Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
558bc757ee8a6481d9b014417a2378a9d3bc6e01e240f1411ccf84a919f8d209Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
f3bc1c5631f36073b92c9614c9ca82d6a9d8dfec135bdb95d79901f828332801CERT Advisory CA-2002-35 - Cobalt Raq4 systems with the Security Hardening Package installed allow remote attackers to execute code as root because overflow.cgi does not adequately filter input destined for the email variable.
0f6f2e8184209658ee339e366fe5d0badc0607061e7156cc51ba6d1df49804c4Microsoft Security Advisory MS02-070 - A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP enables attackers to silently downgrade the SMB Signing settings on an affected system, causing either or both systems to send unsigned data regardless of the signing policy the administrator had set. Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. Doing this, the attacker can take actions such as adding users to the local Administrators group or installing and running code of his choice on the system.
96e6063a616fc74df791bacd1467819287ac6ed0f6d2d0080f21a501e53a28eaMicrosoft Security Advisory MS02-069 - Eight serious vulnerabilities were discovered in Microsoft VM which allow remote code execution via HTML email and malicious web pages.
f4af9d4c01a18e7ea7461b5d3985e9a101361a16870c806c84743c038cceefabWhitepaper called Hackproofing Lotus Domino Web Server.
e72c2b8f13fb6814be70f4f3f1c13a46b474daf15badd237d92bab4ce9ce1bbdPc-cillin pop3trap.exe buffer overflow exploit in perl. Return address is off a little making it a denial of service exploit, but could be tweaked to execute shellcode that downloads a trojan.
8243cebd28bc9dc9a0fc4bca0bc3789808f36fb517a6a3f0b81c499438776f38SunOS 5.6,5.7,5.8 remote /bin/login root exploit which uses the vulnerability described here.
762c482e53fa3ebd68fcb908fb91f3c8ff15e6d084aa07cd2ab6ce4ec51bf980HTTPda is a perl script that searches a remote site for forms, .cgi and .pl files.
a3a3bab1e06d96a25c57f97e38cf006c4f87a7a73c39b74655b5d7f80e29a0eaSendmaild.c is a local root exploit for Sendmail on BSD. Exploits the bug discussed in FreeBSD-SA-01:57. Tested on FreeBSD 4.3-RELEASE with Sendmail 8.11.3.
af378464c45ce674f69dcef1b241d4a304679c343fa1f55700fd04fe7f29c324Some information on the Common Gateway Interface (CGI).
8b26cd32cbd0a8326977f61fce8ef55d9a9016bc2750bd213be84e63a401d2b0/usr/sbin/chat buffer overflow exploit local exploit. Tested on Redhat 6.2. Chat is not suid by default.
f723fc7663cbe3a0175c84613c487f43811558694a530902e3c7948cc38375a8Libcodict is a user friendly "combo dictionary" C API developed in order to ease dictionary handling when developing open source security audit tools. Combo dictionaries are a different approach than the traditional plain dictionary with a user list and a list of commonly used passwords. When auditing a server environment, one of the biggest tasks are to remove all default users from old UNIX machines that never got any attention after installation. Using a list of default users and their commonly used passwords is the main idea behind this library.
633c06df61c744d927b6cde6a656b8f6c3da902f8993b3dc83e2cb0553597cd4IDScenter is a free configuration and management GUI for Snort IDS on Windows platform. Features: Snort 1.9 / 1.8 / 1.7 support, Snort service mode support, Snort configuration wizard (Variables, Preprocessor plugins, Output plugins, Rulesets), Ruleset editor (supports all Snort 1.9.1 rule options), AutoBlock plugin support (ISS NetworkICE BlackICE Defender plugin included, Delphi framework too), Alert notification (via e-mail, alarm sound or only visual notification), Test configuration* feature (fast testing of your IDS configuration), Monitoring of up to 10 files and MySQL alert detection (allows centralized monitoring of all Snort sensors), Log rotation* (compressed archiving of log files), Integrated log viewer, Program execution if an attack was detected, and more.
3a88ed36a87e041f420709ee0d0fae0a1a24a406dd662453951cce94c79db13bProftpd v1.2.7rc3 and below remote denial of service exploit which requires a ftp user account or anonymous access to the ftp daemon. Consumes nearly all memory and alot of CPU. Tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3.
b472b47d7f8b3395438de6ee5627449c27fa18d2e9476e8790d13d7b98047093Banshee is a fast lightweight mass scanner. Banshee can integrate with other tools like queso or xprobe to extend functionality. Features include port/rpc scanning, easily search-able logging, banner grabbing and more.
6615ccdb02fb1771bc0de830c3d08ed040754774c3a84c84bd5383ecf3940bc8Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here for details. The TAP subsystem received major updates. Ethereal can display more statistics, and several graphs have been added to Ethereal. New protocols were added and updated.
ae0ebc58d8c4e631f3858008aea7604efe33b9296a892f9427aacae760e2c0c8Linux/OSF-8759 aka Linux/OSF-A Virus Cleaner. This program will scan the filesystem and tell you if you have this virus. When the virus is found, it will disinfect the file and hopefully restore the file to its original form. Includes C source. Archive password is set to p4ssw0rd. Use at your own risk.
bff6edc14dc0194eb073936f634185f7312ae609cdfab2ed0dab3cba3f31596aTunnel Finder v1.1 is a proxy checker that can display information from a list of proxies by searching for proxy servers that permit the CONNECT command allowing an end user to achieve a higher level of anonymity. Checks for SSL proxies as well.
4b444f4daa486243ceeea5eb1bfd6d9673d0ea2cceed67a0a7c357c3a7562414Solaris 2.7 x86's sacadm has a buffer overflow in the processing of command line arguments. Perl code to test for the bug included.
3a600355f3aad555bb91e5d3bf28689c25c62071e1846b2ddf751c180bc9efd9A troll attack opens up many idle connections from one ip, denying service to daemons with long timeouts.
34a212adbe2cadf2e6f62b47ce0a718e4c9a5e3186e8484b0ab70d0f4c86da6cTrendmacro is a ISVW V3.6 proxy bouncer and banner grabber in perl. Grabs HTTP banners through a proxy.
aa43f1de04c24c95ac7e59e14e9bbd991950c0f67e3e3b38d7e84adb93926934Apache 1.3.xx / Tomcat server with mod_jk remote denial of service exploit which uses chunked encoding requests, as described in Qualys Security Advisory QSA-2002-12-04.
26c922cb94695de52658f3b16ebbeebff4426b27d96a6b5ee0ee308e4f190146Netbios Worm v1.0 is a simple program which shows how a worm can spread across netbios shares.
5537a2f48a21330e64b052695d14ffa0b6b83bfeb27f1a5920b8dbc6e6617e57Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing. Function reference available here.
e542ac10fc69358b71c76c10dd0673cf046d45a5dd590997990739ebf75ff405
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed