Amap V2.1 is a scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
a2fcff73f3df3c1bcf73d1501e95403b8c981c8c823a2d9d6763f52252bbb3ad
Multiple buffer overflow vulnerabilities have been found in FTGate Pro Mail Server v. 1.22 (1328). The SMTP server for FTGate has unchecked buffers for the MAIL FROM and RCPT TO commands that allows for a remote attacker to overwrite the stack pointer and can lead to remote code execution.
95f83e228cdce2e2eb8f46c216a792e6251d913be395c5a856648d63f75cb23a
Core Security Technologies Advisory ID: CORE-2003-0303 - Six vulnerabilities have been found in the Mirabilis ICQ Pro 2003a client that are both locally and remotely exploitable. Use of these allow for remote code execution and a denial of service.
0991a1824e78e4c8354e6a13a23e4dcb0744e6f23f88a6827fb82c4a80bcd380
Kerio Personal Firewall 2.1.4 and below remote code execution exploit that makes use of a replay attack against the channel for remote administration. Tested against Windows XP SP1.
3ca9f3eea820f2361bf7253796cca6fd61159fdc6ca8ad10ea7dabecfed4483e
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
b5be5bfa828be1c68450348d02809caf817e12c59cdcf0ec56bdc7565e5b200c
OpenSSH <= 3.6.1p1 user identification remote exploit shell script which tells you whether or not a user exists by using a timing attack. Accurate against Redhat.
7cbb2545e6b122031cbd298d8d2d101b7363a0226a88a977a69b64ab2dadea68
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
2f92e31dc859835ac31579a09caf9af18f6e7780da3a77274ad367a809014f13
Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over a thousand remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
f781412191baf12ef79ac3cdaec2132fe5e8e0d619b6c7eed2afd923de116151
Smtpscan is a tool to guess which MTA is used by sending several "special" SMTP requests and by comparing error codes returned with those in the fingerprint database. It does not take into account banners and other text information, that cannot be trusted, only error codes. A document describing the fingerprinting method implemented in smtpscan is available here.
fd101022e24513e478b7c8169c469c2fa7f54c516e188f035c355c73619ccc6a
Local root exploit for the bounds checking vulnerability found in the utility youbin.
87875ae0421b2986889e445fb60844fbfbac8b79aed78b2e768d51ed7601cfdf
youbin, the utility that acts as a network version of the utility biff, has insufficient bounds checking that allows arbitrary code execution.
246db609e0835a2434298e984b43373b3bfa91bc54ee98a12910070f03a1b529
NetBIOS Enumeration Utility v3.1 is a utility for Windows which can be used to enumerate NetBIOS information from one host or a range of hosts. The information that is enumerated includes the account lockout threshold, local groups and users, global groups and users, shares, and more. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP.
d390a60dc40079e73d75a5813205ca3aa54cbd4c652fafbfe4d8ac908693a87d
A vulnerability exists in the TFTP protocol implementation of the Polycom 6100-4 NetEngine 3.4.8 ADSL router that allows a specially crafted packet to cause a denial of service.
636954b85ab294d8dcce6f31fecbf299025c1efb2b2951a83fc60d8d7d0db2db
A simple and versatile sniffer utility to monitor ports 21 (FTP) and 110 (POP) for quick accumulation of user and password strings.
847db033bdacbf08f6a22d1dd2fbd88f7df4a357677aad3960d6352d6ba97e8e
Elf binder v1.5 will bind a tar file to the end of an executable. It will then untar the file in /tmp, run the installation script, and can be useful for automation.
7c68d9e3a950633449b73b3e7cc149f45eb56ccbd2ba6ed0f2f1cd101337429c
Disco is a passive IP discovery utility designed to sit on segments distributed throughout a network and discover unique IPs. In addition to IP discovery Disco has the ability to passively fingerprint TCP SYN packets to determine the host operating system.
6183163d79bc3366a35a626ce453925b5247312d90899d9150635d23fbcafe33
Ettercap 0.6.a is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
db1a6ae82d6e080ab1f7610b55e7a71d84a293f014601598cbc40be203191a91
L33t Cereal.
0f6cdd33ccc1647712dbe24f469c1dde9dfd911389e33e3620c314514c39525e
Whitepaper discussing cracking basics.
3da459b607b000828f4c5f52483c9fa63dcd11949b7f79f0e54d8ec5ec13d329