58d0da304ceca15a9b
Windows 2000 machines can reliably be identified remotely because they do not correctly respond to ICMP query messages with a nonstandard Type-of-Service value.
47afc4eb164d7d4d223a0ea4749e7ca0101efeb95f9269d96b699b461e1f7355
Cryptographic Filesystem (CFS) implements full filesystem encryption into the UNIX platform. This version supports BSD, Linux, and SunOS via local access to a NFS server.
3cbd19a28f3e5be3a9695bd55f23c99062ff51bd43f4cb2a76bb69d3f29411bf
Cryptographic Filesystem (CFS) implements full filesystem encryption into the UNIX platform. This version supports BSD, Linux, and SunOS via local access to a NFS server.
6e8871f7d54cdbb49d5d8b7dcf0511561ba37f06ded39c1db36aa931c796f737
Cryptographic Filesystem (CFS) implements full filesystem encryption into the UNIX platform. This version supports BSD, Linux, and SunOS via local access to a NFS server.
f302fc8e2cded385639aea40edc56d54da51233abd35f728f0408fe77862d094
Return-RST is a firewalling tool for Linux 2.2.xx systems using IPCHAINS. It uses the netlink device to capture packets and sends TCP RST packets in response to TCP connection requests. Normal IPCHAINS only allows you to drop packets, or reject packets with an ICMP error message. With Return-RST, you can make it look like there is no server listening, rather than giving away that they're being filtered to the attacker.
b2bdeaadbbf8acad79a2ee109888fd8a1b08a0df35fd46e355b089a4dc9f7be7
Georgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here.
49fd86e3c8396e11f2d62291b0e07c00a9c7b972856156f9dac92627faf60f3b