what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2002-07-24 to 2002-07-25

Posted Jul 24, 2002
Authored by Arnaud Jacques | Site securiteinfo.com

The Pablo Software Solutions FTP server version 1.0 build 9 for Windows 98/NT/XP shows files and directories that reside outside the normal FTP root directory. Fix available here.

tags | root
systems | windows
SHA-256 | 6df65debffed14ad12b5f0d01521b4a49980ff30538c271b7f1ec8895d429fa5
Posted Jul 24, 2002
Authored by Greg Frisinger

Vscan v1.2 is a perl script which uses nmap, snmpstatus, whois, and host commands to find information about a remote host.

tags | tool, remote, scanner, perl
systems | unix
SHA-256 | f5a841b37cafc2ff6237685a106ab9f3e1fbe2b2f3f195f09fcb1cf2b4a9d834
Posted Jul 24, 2002
Authored by Demi Sex God from Hell

Code Blue remote exploit for OpenBSD. Code blue is a code red scanner with several vulnerabilities.

tags | exploit, remote, vulnerability
systems | openbsd
SHA-256 | cff16d5936946288cd9899071ceab6d62a74a4b57a019d0ed58b1845d5195c7d
Posted Jul 24, 2002
Authored by thc, rd | Site thc.org

Writing Linux kernel based key loggers - Includes a sample key logger which can log user input and passwords.

tags | paper, kernel
systems | linux, unix
SHA-256 | 7f88f2d22ed4e054498403e9c2f923a531d0e030d05598992787c9f2a357b715
Posted Jul 24, 2002
Authored by thc, Johnny Cyberpunk | Site thc.org

Writing shellcode for Linux/390 mainframes. Includes port binding shellcode example.

tags | paper, shellcode
systems | linux, unix
SHA-256 | c882054b5eac3179b12735dc7e7d8bd4b960f0cbc421c7afa516ca6eb6614193
Posted Jul 24, 2002
Authored by phrack | Site phrack.org

Phrack Magazine Issue 59 Release Candidate 1 - In this issue: Handling the Interrupt Descriptor Table, Advances in kernel hacking II, Defeating Forensic Analysis on Unix, Advances in format string exploitation, Runtime process infection, Bypassing PaX ASLR protection, Execution path analysis: finding kernel rootkits, Cuts like a knife, SSHarp, Building ptrace injecting shellcodes, Linux/390 shellcode development, Writing linux kernel keyloggers, Cryptographic random number generators, Playing with windows /dev/(k)mem, Phrack World News, Loopback, and Linenoise.

tags | kernel, shellcode, magazine
systems | linux, windows, unix
SHA-256 | 79115d1b271465569aece42fafcb7edd1c26a8972e97d2e4a8a9372119ae3983
Posted Jul 24, 2002
Authored by 2c79cbe14ac7d0b8472d3f129fa1df55

MailMax Standard/Professional popmax v4.8.2.5 and below remote exploit. Sends a long USER string to the pop3 daemon. Tested against Windows 2000 Professional/Server and Windows XP Professional. Patch available here.

tags | exploit, remote
systems | windows
SHA-256 | 6463001871555a4dde5d4631306b9a8eea057ffea8d2462e5fd5a2f22fe762f5
Posted Jul 24, 2002
Authored by 2c79cbe14ac7d0b8472d3f129fa1df55

MailMax Standard/Professional popmax v4.8.2.5 patch which fixes a buffer overflow in the USER string.

tags | overflow, patch
SHA-256 | 90cf9e79ea1e5a2cc7a7588d1ce8f11fcc5d80d7fa81284eee2789230e15d36b
Posted Jul 24, 2002
Authored by Dianne Skoll | Site roaringpenguin.com

MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12's "milter" API and will alter or delete various parts of a MIME message according to a flexible configuration file.

Changes: Now compiles on BSD. Improved support for the KAV anti-virus scanner, and supports two new scanners: Clam Anti-Virus and Norman Virus Control. Sendmail 8.11 is no longer officially supported; you must use Sendmail 8.12 with MIMEDefang.
systems | windows, unix
SHA-256 | 0a95c7c4b33ab669e6cb682dee59695f3c5a9ba16430de53a4fadcd79aad056e
Samhain File Integrity Checker
Posted Jul 24, 2002
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.

Changes: Fixes potential buffer overflow in the client/standalone code of samhain, versions 1.3.4 to 1.5.3 if compiled with the 'stealth' or 'micro-stealth' option. Other bugs were fixed.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | ffa74ffac9f6fd324dc72211172b17144efed59f789ab45f7eecfb30df33a226
Nmap Scanning Utility 2.99 RC 1
Posted Jul 24, 2002
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, uptime calculation, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.

Changes: First release candidate for Nmap 3. Includes the biggest OS fingerprint update since December 1999 with more than 200 fingerprints were added/modified. Includes some MacOS and Tru64 portability fixes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | b183fb546b3246e3098a4354e3b9c060c8be81a5b38d4324dac6a8d569e9437a
Posted Jul 24, 2002
Site condor.gmu.edu

The Logging Project (formerly salt) are tools which provide centralized, secure and fault-tolerant logging. It is flexible, robust, and easy to integrate, making it a good alternative to replacing syslog.

Changes: Bug fixes.
tags | system logging
systems | unix
SHA-256 | 02c2c1b3964187dfb6201bdd2eaf7f5bd457d9e8ada5fb6d50b2cd2a7463bfda
Posted Jul 24, 2002
Site dimlight.org

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.

Changes: The -x option was added to skip local SUID/SGID and world/group read/write. A checkcfg module was added for Red Hat. Checkcfg prints the output of chkconfig --list, giving the user a visual inspection of all services run in each runlevel.
tags | kernel
systems | linux, redhat
SHA-256 | 981c88bea3e70dc303ffe5868239d1ae567c6b7e4b9740e14a31c45c3062a22a
Posted Jul 24, 2002
Authored by Shaun Clowes | Site securereality.com.au

Injectso is a tool that can be used to inject shared libraries into running processes on Linux (x86/IA32 and Sparc) and Solaris (Sparc). It also provides routines that can be used by injected libraries to easily modify the behavior of the host process by intercepting library function calls. This allows you to intercept input or output, send and receive information over open sockets in that process, read and write to files opened exclusively by that process, close a file descriptor to a socket and redirect the i/o to a file for debugging, and much more. This is similar to an article in Phrack 59, but more refined. More information available here.

tags | x86
systems | linux, unix, solaris
SHA-256 | 86ed5a565b200987649f97d7851229c076e37c2ddfedbb27bc8483bd7203e7a6
Posted Jul 24, 2002
Authored by George Bakos | Site alpinista.dyndns.org

Tiny Honeypot (thp) is a simple honey pot program based on iptables redirects, an xinetd listener, and perl. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders, written in Perl, provide just enough interaction to fool most automated attack tools, as well as quite a few humans, at least for a little while.

Changes: Fixed xinetd.d file port numbers and removed o-x from the config files. GOODNET and GOODSVCS were added to the INPUT chain, along with a section in iptables.rules to allow a multi-homed system to trust either an entire interface or a network. A test was added to bomb out if someone accidentally ran iptables.rules directly. Bugs were fixed.
tags | perl, tcp
systems | unix
SHA-256 | 8a5a69d349e54b174e39d30a39ce23e811ad62fcfc00b68e0418dbc09e533a8e
Posted Jul 24, 2002
Authored by Robert

All versions of SSH and OpenSSH which use computability mode 1.99 are vulnerable to a mitm attack without the duplicate key warning because the attacker can force protocol version 1, so the only warning the user gets asks him if he wants to add the new key. Still suspicious, but less so.

tags | protocol
SHA-256 | 98d4d1bb0a58e04cbf0d8839a3f693e46ecfcac7a397eef7bae93eb8985ab548
Posted Jul 24, 2002
Authored by Wizdumb, fk

Forbidden Knowledge Issue 17 - My Anus iz Huge, Sum Stuf, and Sm Othrr Stufs.

tags | magazine
SHA-256 | a4cb10a843e586f64b77056b70722166bd5d12a962da18ee898cc751f21a023b
Posted Jul 24, 2002
Authored by Pf1shy

Url2ip.c 0.1p3 resolves the ip's of url's stored in a file. Useful for synscan.

systems | unix
SHA-256 | fdcf3a3aec6641775dbad19ea77843263773acfbf61730c3e35f94482e38044d
Posted Jul 24, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.

Changes: A HTML based GUI is now included, allowing the user to quickly look for SQL injection bugs/overflows on an entire site or rewrite individual requests.
tags | web, protocol
SHA-256 | 9b38f8f7bb8355547afc59ac401553989648c2392fa630a1188abaabde229a6b
Posted Jul 24, 2002
Authored by Peanuter

Fast telnetd scanner - Scans a class c in 6 seconds.

tags | tool, scanner
systems | unix
SHA-256 | 2f6af573a7fd9dd2766bd7eaf216b2e57f790e738a8adc81019aef68d86318aa
Posted Jul 24, 2002
Authored by Caustic

Vortex is a pair of shortcuts which point to each other. When placed on the desktop they crash the machine repeatedly. Works best in NT/XP/2000.

tags | denial of service
SHA-256 | 1d54a914f6dd1ec7716349050ad39c2ca8fe5156c52dcbc82ae0ddc61e1f834c
Posted Jul 24, 2002
Authored by SpaceWalker | Site minithins.net

Nanog traceroute format string local root exploit.

tags | exploit, local, root
SHA-256 | 5fec0e1d8861a9656e800d1b688a2f580c667ee63c38b1e84d84cffb102fe6ab
Posted Jul 24, 2002
Authored by Caldera | Site caldera.com

Caldera security advisory CSSA-2002-SCO.35 - A format string vulnerability found in the crontab utility can allow local users to gain root level privileges. This issue affects Caldera OpenServer 5.0.5 and OpenServer 5.0.6 .

tags | local, root
SHA-256 | 4b6d1da615ec1c788d6aa26337d81d1fef020b841d6c3833d41e806acfb24350
Posted Jul 24, 2002
Site php.net

PHP Security Advisory - A vulnerability has been found in the parsing mechanism of headers that are received with POST requests. This vulnerability, which affects PHP 4.2.0 and 4.2.1, can be used in denial of service (IA-32) and remote code execution attacks and has been fixed on PHP 4.2.2.

tags | remote, denial of service, php, code execution
SHA-256 | 069feb6775ff333892843900329a35f88dd3947893a63c02a9e57a870ba5b00a
Posted Jul 24, 2002
Authored by Kyuzo

A buffer overflow found in VanDyke SecureCRT v3.4 & 4.0 beta allows malicious server owners to execute code on systems running this software.

tags | overflow
SHA-256 | cb3b1d24a9ff87e3e05d59f562932d35f8b8b325d39643420d95ce5899443046
Page 1 of 2

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By