GuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.
66b6bd5f11545111bd09aabb69389f0086fec4a6cfaf702ac3c29d5f3b589672
Driftnet is a program which sniffs network traffic and picks out images from TCP streams it observes. It is interesting to run it on a host which sees a lot of web traffic.
dbdf7ead3ae14b109f88c86dedeb7524be8c257aa773a781891216f013373d6d
Information on cracking the Microsoft SQL pwdencrypt() hash function which is used to generate SQL hashes.
5c2b4319be1979dcbd27e7fd3420df3b66d393c7fcb09d4c8682d6c6694cd701
Watchguard Firebox Dynamic VPN Configuration Protocol Denial of Service - Malicious users can crash the Dynamic VPN Configuration Protocol service (DVCP) by sending a malformed packet to the listener service on TCP port 4110. Watchguard Firebox firmware v5.x.x is vulnerable.
f7fefdb893755ef161385dc353bea35abe34c677710fe9ef1b8f81eb0e3212b7
The Sun iPlanet Web Server iWS 4.1 and 6.0 contains a remotely exploitable buffer overflow if the search feature is enabled.
569fc6dbae95b454b1cb7139d2f9325513c3521f10923c0642d0afb59f288e67
Null.pl is a Perl script which uses a dictionary file to launch a brute force attach against a remote host using a null session.
5268eddc91b7e3545bc81757d6e718c037e3ea66509d15890f601a10ba2092af
Winfingerprint v0.5.0 - Advanced Windows remote OS detection. Current features: Differentiate Windows Operating Systems using SMB Queries, Enumerate Servers, Enumerate and test for "open" NetBIOS Shares including Administrative ($), Enumerate Local and Global Groups (including memberships), Enumerate Users, Displays Active Services, non-blocking TCP/UDP scanner, ICMP scans, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes. Runs on Windows NT, 2000 and XP. Both GUI and command line versions included.
5789931a8ed62a217d642cd88e32b1bc60ed0f32a1284444417ad35c45d6c80e
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
cb3427da022cdb0e4af1d56b4fee53babe3ababc1afd76728031a4b3a989c24f
scponly is an alternative shell for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges. Functionally, it is a wrapper around the ssh suite of applications.
967cb4ddc6ec5c217237713c720db191bb0815041b5dc3f2f2d65b4e1acbf86f
Memory Layout - Detailed information on memory management.
cc6fe6e45674468a6bc672789840a5b21125c251e2bdb99011fbff20d436c393
GreedyDog v2.3 is an ethernet packet sniffer for Linux, FreeBSD, OpenBSD, NetBSD, Solaris, IRIX, SunOS4, AIX, MacOSX, and Windows2000/Xp. GreedyDog keeps stream of each TCP session and writes to logfile. Very portable. Manual is here.
9ea5aa65e79bb73b43231fbad538888ef8b601b0fa200261c300006cf9e23e7c
Slrnpull '-d' buffer overflow exploit. Executes shellcode with group 'news' privileges. Tested to work on an Intel Red Hat 6.2 installation .
eccfcdb6d3ad013958b3649b816be1230bf50ad9509fddc11a59fc1c14880407
The SucKIT is easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets, sniff TTYs. Next, it have integrated TTY shell access (xor+sha1) which can be invoked through any running service on a server. No compiling on target box needed, one binary can work on any of 2.2.x & 2.4.x kernels precompiled (libc-free).
0782e8116250f17749de320363e484ece37a2856ab5f59c96075f788b0c901a8
Apache chunked encoding mass scanner / defacer. When a vulnerable server is found code is launched.
e701383409bcc76b9426ac970d717b951451d645474790a4db482cd1cf64f15d
Labview v5.1.1 and below denial of service exploit.
63e49c0eaaa4336a0325f6a46a82472a47c66c33ef37e4f6220653f0c7488c72
Remote root exploit for Solaris Sparc 6-8 rpc.walld.
c1e410fe5ab1b188ba6d26dea7078a80e8c12c1aca5f21472f6d5a56a4dc4455
Microsoft IIS 4/5.0 remote .ida exploit. Spawns a shell on port 8008.
0fd5e0fbd77aa95dad4b9cbea18e4904d8c929ac25376f72fd816415bf8d97d3
Backdoors Bash-2.05 for local root.
a091c406eec0646458840e3613e28a2adfa1c29709189adf1882c67b9ae23876
Apache remote DoS (1.3.x/2.0.x branches) based on the recent flaw met in chunked encoding.
cec28b70971878ff54768796e2494d2f8f48cedd275ac84b1261c0bfa5ecdbd3
Burndump is a LKM which strips off the Teso burneye protection from encrypted executables. You must be able to run the executable. When the program is unwrapped you don't need the host-fingerprint or the password anymore and the ELF file can be reverse engineered without the burneye anti-debugger tricks. Tested under Linux v2.4.x.
3b36a23bff328ef64a1ac8f9706fb52054711b53b98732f854931af64e878115
Kcms_configure -o -S command line local root buffer overflow for SPARC/solaris 8. More information available here.
78bc78b679916c2da141474802dd02ab271715c5e4e3edc5e7bc694f77031ccc
Bigeye is a network utility dump that can be run in multiple modes - sniffer, logging connections, and even emulating protocols such as HTTP or FTP. The main focus of this program is to create an emulative service that would fool hackers/worms into thinking that they're exploiting a real service, but in fact, they're trying to exploit a fake service. The services currently available are ftp or http. Useful for honeypots.
539835fe1b31923f09bb295a5f862a421092758644cc95c5c8832c043cfe9635
The KF Web Server v1.0.2 shows file and directory content if %00 is appended to the URL. Patch available here.
57f627a9f7b88cd3cc183123645d6f6df32860f6e50530dad88c452563699256
How to hack windows remotely through file sharing.
ffc2b445833e871c315c998250f6bb60702c9aff78e05256d53c79e26ad64a71
An ARP Man In the Middle tool for Windows, which allows one to redirect traffic on a LAN. See http://www.arp-sk.org/ for further information.
7c83e529e9d258e4315f98745f67f5fb87f6070e2e6805589e7fa8950669f767