WARD v1.8 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.
de328d9308ffc5500adcca4fe49a4be425aed38f7e62550cd8043829c52709a5
Microsoft Security Advisory MS02-057 - The Sun Microsystems RPC library in Microsoft's Services for UNIX (SFU) 3.0 on the Interix SDK contains three vulnerabilities, some of which allow remote code execution.
5acec35c4cedcc8aff24a306b384a7772763962d930ae71f8b073f37ff63e2fb
Microsoft Security Advisory MS02-056 - A Cumulative Patch for SQL Server 7.0, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000, and Microsoft Desktop Engine (MSDE) 2000 fix four vulnerabilities, some of which allow attackers to take complete control over the system.
3bf76166be49ef8d4f9d411cefac284e9a953d42055775e31b63ba8cd2072d44
Microsoft Security Advisory MS02-055 - A remotely exploitable buffer overflow in the HTML Help facility in Windows allows remote code execution via web page or HTML email on all versions of Windows.
40085ad491b3bf7c5e066a96491cdee2d23461e4cae9eca0322bf8b25086bcb8
Microsoft Security Advisory MS02-054 - On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature has an unchecked buffer in the program that handles the decompressing of files from a zipped file, allowing code of the attackers choice to run.
0073160f2cd0980100428ae4c75321cad44b866e6c57d5aca764031e6e60a48a
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
405a94e8fcc2629b63d6e303d88e32b16e4fd2363154cf2d02bd4de74d10d041
Apache v2.0.43 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
340e0f3ddc87e1dd13973c52b1bc99ec86ac5b5ef5cc105cda34cc7ff32d0d93
Kerberos 4 cracker.
1e2ec4124c5ea5abc860098482da56da54827ff1882ff0bc51e8a78488c36135
Monkey S/Key challenge/response auditor and white paper. Works similarly in nature to Alec Muffet's CRACK. In essence it takes the md4 value in either HEX or English words and compares it to a dictionary.
91361b4f1c1136c90bd9c318b67f64854190eb95ae32e1899a0166c2aa19e602
NotSync demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device.
7c3c502a14191792cb5a0b396a99c3ae44638139bd248d926f033f961fd04774
Dcetest is a tool which probes a windows machine over TCP port 135, dumping MSRPC endpoint information. It can be though of as the equivalent of rpcinfo -p against a Windows box. Dcetest can also be very useful once inside a DMZ to fingerprint Windows machines on the network. Similar to the rpcdump program from Microsoft, but does not need a DCE stack and so runs on Unixes.
4a319a08ae0838234f5b6fbd0b4d2e0fac7560a7553a4e1b043527cc17032aa3
Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed. Changelog available here.
921d6d247d3ad958a4453d6f5d00e4c8b68b958b021542ec1ad3a6c640b4bef8
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
a661b9f271e0bf1ffb19d638027beb79af15e52c66aa40ddb44a06a329ede7c0
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
4210118493aece128667e5ee06bb4738541b3ed774f2e91bdcf4437e6b790e9c
IPTables log analyzer displays Linux 2.4 iptables logs (rejected, accepted, masqueraded packets...) in a nice HTML page. This page shall be easy to read and understand to reduce the manual analysis time. This page contains statistics on packets and links to more detailed information on a given host, port, domain and so on. Screenshot available here.
4fd30f4b30ce34e48fbd6dc461f80e94b035021d98193ee59f25a5ed35b088f7
Sendmail 8.11.5 and below local root exploit. Tested against Red Hat 7.0 and 7.1, SuSE 7.2, and Slackware 8.0.
91760643cbea23f0d407bfbe6adb92fff440f2e21775e64c29e8d836351f91b9
Citrix is a Remote Desktop application that is becoming widely popular. It is similar to Microsoft's Terminal Services, RDP (Remote Desktop Protocol). Unlike Terminal Services, Citrixs' lines of products allow the administrator to specify certain applications to be run on the server. This allows them to control which programs they want to allow the end user to execute. There exists an interesting gray line for the security of Citrix applications due to the mixing of both Citrix technology, and Microsoft technology. With an application that allows users remote access to not only published programs, but remote desktops, a serious threat arises.
f66ebd0278ec5919fe8ede3d0ec55a3aa78b31d7b9b07b606409974660c1ca5f
Bind v8.2, 8.2.1, 8.2.2, and 8.2.2-PX remote root exploit for Solaris 2.7 x86.
ae23adfe8e413cf29b90daaa2aa3fa68779d3affba2a40e82e14dc7e57560754
iDEFENSE Security Advisory 10.02.2002 - The SNMP daemon included in the Net-SNMP (formerly known as ucd-snmp) package crashes if it attempts to process a specially crafted packet. This affects Net-SNMP 5.0.1, 5.0.3 and 5.0.4.pre2. Net-SNMP is no longer affected and can be downloaded here.
5c79243b80e30f146fd1dc449457202730c88daf5ec519bc3267742a3e57f584
This document describes how to compromise Solaris systems prior to version 9 by using a telnet client only.
ba05ee6ac0393c5d63a2046f794f28c1c85e51bfa90d2ea02db8150c95501fd7
The Apache servers prior to 2.0.43 insecurely include the value of the 'Host:' header field, received from a connected client, into the SSI error pages. This can be abused for remote cross-site scripting. Apache 1.3.x servers are not affected.
d50f05528a29fbb5a05af733fd529fd69f45701adeb8c86c64d8718b418adecd
E-Matters security advisory - Several buffer overflows have been found in fetchmail versions prior to 6.1.0. Overflows in the readheaders() and getmxrecord() function can be used in remote denial of service attacks that may cause data loss. An overflow found in the parse_received() function allows remote code execution and may be used to compromise an affected host.
1c6a40ce9f52ec5bad26332b8020746c2492bdf33417e8c825422b64fdfc8d11
iDEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.
e1968987be598ce21fb8b01554f9dd70ecddae77782675c6591f723f39c2dab1
Lcrzoex is a toolbox for network administrators and network hackers. Lcrzoex contains over 200 functionalities using network library lcrzo. For example, one can use it to sniff, spoof, create clients/servers, create decode and display packets, etc. The Ethernet, IP, UDP, TCP, ICMP, ARP and RARP protocols are supported. Lcrzoex and lcrzo were successfully installed under Linux, FreeBSD and Solaris. This archive contains Lcrzo and Lcrzoex. Windows binaries available here.
a03f7f6f74c7988b37fef255789605381b0369b5b79b43b9645a1aa255f0a735
Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
7472d8b561d8e35156b48704209672df84c19ff6aad52591c42cdad22c8e046b