Nsat is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more. Unlike many other auditing tools, nsat can collect information about services independently of vulnerabilities, which makes it less dependent on frequent updates as new vulnerabilities are found.
2ece807b3240a6e91ea88fd84c470a87de711c33554b231e071549388cb65114
Multiple platforms ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory due to poor programming practices. Several implementation methods are discussed in this white paper.
daec269b3fe04ddf8ce145fdfc529beb7cb202da14e9fcd184457b800d6f711d
Atstake Security Advisory A010603-1 - Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest method to implement this attack is to send ICMP packets and watch for kernel memory in the replies. PDF report on this issue available here.
08e892f8893b2271d8dd4a438785fa2838ad83e1bafff8e9b8f1aa5864ceb555
Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.
6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
The Platinum FTP Server v1.06 contains remote directory traversal vulnerabilities that allow denial of service, list any directory on the server, and possibly arbitrary file deletion. Denial of service exploit in perl included. Fix available here.
a8bc055674587d2f973081399e32d98230ea6742287042f8447672f8eb93bdab
Web Hack Control Center is an administrative tool that scans web servers for known vulnerabilities. Scans HTTP and HTTPS (SSL) servers, and it's exploits database contains over 2000 vulnerabilities. WHCC can be used as your primary browser or be launched from Internet Explorer.
33d8a7f67d68d7b9bb1747928535b6f0c6136b488f2dc1db617225dd5eaf0618
NBTdeputy register a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. NBTdeputy helps to resolve IP address from NetBIOS computer name for Windows XP and .Net servers on your local network which have ports 137 and 138 open, similar to Proxy ARP.
2eba418c4b2d590c4781fe38d65790172790412c30c995b841e579c4d877254c
oOps.c grabs hardcoded strings from binary files. Shows rootkit passwords and other information that is encoded character at a time to avoid binary examination like the strings command. Tested on Linux.
6ec922e0fecc9ff438d329269c632e0bdae94a19c0a176bb42b7160fa0bb0f73
Talkd spoofer for NetBSD. C source.
1281b7f5312ba6c1278583d3d9869e9ebb91d98d461e36822570eb0dd56b2f21
Remote root exploit for Solaris Napalm heap overflow - SPARC version. Tested against SunOS 5.6, 5.7, 5.8, and 5.9. Attempts to add a root shell to inetd.conf.
31f1d3a448b985faea7b24302d4c77d14c5872c6dedf6a8acaba2c2b9b0d7b07
OAT v1.3.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.
f74397f5dff0d95279b307a2fc6334c3acae4a79d5a794fddf202a2e0033b02a
Guilecool proxy scanner and checker C source. In Italian.
76ae99e840ad52b05ecadadb10e938560cfd6d8a347a487395f17a5e1faed327
Aix433noflag.c exploits a weakness in a function in the AIX kernel which handles the in/outgoing network connection. Setting no flags in the TCP header, causes a 100% CPU usage (DoS). Tested On IBM RS6000/SMP-M80/4) on AIX 4.3.3.
a38f534a17a16d987ae40a6df45fa023e0d3bbf7156c1c7f2d2dd9f526400a09
Guptachar is a remote administration tool which works as a web server - it can be controlled with just a web browser. It has an inbuilt keylogger and an IRCBOT feature. It's tiny with the server executable being less than 50kb in size. Comes free with sources. Archive password is set to p4ssw0rd. Use at your own risk.
60601505f4749ce58674344f78e0287142c691293ea10bcbb243e567948e5830
Efstrip is an exploit for the efstool vulnerability. Unlike other exploits for this vulnerability, Efstrip is robust, doesn't need a wide range of attack options, and doesn't need brute forcing. It actually ./works.
a0fa492bfaf986c0a0bcba194d566ba90078b5c1cf124df1293a16b9fb3336b6
Nikto 1.23 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
729c6820976fe10cb68bb6304f78a8d6c989af43db2867765d76bb8203121b2b
OpenBSD and NetBSD LKM which hides files by patching getdirentries().
281adc79edc85e83c7b2c663fcc68dfbea7fdb717f4948665d758518e709e6bf
The S8forum v3.0 allows remote users to execute commands on the webserver. Includes exploit instructions and patch included.
30057e99c24735c79779fce73a458ca76ecbcde0426e92f90b9db9f2e1b9e561
WIDZ version 1 is a proof of concept IDS system for 802.11 that guards an AP(s) and Monitors local frequencies for potentially malevolent activity. It detects scans, association floods, and bogus/Rogue AP's. It can easily be integrated with SNORT or RealSecure.
8f8488eea9838a824c0a830e09fb3cac0fd6fbd51a0708fb1eaebae8e6f21294
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.
7095ed29a6c8a81a3fca314c6b294d6ebb1c02d908420a63418cb5720eac98be
Cups v1.1.17 and below remote exploit which spawns a shell as lp. Tested against Gentoo Linux with cups-1.1.17_pre20021025 installed.
fd6664e13f9fdddcf6bf6c5f5bab39ed00c719fa6c0d965f76c0958998152656
Packet Storm exploits added in the year 2002.
0617e2f7ff24aef4e0c4e755eeb45ef4355b511518c82177d4b919df913c02b4
Packet Storm new exploits for December, 2002.
1555cfd70d17661ea949de42f155f2a9ca2fa215c4751d4829806a8dbb83647d
Mysqlsuite includes three tools which take advantage of the vulnerability in check_scramble() function of mysql described in mysql.4.0.5a.txt. Mysqlhack allows remote command execution with a valid mysql user and pass. Mysqlgetusers allows you do a dictionary login-only attack to find other users. Mysqlexploit spawns a shell on port 10000 on vulnerable linux mysql servers with a valid mysql login and pass and writable database. Fixed in Mysql v3.23.54.
5c2113bbb28fb3db28e5790a86c03b3c83871154d3a6e756b9d3bbcc18b27f48
This perl script recovers passwords out of unix swap files. UID or GID 0 required to read swap files. May be useful for finding passwords that were entered into the wrong machine. Tested on Red Hat 6.2 - 8.0.
315c8a7d3c4ad00dd5237ad5680f7641193fef637e8a4c7cae7904511b9cc7f9