Microsoft Security Advisory MS01-016 - A remote denial of service attack has been discovered in WebDAV, and extension to the HTTP protocol included in Windows 2000 IIS 5.0. Microsoft FAQ on this issue available here.
c80117b9bf7cc43251692b9718db26d94050802d79ad071dfb50f1e55501d4d4
Remote Nmap is a python client/server package which allows many authorized clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all their scans come from a dedicated machine.
6e2d5296e6d2c16093f2ba394662e10723c9b919de3d5ea44c60358ad8fd3287
Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org
65225d45fe97f937fa6791a4d502df39372d4b4b6ff6ce1d5471044798905136
Suq Diq v1.00 is a remote exploit for IBM Net.Commerce, WebSphere and possibly other IBM and Lotus applications as well. These products use Tripple DES with a fixed key by default, allowing remote users to gain the usernames and plaintext passwords of all Net.Commerce accounts. Exploit URL's included.
456ddf7f21b031b28f2dde450649305feb794560bd860f5ff50870ac332465dc
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
4fb32cf69c099e1c1c8fb0a829f0cf20295af56a66ccb91b51642d0d8d5d2baf
FreeBSD Security Advisory FreeBSD-SA-01:29.rwhod - Malformed packets sent to the rwhod daemon via UDP port 513 could cause it to crash, thereby denying service to clients.
d0e5626fc0a114aca4d206ed884b059d29eb84f5db39bad6f452ffdbbdb3ec07
FreeBSD Security Advisory FreeBSD-SA-01:28 - Malformed packets sent to the timed daemon on UDP port 525 could cause it to crash, thereby denying service to clients.
4b53ee36f6fd34c4b54d687a1dac18792fc95ea30d370ff8f2d80275bbbe55ff
FreeBSD Security Advisory FreeBSD-SA-01:27 - The cfengine port, versions prior to 1.6.1, contained several format string vulnerabilities which allow a remote attacker to execute arbitrary code on the local system as the user running cfengine, usually user root.
a7f47cec624617cb484ffc0d9e3ccf954f580bd00348310894bd1aac303a4cd2
FreeBSD Security Advisory FreeBSD-SA-01:26 - The interbase port has a hard coded backdoor which has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.
a541aa5579236a77051e5dcbc2246ce72182fdea0f95eaace89c3acbd18ad1ef
FreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.
e32a64dc0b3ab0cbabbdccc9b1c5ab6d87888e20dac4061a5944907543de4e36
OpenSSH-2.2.0 remote exploit - Includes a wrapper to brute force the offset.
69c2cf51173e0fc8e778c6301220d383a260b74f3973fc7a977063b57e64b674
nPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/device s at a time on multiple ports. nPULSE is written in Perl, uses nmap as its core scanning engine, and comes with its own mini web server for extra security.
a22ae4ce7edafd40a197aabf965a8be7f7cdcdd3b9d8cbef6d161551d9e846d8
Disassembling programs on Debian Linux 2.2 using gdb.
56d9a1c2e8443b0f76c19af756ecdda7c41fa869fa870e362ec15110a4a21e2b
ICQ 2000b build #3279 Banner Remover.
b1e477ddfe63142517b9a3c4644f09983bf34d3a7f04e717580d9a205b239ca0
Auto.txt lists eleven known and unknown methods of starting programs upon bootup in Windows. Trojans, backdoors, and keyloggers often use these to restart themselves.
2be6281495c93af23929c2c718feed2fda08f10646b64b0c3c7a014be08296b0
WARD v1.0 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. Wargames still r0cks. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. Tested on Linux.
3d6ac9f41626b7fe14cf0698b5eba65d9ddbf380d57d73126c87d9614543d3c5
Cit-scan is a scanner for Linux which scans for common services. Features randomized IP generation.
5bdf7c154e8074152b5d27eb1c02e14619af40b4462e9ccaa294274d08107dfb
Local exploit for /usr/X11R6/bin/ascdc v0.3-2-i386 which overflows the -c switch.
369413df47f94becaec9f4e8410f671ac2ad5558dfd1fab00aa597cde7c8de5d
RKit is a Linux LKM backdoor/rootkit which intercepts the SYS_setuid call and ups a specified UID to 0 when that user logs in thereby successfully (and covertly) backdooring the root account.
9e0558a46516706382a2647e56185358b0531f40282626e1c0cbf6705a4a05d2
Sqlping v1.1 (unix port) is a tool which sends a specially crafted UDP packet to port 1434 to SQL Server 2000 which will return gobs of useful info including SQL version and service pack. Based on SQLping from http://www.sqlsecurity.com.
05a1be726607efbcb157f03dc375f6e2e53bd8ce933f93a6dc180bd70d37eaf7
Sqlping v1.2 is a tool which sends a specially crafted UDP packet to port 1434 on SQL Server 2000 which will return gobs of useful info including SQL version and service pack. Features the ability to send broadcast queries. Released at Black Hat Windows 2000 Feb 14th and 15th.
55222ecc8d6707ba80fdc70f94f75b0c659234cf866a6db70c7971c3d37a276a
Debian Security Advisory - On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.
e59e84ea5add01b5cbf3c7251d060ddd800507723217e66b84e417e02472ca4b
Debian Security Advisory DSA-042-1 - Gnuserv, a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21, has a buffer overflow which can be exploited to make the cookie comparison always succeed.
9ed783e0c6abaf46763de9ff4df5c7e63418c4cad78d6fe51f25bf934992f3cc
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
2daefb4ffb47bf34b2d5a8e52abb432d5c8e3cf93a7f96aea425cdea97acad99
Downloads a file via ftp. Executes it. Removes it. Easy to hide. Easy to bind. C++ source. Archive password is set to p4ssw0rd. Use at your own risk.
135eed4a33cd7b8f95b4c8864e0e61c5ce1f793d3aca1b36baaa24ba58add957