Defcom Labs Advisory def-2001-02 - IBM WebSphere 3.52 (IBM HTTP Server 1.3.12) for Windows NT has a memory leak which can be used as a remote denial of service attack. Workaround included.
c30b6f1e3f9eb32c68a980352c0665fac96d69038b54eff6607fd86a46d507e7
HP-UX v11.00 /bin/cu local buffer overflow exploit - Exploits the -l option. Provides a uid=bin shell.
4eb65814f18d048afcb2595ba4538c73bdf060588b077aeaa9201aff06040d45
Footprinting FAQ - How to remotely determine the network addresses of a company.
11315b4ad2af74774d05a420c527242bff6ad16c8cc94551ee6f13e1b5b14c44
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the News the past week. In this issue: CPS-2 Encryption Broken, and more.
efd46439ec5d59eaf5630b46468e19c40b555e499bc324665677ffd6d955a7d2
iptables is the new packet alteration framework (firewall utility) for Linux 2.4. It is an enhancement on ipchains, and is used to control packet filtering, Network Address Translation (masquerading, port forwarding, transparent proxying), and special effects.
424f666dc4060b83dec77d7e5a13b381ee2e7d7c8731ed52d4ee5509e3815197
redir-httpd is an ultra-minimalist, non-RFC-compliant HTTP server that will ONLY issue redirects to another site. It's good for running on home systems that have permanent connectivity (i.e. DSL and cable-modem subscribers). It should be short enough to be easily understood (and thus audited for potential security issues), and still fairly robust.
f9d88a4cd09ef7c39dc3301fb37e374a6aa58d621506ed6948a2aef19eb42d95
Flitz is a DDOS tool which features spoofed ip/tcp/udp flood, flooding in parallel, distributed smurf attack and status report of the slave. With one stop command, you can stop all the slaves at once.
9346b94e8f0ca0ba742335190ffba0de3a9812e72964aefb7757767c7f553e0f
Wu-ftpd 2.6.0 mass scanner.
aa2dc9d24e9555a64b9794199e3fb1801e88083d39017b468c5588cbcd4b3c41
GNU tar follows symlinks blindly, a problem if you untar as root.
941d4baa8400f1fbed234f9bd2533ce2860e8137e6ad91ba30b49a049594c4f6
Redhat rpc.statdx mass exploit - scans for vulnerable hosts and implants a bindshell.
1b45bfc55a0f485af901ce8bd6d9f5e43c1bd304911f3aba1fa66a0b50409fd0
IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
563b0649befc9c9aa73a5dc18205c7cefadacb7078a25a04e71219dd156f6b8f
Netsed v0.01b brings sed functionality to the network layer, allowing you to change the contents of packets traveling through your network on the fly and in a completely transparent manner. It features basic expressions and dynamic filtering, and cooperates with ipfwadm/ipchains transparent proxy rules to pick specific packets.
a04f6b235d787b1efd96ecdb398e6c8456301dbf965840e6fcbad36c68372dce
auditd is part of the Linux Kernel Auditing Facility (KAD). It will capture auditing trails created by the kernel auditing facility from /proc/audit, filter them, and save them in specific log files. Either a kernel patch or loadable module must be installed for the daemon to be useful, both of which are included.
6c5c09a62ccddf426fb43c09643ad20d8cd4c7c49e0c9348d53259249bcbb305
fwlogwatch analyzes the ipchains, netfilter, or iptables packet filter logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
05ef7d6d6322de7a8721e7a368a05759a63e3ae1beed75f0f8794322abd7243e
Logtool is a syslog file parser, report generator, and monitoring utility. It takes syslog (and syslog compatible) logfiles as input from stdin, and depending on command line switches and/or config file settings, will parse and filter out unwanted messages from the logfile accordingly, and generate output in ANSI color, formatted ASCII, CSV (for spreadsheets), or HTML format. It is very handy for use in automated nightly reports, and online monitoring of logfile activity. It comes with some simple example scripts and documentation.
51269d444ab0a4ca6c3fb0275db05ab7bf72991eb58b375b908cb07b99386e25
Knetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.
4a732257225576206dbb9a67e2f9818f0f814b0e9e93ea2d122c0620a53bd98d
SubNetwork Explorer is a network scanning tool that checks subnets of a network for anonymous FTP, CUPS, Netbios, and SunRPC ports. It uses 'fork()' to scan all of the subnets at the same time.
128526167796733d82ded38f9d72649acd500dee160a084d02f60c3e62710b6d
Scowl_Cgi is a CGI scanner which allows you to easily add new bugs. Works very fast, using threads. Warns you, for hosts that return false positive answers. Freeware. Testing for more than 400 bugs.
3c2489aa464072e14d2a051c4ce5476847a64d748ee51638a23a002ef3fcc14c
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
2a72cc7462f8f3ac5397dd54fb59090a5f1fa15f2e5eb2e2480628c58264cbb8
Fastgraf's whois.cgi perl script lacks meta character checking, allowing remote users to execute arbitrary commands as uid of the webserver.
5abaa53a2c6a8bbe911a2c4851d96061e1ccfb4c69892c8acb5e5a3ac920d6ed
Testdisk can undelete deleted partitions! Source version. Works well in linux.
e817e1b981cc9f995b363c55f7d3e16ed570dccc3077643a057e77d7607229e6
Testdisk can undelete deleted partitions! Windows / DOS version.
387599a5fad7cdeb8c05fb466ff545bbf5166551cadbd0d85a3d7b00de6bb3c9
Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers. Text version available here.
22abdfcab10f441e0501420efec15d503b45b165a5be82400b3e1e96c014b32c
Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers.
4fd4b2bbef21c64d1c9c2fdebd6a48b8ea628ca311becdf898a6cf1dbfc00282
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
b4ff5819022353d41c4cc683902ca0a4853738cb2b8420b83eb2e87b08f0c370