Red Hat Security Advisory - Various format string vulnerabilities have been found in syslogd and klogd. When exploiting these vulnerabilities, it could be possible for local users to gain root access.
a17cc7d59867c8802e43bf80a0d76c739e447191dbf864f926f349cc4519cd8f
Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
5c48ccb7e9f41685772e735a35e40fd8a61535f255a9d4f6968b8a1e150e3bf9
Oblivion Magazine Issue #7 - Contains articles on Voice over IP, An Introduction to IPSec, Virtual Router Redundancy Protocol (VRRP), ADSL, Firewall-1 + Firewalls Rant, and security news.
239423a563095461e8e129994dc051c5bbc250df2ec79cac461d7dc74dbdc4b9
This regedit registry patch will tighten down security on a Microsoft NT v4.0 (sp3 and sp6 or 6a) machine. Changes about 55 registry entries.
17ecace1825394820a936146cb0eebe1dd734581c3df84d03e1c809bf5376982
SAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
32a410d596287b65aa4e082b5c138bab0d3ed71501701c72be8059c2cd126d61
Pdump is a sniffer written in perl which dumps, greps, monitors, creates, and modifies traffic on a network. It combines features from tcpdump, tcpkill, ngrep, tcptrace, dsniff (and its webspy and urlsnarf), pfilt, macof, and xpy. It is able to do passive operating system detection/fingerprinting and can also watch packet streams and then create it's own spoofed packets to hijack or kill TCP connections. It understands tcpdump-like and perl-like syntax and allows easy modifications via a plug-in system. The packet display is easily configurable. Readme available here.
f7f15865466b04de11b1198577c231f9dcf94f81aebc0940a4af43dc6221164b
BitchX is the premiere IRC (Internet Relay Chat) client. It is a modified clone of the popular ircII client, and is available for almost all UNIX OS's as well as Win95/NT and OS/2.
ce1eec9dec4d0c0a708130ea5485eb58106a9299d138723126ebc272776d71d7
HardenNT (Beta 0917) is a tool created to automate the task of securing one or more Microsoft Windows based computers. It is specifically aimed at securing Windows NT 4.0 machines, although some of the functionality could also be used on Windows 9x or even Windows 2000 networks. HardenNT is not a tool that is to be installed or even run on a computer that one wants to secure. It merely creates a number of batch files that run standard NT (and NT resource kit) tools. This means that the batch files created by HardenNT are to be copied and run on the host you want to secure. Updates frequently, newest version available here.
e09153373619655c9b68e3a686e86477e1edddfdcf54c5a3091b59e0612c11aa
Stealth IP Stack is a kernel patch for Linux 2.2.17 which makes your machine almost invisable on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on ande off on the fly.
cb7f36d76783cdabab99611890b6f8df14437d9b0ace7474dadd6a02480461e8
Ploits.c v1.95 integrates stuff.c, ath0.c, and banner.c into one attack tool.
755a2a39dd379973cf20b9d77886a0e3abe6c9404233bc780362699329fca097
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
e130ff3e71ade3b4b5048c7b6bb5d9972db5f1446368d158d27bdb1d8ec1cf87
vnx4.c is a VNC attack program ported to Windows. Features cracking of the password in the registry, online brute force against VNC server or cracking a sniffed challange/response handshake.
a507db549f33869781e20c6631dc821d6eba0651c0cbad494ae78e1b0e831359
Snort Panel is a front-end control panel for the win32 port of snort. It allows you to set command-line options via dialog box settings and it monitors the alerts file for new alerts.
e50f793cd53f455b32a5190829ea97353bf9ea47977f36f0c8d4fe5d3b6a32ad
WDumpEvt is a tool that makes it easy to manage all the information from Windows NT / 2000 logs. The eventlog tree can be browsed, sorted, erased, filtered, or catagorized. The data can also be dumped into an ASCII-delimited format for importation or HTML for display.
eaf06992361807781762a06be9d593d389e8835393ca184296fbb75b1282e195
Crypto-gram for August 15, 2000. In this issue: Full Disclosure and the Window of Exposure, News, Carnivore Disinformation, FBI Requires Constitutional Changes, The Doghouse: FaceMail, PGP Vulnerability, and Comments from Readers.
0e4cbb003e4a2c2f2d719a1a3c31cb1025f8835a3832f59fa40e8e4a5db45de0
ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.
dbd64db221e040e05a4a342ac92b13566073a9300c9dab57446e955bb03abca1
Ratware Win9x Screen Saver Buster V1.0 is a tool for busting into a Win9x PC that has a screen saver/password active. It needs to be cut to a CD, inserted into the said PC, and works by exploiting the autoplay 'feature' to disable the screen saver password.
de5070973877b690376cd0a7f8d2f68967e44b5937dbd2e0a931da3f9790940e
Dicgen is dictionary file creator (DOS). Easy to use interface and options, extremely fast, introduce any variables and generate any combination type.
d69065531ce0222954fb71dfbd43b14019f092e9c3a9a6628a3560fe53adbad3
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
4d888f7c5d870834786ac56bbf31e9cf1ca887eb473edd991af711feaca1454a
The Windows 2000 Telnet client can be launched via email or browser and automatically passes NTLM authentication credentials to a telnet server. Proof of concept exploit includes a modified telnet server which causes the w2k telnet client to auto authenticate and prehash-ntlm.c which can be used to launch a dictionary attack against a retrieved hash.
82b52ace068cc6c157c2910a941a5a36a69ebeed844d0b304468d6b56322c0ae
MultiHTML (/cgi-bin/multihtml.pl)is a CGI script which has a vulnerability allowing remote users to read any file on the webserver.
228cf3036d6dc675782ffe1ed3fbd4cb7b47b8d64048d18536d2852fc1ee1bf8
Red Hat Security Advisory - A format string vulnerability in screen allows local users to become root.
fbe251f1e57a3cb4b5b8f284908e9ea7fa5d667c99923f7076fcb88238394338
@Stake Advisory A091400-1 - The Windows 2000 telnet client, which relies upon NTLM authentication protocol, may be launched via email or a browser and automatically attempts to authenticate with any host it contacts without prompting the user for any information. A malicious user can crack the authentication to reveal passwords.
d63b34ce08b67e84a7afc686404bb3ed7594cb084d9f40027342b4ccc5f90b9b
FreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.
0b1c8c3842f449349927b566da8941978ab4a1c327fb2fcd41431a8cdad32fdf
Coding with the DNS protocol v2 - Includes DNS basics, How to decode DNS packets by hand, Parsing DNS replies, advanced DNS techniques, and DNS Security Mechanisms. Well written, contains lots of in depth information and example code.
4dd89f0ca3b69db69a2564df1a08db8f2c87d8bfc8d824966fcf1f0bf5dd7a76