Windows 2000 remote IIS .ida exploit - Spawns a shell on port 8008. Tested on Win2k with no service pack and SP2. Includes instructions on finding the offset.
a5c87b494e047e53be40395d92e556f28ceb11a767e48bdc5dfaeb792bf0cbf2Share Password Checker acquires the list of shared folders of a Windows 95/98/Me machine on the network and shows you those folders' passwords. This tool acquires the list of the shared folders also for Windows NT/2000 machines, but it only distinguishes folders who have no password. "Share Password Checker" uses the"Share Level Password" Vulnerability. And "Share Password Checker" aims to check whether the patch for this vulnerability has been applied to the target host. Please see the topic Reveal Windows9x Share Password for more detail.
68ffcf6b92de4161369856d55490632077c5eedbc5d8e39999e6710a4768f31cGetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.
5b6bbd73cb22a89f3ab034094eb23b9a4bd57627c373c87d1de7aa635ae60e38ScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000.
383905e6cda11790aee4510ec73ca026bdcf996dccdaac5e51ba8609abc73a42Promiscan is Windows software which searches for machines which are in promiscuous mode on the local network. It does this quickly and without generating a high network load. Tested on Windows 2000 professional. Requires Winpcap.
3a6524a2c100de9ecb3624e7cdb458d2c4772fa6e687cb2353e3824e3e5e5298This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
3497cd653b279784cce1aa396afd42714a6d57bcfe180d6ca6198520adde498bPort Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
29794f8eeb026de0c58ab24a283076072d77a7f8f61d8675b4f555b89fd68687Attqt.pl is a tool for sending banned attachments through SMTP gateways by adding an invalid character to the filename. This is known to work on MailMarshall and TrendMicro Scanmail, others are probably vulnerable.
1a58cc9c0872e25c6653fb79721d64cc43fbadc32d4cce480e6cf5df091aa5b3Snmpbrute-fixedup.c is a fixed version of snmpbrute.c, a very fast snmp brute forcer. Since it doesn't need to wait for a response, it can guess community's very fast. Tested on Slackware 3.6.
7dbc3fe51c35288a5bc8adfcd06b78f7c7b5f7a51c0d77e67f5bee417dd4f9edAE-Gateway is a Man-in-the-Middle Gateway to assist sniffing in switched environments. Forces itself to become an ivisible intermediary gateway between the gateway and the victim host. It works well for sniffing specified machines on switched networks. This is done through ARP reply spoofing and then ARP replys are sent upon application terminiation to set back the original MAC addresses in the ARP tables to minimize traffic interruption.
cb46879f462c268e3ecddd01f3bc39031e1efaa3b08464f9cd0ccee0d3454218Guidelines for C source code auditing - A basic reference containing some tips, approaches and methods for finding vulnerabilities in C code.
b51ef94c9808338490069713f8eb6404b9f0ffddb2612c40f2369d7c13b0a159Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
58dbe96cc345f0da76e6db10ebb3c98646a3db01584b7d4fa8b27ed549838580(Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another, providing strong authentication and a secure communications over insecure channels.
c9d596726f4b8cec7f91f55f8f4a311c0233d4f2a4aa9768daa9fc764b521f0bThe Windows 9x Password List reader is a program that will allow you to see the passwords contained in your Windows pwl database under Unix. You can check the security of these files and try to recover the main password using the bruteforce mode.
cb2d359583804fca1732c431cd82aee6756dbf1f9180a56184ac03cf5fc5facfStegdetect is an automated tool for detecting steganographic content in images which is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, and outguess 01.3b.
11e17ea9f4adb250f6a7213d4c0dd3c0e65b2683d506de2af85ea7489f6ed85fsnort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
b9895bf2d3226917e9a405e816c5229d3384461acf45e0229d7459ba3dc9c223MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
b4825360f3b65836d1b64b2aadbc71cbfe615a5a8d9835c3f43ff1674b3d115cInflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
9c66c26c39cc8c6de30b8e4b31c13ab2ec4b8fc3a1ed4c01fd16df3ac39a4819Knocker is a simple and easy-to-use TCP security port scanner written in C. It is able to analyze hosts and the network services which are running on them. Knocker it is available for Linux and Unix platforms. Both a console version and a GTK+ version are available.
b6c8714ba80236c603d417c1c42b30a02c8465c256262a46bab1a03246b5c0a6Arpwarp is a tool which attempts to detect ARP spoofing attacks before executing a unix command (such as SSH or Telnet). This is the solaris version - The Linux version is available here.
13f3623d4cadab729d731d9c920bee3dcc06b5f67697649a85a68142852f9f6eSlides for FX's talk at Defcon 2001 on attacking routing protocols.
68e73b3a5647139ae2a8b7ceb88bc2723866a295c5fdd1b4e948cc7d7e738e78Snmpbrute.c is a very fast snmp brute forcer. Since it doesn't need to wait for a response, it can guess community's very fast. Tested on Slackware 3.6.
ede6eff88c71d88c2794ccb25e697d8172a81ad26b0789a338f10532bf344097Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
f6d1536844bda3897c7a7ee1beafa6a618fa8544f48798df61fb93e8e5a76663Winfingerprint v0.2.0 - Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain Controller), NT member server, NT Workstation, SQLServer, Novell Netware Server, Windows for Workgroups, Windows 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, Enumerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
4b22124cb653fd0d9ff945fcd920fd12590a43cc0067a120be6546c68cc4661bNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
b66d46f2fbd8e97a4a750e35af1a751650f38394d9bbf8fe0c184c027ba76590
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed