LogIDS 1.0 is a real-time, log-analysis based intrusion detection system able to analyze log files from various sources, and can be used with LogAgent 4.0 to supply these log files. This utility allows for a user specified formatting of each log file it utilizes which then enables an end user to define rules for each of the files given, resulting in one single interface to analyze and display all this data gathered from varied sources, IE. Event Viewer, ComLog, antivirus logs, personal firewall logs, Snort logs, LogAgent 4.0 Pro Logs, ADSscan, IntegCheck, just to name a few examples. The interface is also pretty innovative as the GUI is a logical representation of your network architecture, where each node possesses its own window where logs belonging to it are displayed. Sounds can also be emitted for alerts and warnings with this utility. Screen captures are available here.
3a616f0662f050dc9454ba032a5901b1138d75260cdf615c4105679e49492880
b2 cafelog is a blogger system that comes with the b2-tools directory. The PHP scripts contained within this directory allow a remote user to specify input for a variable that in turn allows for remote command execution.
303e14dc96189722767c93e3ea40afeaf693f6f8d289af86f1945f615d437766
Geeklog version 1.3.7ar1 and below is susceptible to multiple vulnerabilities. There is a SQL integer manipulation flaw in the authentication script that will allow a remote attacker to get administrative access and there is also a lack of error checking when images are uploaded that allow an attacker to upload files with php code that can be used to execute any command as apache user on remote server.
b929f64a82369714c4e73c1aa6713942f4e3fa31bd56ba1f5265811388f21c2b
The Goldmine mail agent can run arbitrary code via a malicious formed HTML e-mail. It does not even run the email in the 'security zone' as does Microsoft Outlook, but passes anything that looks like HTML to be executed unrestricted directly to the default Browser, which for many is usually Internet Explorer.
1b72a78af77f5a6ac40daf2d853841dc47e50923fa1bb291243b012faeec5599
Baby FTP server version 1.2 allows for a directory traversal attack that lets a remote attacker view any file on the system by using non-standard characters with CWD. The server will also crash if multiple connections from the same host occur.
f2693ad95d364c41a545acb6d6743c838069082815811187534c4de54b7b073d
Webfroot Shoutbox v2.32 and below suffers from a directory traversal and code injection vulnerability that allows a remote attacker to view any file on the system and the ability to commit remote command execution.
96dae25093b042b892ea5293b33240d84967d48cd1aef6c7743870e4dd15cf1e
Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.
67114ae0520ebab576e477197853235affe77007a602ac27dc47708e61cc7c11
This tool is a log file monitoring and centralization tool. You can use it to monitor the Event Viewer logs, and ASCII log files from just about any application, including, but not limited to, antivirus, personal firewalls, ComLog, Snort, etc. LogAgent 4.0 also comes with 2 companion tools that are ADSScan and the combo HashGen and IntegCheck. ADSScan is an alternate data streams scanner, and HashGen/IntegCheck is a MD5-SHA1 file system integrity checker, or also known as a host-based intrusion detection system.
d2cf59adf7aa0cd3186bf9ff062ee27043fd5b8d2286aed46d27b96a616c008a
This tool is a command prompt (cmd.exe) logger, useful for generating intrusion evidence that was previously unavailable. With this tool, you can log command prompt sessions be it from the console, a compromised IIS system or through a netcat tunnel. Working a bit like a wrapper, ComLog takes the place of cmd.exe and passes the commands to be executed to the real cmd.exe which is renamed cm_.exe. Version 1.05 changes include MS-DOS icon added to the executable, and better camouflage to avoid detection by the monitored.
ace19f02d040949d4cffa6040cf70cc0e5f3a1f3b3e71d7dfd20cba25e0cecf8
KRIPP is a simple and light-weight network passwords sniffer written in Perl, which uses tcpdump to intercept traffic. Can sniff and display ICQ, FTP and POP3 passwords.
4db6cde02174f0913d0156f57e87d4c43980abd566c7eae2e31b852900f9652a
Updated version of a utility that removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
553849b50859a2ec31d02ea337e149add5e80f08a06bab161ebfd2faf978f052
libShellCodes is a library that can be included when writing linux/i386 exploits by providing functions that generate shellcode with user given parameters during runtime.
0f28982460de87d8f62063ea85d013e4d223262515b2f99aece144bbac5ce5a6
The SunONE application server on Windows 2000 suffers from multiple vulnerabilities. The server allows a remote attacker to view the source code of JSPs, only logs the first 4042 characters of a request URI which allows an attacker to hide their attempts in the last 54 characters, has a cross site scripting issue, and has the username and password to the administrative server kept in clear text in a world readable file.
8e810afd7ea6e1de914b7fc988eb5076641d865e4b488deebe6df42e66995334
OpenSSH 3.6p2 backdoor that logs all logins and passwords to a file. Original backdoor ported for 3.6p2 by ajax.
fc76952bae7a43cd39e265c73a1991f607bdef141017d52a421d6f5ade742d53
loaded version 0.21 is an IPv4 load balancer for Linux. It requires netfilter and the QUEUE target enabled in the kernel.
289bf4facdf46653729a2bdb276ddbe1c97e51adb9d403a39f2cd8e30e4643c6
guess-who version 0.44 is a password brute force utility for SSH2.
214fd24fdc31ce0ae27321085714876bb3c2d68ef8c3cd97400ae0dbb86f3d8a
Amusing addition to the vulnerability found in the Axis Network Camera HTTP server. Apparently the de-facto e-mail address for SMTP alerts is set to mail@somewhere.com and if this feature is enabled without changing the destination address, somewhere.com gets some very amusing insight as to what is being watched. Original vulnerability information is posted here.
225016262e5a5cb529003c7be0a202c691267391dccb9c88e1e937a94f4e7f81
Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.
4cec04e283e741382af7d9e0df4bd761c6f1056aebdaed02bb1f8e78709d07fe
Nikto 1.30 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
9401d5ecd4143566eceebd085ced7e6cf9f66f2d489c0cc1739d4f948b8ed757
THC-RUT (aRe yoU There) is a local network discovery tool developed to brute force its way into wvlan access points. It offers arp-request on ip-ranges and identifies the vendor of the NIC, spoofed DHCP, BOOTP and RARP requests, icmp-address mask request and router discovery techniques. This tool should be 'your first knife' on a foreign network.
f41eda1909b90b1e54ab9977d800ab9eacb0016df82f2180d5a8da02b160d2b1
orbs, or Omniscient Remote Banner Scanner, is a fast and light-weight banner scanner with features like telnet negotiation and HTML output.
587587b93efbe2e955a8e2922e5771b538225af31eb2a6d241b989f651143547
Remote exploit for a buffer overflow in the Gnome Batalla Naval Game Server version 1.0.4. Gives user id of the account running the game server. Tested against Mandrake 9.0.
cde6233cf7588be614a0ea2f37489285004f595d61eea69313054f376fa2ca78
bnc version 2.6.2 and below suffers from a denial of service vulnerability. Armed with a valid login and password, a remote user can kill the daemon.
df9ba77e9a022c665d0476f11eddc0d54a32d3a4c2c210cd53987e9a5bed8326
S 2 1 S E C Advisory 017 - The Vignette Content Management and Application Portal software is vulnerable to a remote attacker accessing the SQL database without authentication by modifying a cookie. Affected versions: StoryServer 4 and 5 and Vignette V/5.
71e86e2b59d1310641859df7e5da7efd9c2cdd6dcc72e7971a5e708a03dbdc31
S 2 1 S E C Advisory 016 - Vignette Content Management and Application Portal software has a vulnerability that allows a remote attacker to inject a server side include that could lead to remote command execution. Affected versions include, but are not limited to, StoryServer 4 and 5 and Vignette V/5 and V/6.
6e683b01ef73501f7cca1af2773c0055d0e02e01749b77df85c5932c64cee74a