Examining Advanced Remote OS Detection Methods/Concepts using Perl - This paper discusses the theory and practice behind OS detection with a specific focus on the practice related to the PERL programming language. Methods and concepts for remote operating system detection are closely examined and implemented into Perl code.
42dc76c48a5bd38bca8b591b25e2bfb48e12b5dc3be5bf83200be9d48655549b
LICQ and Gnome-ICQ contain remote denial of service vulnerabilities when users send .rtf files. Tested from NT4 and NT5 workstations (running ICQ 2000b) to various Linux distro's.
0d38b38a373c2c23008a37ff163edc7ea2509c844ccb480ba538319171bd2abb
Knetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.
a84b011d7820f85efc808a793953ee3393bd17ba794edb771ee439d52fb25fdc
Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 531 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
462c9493013c6c0509ff013763bd44d032e5af15e3d616892160b3a09e0acc66
Netscape Enterprise Server 3.5.1 (Publisher) has a problem with the default ACL settings that could allow an intruder to view/download "non-public" files in the web root.
7a62731a05028e001f32f9d4c8e75d4140a036bb3958b1acba24163c1b5f6704
Infobot v0.44.5.3 and below contains vulnerabilities which allow remote users to execute commands due to an insecure open call.
9e668c912d9b544d8575c377bcbc9d85a1e5518c52ad1d6000d9621425787cad
SAT_Tools Saturation Tools are a small collection of scripts and programs to test network IDS and network saturation. Includes mas.sh, mget.cpp, trafficwhore.cpp, and spank.c.
b4794913555eb6eb5b1f49944bfb08e6671b989099ffb756e1d4937d7baeda04
Microsoft Security Advisory MS01-008 - A flaw in the NTLM Security Support Provider (NTLMSSP) service allows a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. Microsoft FAQ on this issue available here.
fd372dce83d40400b88e4302defae7822e466e7f14d6a75ba1e1441d17864a81
P-smash.c is an exploit that uses 50 percent of the CPU on windows 98 machines and causes windows 95 machines to slow down by sending ICMP type 9 code 0 packets.
ea8fd6e6dba3e554137d2f69ab652d216dcf5e70d827859208049f7e32a99736
FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
0b247d5f97114dcbe7da125fd3e8270ef6b0e8f6fe5c722c4ea4d9364d807536
FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
1a869b62905af8904b8403041846cf5d771ff31293af4c383220241db9779734
FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
82dc603952f8799c8d452e6428abd2aef95221b5e642ce2ef35c1ff993c0c960
FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.
3c6cd6aa00e8cf396936b0c72ab70929ad0b9c020f6adcef73f20aabb1587858
Dkbf is a Distributed, Keyboard, Brute-Force program, written in C, for Linux clusters that attacks Windows NT Lanman and NT hashes using the Message Passing Interface (MPI) to distribute the program L0phtCrack by the L0pht.
bc739902dc191518d99e7370312674317d866ac724bde1f14b80333350647495
FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.
6273536180124ce566ee041fbe174c87037903e5135ad44363d389827459892e
FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
a86476e1628aed06b3b85bb5a0723201799197b19fa72a9457265207364bde18
FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.
d045fe7d70cc4c35244fc03cf6f26e6408e42a804a5cb6915ef7e3e3aa2fa584
Snort 1.7 for Windows - This is a working port of Snort to Windows NT/2000/9x.
9158523305f16b03181280f71400362f5d8c75014152b3fcc0a2688e97d43131
Computer Crime Law Archive Volume 5 - Tutorial on state computer crime laws for South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, Wisconsin, West Virginia, and Wyoming.
0a9a3b80759ab26305a0f5ef9d6265b70e8747ae94152a193d0672b870e86171
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
8e263a89cb962af9839db130e697d1cf288b9fda27fdc7ea9244057cdf88cfac
These files allow you to run an nmap portscan from a Samsung 8500 with wireless web. It works by redirecting output to your phone display. Includes nmap.wml and nmap.php3.
5fd2a952d6af5426627ff223ac71687b338c4f716e7ac499bdf9365c122805ec
Fwlogwatch analyzes the ipchains, netfilter, iptables packet filter, and cisco logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
108cb15cabf06e0f76299f716aae11b57f8ad102208443cebc377a10e322b06d
Ramenfind v0.3 is a local Ramen worm detection and removal tool. Final release unless problems are found.
3daa564079eb078a3001ddd85ac60d43fde930b5546611ad9cbc74cff71de82c
Interbase.pl is a perl script to scan all hosts in a file on port 3050 for a Interbase database allowing you to find Interbase backdoors with the hard coded username & pass: politically:correct.
228b90a4dd54e05b24e25404f853f1578d34225b438138601db8f17d91d76bb4
Saqueadores Edicion Tecnica Issue #24 (En Espanol) - Remote OS analysis, Securing your network with OpenBSD, Study on Real Passwords, NT's who/what/why&where, Format Bugs, Intrusion detection and more...
e050b4242cab40a2e50530a97963cbbeec0e932f7708396b880c0c0f512b7f0a