Desperate is a collection of tools used to extract of usernames via EXPN and finger, and obtaining IP addresses via "brute force" DNS lookups. Contains lists of commonly used usernames and DNS names. Coded in PERL.
3eec3182b844f67054826bdc9dd5a20cdd822e3c2ec7659e61d174b262aeea46Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the News the past week. In this issue: Mercur Mailserver 3.3 remote overflow.
fbe97dcb39720d47026ff9b6c2dcc37d8bf67cecacf24735fbef6327f93def61KillOE is a modified msoe.dll which gets rid of the MSN Outlook Express 5.5 Banner when used in conjunction with hotmail accounts. Replacing C:\program files\Outlook Express\msoe.dll with this version of the DLL will allow you to use whatever HTML code you wish to see in place of the banner. No longer supported by author.
515cdc5082640d7673c633b253292444b2771462f9fb3fe48ce51d52e0c90bc5Bios Cracker v1.3a can display the password on 7 types of BIOS's.
f757d865e663226a7429090c46493ea93a43d3cc99d0a026aacd02ed12a4cdb6Datehack changes your computer date in an attempt at letting you use shareware longer.
a36ed3b75f86c91c2471fe755c3f4bd36d3f1115c8f22a2ff2ddca3e2b62c9cdSnadboy's Revelation enables you to retrieve long-forgotten passwords that Windows presents as a mysterious row of asterisks. Drag and drop the Snadboy's Revelation marker to the masked password field to retrieve the information.
67e33ad40189677cb874aa1f273e75168301cd64338e0ca9c0ba4db8fd3590d2Red Hat Security Advisory RHSA-2001:021-06 - Zope v2.3.1b1 and below contains vulnerabilities which allow users with through-the-web scripting capabilities on a Zope site to make inappropriate changes to ZClass instances.
b1ad22b20aafe367c47d50a1609b50e47d38a5a98223a48780d1dd4eb4199170Vudu is a simple X.25 NUA scanner for Unix systems. It is written in bash for portability. Tested on Solaris.
2dcad5359323ccb260a10fc12d3502c644bce9be6574b8ac75f7bed8d285e5d2Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
e611f4ddfa50d863dbee64de332fb55bda3cc532ddfaa9b45fa3e423d83b4d3dMicrosoft Security Advisory MS01-013 - The Windows 2000 event viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempts to display an event record that contains specially malformed data in one of the fields, code of the attacker's choice can be made to run with the privileges of the user running the event viewer. Microsoft FAQ on this issue available here.
fd428d11543b426f8a0c1f9971572740551089ba5b2c2d6b0713c7bb5424dbe0Man-cgi v1.3 and v2.0 contains remote vulnerabilities which allow any file on the web server to be viewed, and some implementations allow remote command execution due to lack of filtering of hex encoded characters. Exploit URL's included.
bde148ba24eeeaed3cbb01ed7b0992252003c4928d9ca6fd786ddf9a3fc401dfThe goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
a3f02c3ede9f5832a1aa09d32f304ede7de570446448b6469f640353b914790bEttercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
bdf24244a7ea783e0a7b9ce1bcf0c15e306fddf6f02fc6247b25e081458877bdImsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs.
2fe6fdb67a96f0f613caf52cbe4cc4ad693af7efebce22f5d431a85b5c718c35Cheops-ng is a graphical network management tool for mapping and monitoring your network. It has host/network discovery functionality, OS detection, and it also does a port scan of each computer to tell what services are running, so you can use or administer them.
10360bba996d9733ae12c12637aa0dcccc04ebca49ceb0f483e9859118c71028syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful.
64e91633f1a9766f0c64eff9a320b0029dbb43917615c0cf5d23a7f68e9e79c2VB Script Creator takes an executable, and stores it in ascii codes into a vb script. When this vb script is executed, it will create a new exe and execute it. It could be useful but it shows how an executable can live dormant inside a vb script. Windows source included.
137d508fecdb0efd429e9e2c3ef6d7e8b762fe3ae51d82d0b767c1a5099c1a8aDcisco.c reads from a list of routers and uses them to ping-flood a single host. Logs into the routers and uses the ping command. This is an improved version of rampage.c.
3676aae7eb4800c0ad769791e1f7efa0322de1a346981ba17fa835a361ce5e58Scponly is an alternative shell (of sorts) for system administrators who would like to provide file transfer over SSH without providing any remote execution privileges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications. Features extra logging, chroot, file listing, and security checks.
f894ecf542cfb22d54f2c6fb2668dc840d9d06185591ea7d505abc77a0b829f1Red Hat Security Advisory RHSA-2001:017-03 - The Red Hat Secure Web Server 2.0 contains a vulnerability in Analog which can allow a malicious user to use the ALIAS command to construct very long strings which were not checked for length.
937c98584adb80c8c76e1a4ead91999c86c9013777778032594796c4f8feb7bfA remotely exploitable stack overflow has been discovered in Imapd v12.264 and below in the handling of the lsub command. Since an account is required, mail only users will be able to get shell access. Tested against Slackware 7.0, 7.1, Redhat 6.2, and Conectiva Linux 6.0. Fix available here.
2410c7335840d45d8cc28af5b2e3ca6d01c8dd7c5959b1f0099e67233e56f150Passing a long value to a password text box in Internet Explorer causes it to freeze.
2bca69dcf2346db1f6da3fa3559006b46075f6de3d3854008908ab748240a7f1NewSyslog is an updated version of a package put together by Theodore Tso of MIT Project Athena (which is included in NetBSD, FreeBSD, OpenBSD, etc.). This version has a mix of features from all of the other versions, and it has been made more portable than any of the others with the help of GNU Autoconf.
7ade2ad7a9193f2c8a6f3c728ae16f29dac99208cc2a03552576e9c4ee9b3f6dViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
a68a09bc591a1b9b7f96d7c08fef3bf95f413957808bc250c6a9de249c58b420MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
4b3886734324f04fab377511023d5ae0c9dbdbd5db446f455e3c4d58129385f7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed