Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes. What make strace different is that is hooks every system call instead of just selected ones, giving you an excellent idea of what the process is really doing.
5b2735e8141907cec5bb50ae17592fdf8c75adb0f42aca5d7b807a20a63e6166Ngrep is a powerful network sniffing tool which strives to provide most of GNU grep's common features, applying them to all network traffic. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. Windows binaries available here.
e9d9d26303caf0afbf330d2a1c89771c07199d6b58eaed6cba9e25184de356c4Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
9db900b88bac67205c493bfdf4780d55020f71d6cf69ea0fd2a01fa148619d7eNCPQuery is an open source tool that allows probing of a Novell Netware 5.0/5.1 server running IP. It uses TCP port 524 to enumerate objects with public read access, disclosing such information as account names, server services, and other various objects. A remote attacker can gather the equivalent information provided by the console command "display servers" and the DOS client command "cx /t /a /r" without authentication. Includes a Win32 port.
354012e902e80df46b1bf28adfc90559ba18f2db45bf019a1b8745c756211795Teolupus OpenSSL Exploiter is an automated OpenSSL vulnerability scanner able to find, log and exploit a server "without human intervention". It is based on Nebunu apscan2 but has much more targets. Includes openfuckv2 and openssl-too-open both with more than 130 targets.
ce85e0330ac595ce313685f1e0d5ef79db96eff660b53e1cdb8a6938e169de1cIwconfig local proof of concept exploit - Causes a seg fault. Note that iwconfig is not suid.
867f82eb7dcfc7a51d785f60e5b6f4bdc86928b16aa0629292f6687d0fe23112p0ly.c contains a sniffer, syn flooder, deadly get request attack, and a port scanner.
1c92866c9ec70598ddaaf0956078a1c81f695aada02ee44438e06f76ae3083a7Small ICMP based backdoor and DDoS slave + master. In German and English.
650e68d37c407e05229b2b7179a5778c05c7cf7efc35ddd259732a9ed2f2d190Novell iChain prior to v2.2 SP2 beta contains multiple remote vulnerabilities which allow user session hijacking, denial of service, and possibly system compromise.
42d46c7a7fbdcf02338f099cde864377864379a43e501bd4158132aba1fa01dcAOL Instant Messenger prior to v5.5.3415 contains a buffer overflow in the CCertsByUserName::Cleanup() function which can lead to remote code execution. Can be exploited via HTML web pages or email via long aim: URIs. Fix available here.
658bc232448de8aa479f016c69377dec0c4df2e3dc1edc3e917f281631ca4178Proxies by Fris - Documents different uses of proxies, proxy related software, and IP ranges.
680c7006ca1f36118af72c2255491223671740387b59e1579136275734c4985dDeskPRO v1.1.0 and below do not adequately filter user provided data, allowing a remote attacker to insert malicious SQL statements into existing ones. Allows attackers to login to the system as an administrator without knowing the password.
983ccb3475e6d82e382857c1d96466127ac14546a3310ec3ddb85f10f737178dNtbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation - standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
899ef5eaa62de197df74c60aa27e94f9f84b18f384f3eaa0a52cc07eb0ef9ce4RealOne Player v1, v2, Enterprise Desktop, and Desktop Manager, and RealOne for OS X all contain tempfile vulnerabilities allowing malicious local users to escalate their privileges by manipulating URLs or embedding scripts when RealOne launches the default browser. More information available here.
09826df6449dbec705262c498b3ea583bd519f6074f2fe41812f7380fc5249aeRedfang v2.5 is an enhanced version of the original application that finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
7cf45008810ca894b085ae0eb1a0071f0cb6989dd9ce35cfcd617fedf7018c7fGeeklog v1.3.8 and below contains a SQL injection vulnerability allowing malicious users to change passwords on arbitrary users. Fix available here.
f4ee9373590cb6d8633e3248d2a3a4fc32f197cea472b03b6dc1968bd6294f8dcpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Fix available here.
38a5f115f7ff25fa54a8cbaece68467108a84c1f858b98478337d930a03652d9Atstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.
47be7130d5351ee1e6a51c87a74d5a02b3e5f28749ce4d47d3f097a00a9f49bdBytehoard prior to version 0.7 contains a remote directory traversal vulnerability which allows file access. Fix available here.
760815350b650ce7eb514ab12b531b4c537b4bedcea9a916151c97bbdecab0deFetchmail v6.24 and below contains a remote denial of service vulnerability which can be exploited by sending a specially crafted email. Fix available here.
e79612b16d2c2e8069f5a46e09f2cbb86dd22b2c2310ff8597675222ee5ca969mIRC v6.1 and below remote exploit which takes advantage of the bug described in mirc61.txt. Creates a HTML file which overflows the irc:// URI handling, spawning a local cmd.exe window. The exploit works even if mIRC is not started - The HTML can be in a HTML email or on a web page. Tested against Windows XP build 2600.xpclient.010817-1148.
4cd0bf42beaab24a9681b6932162eb72775c3439db6704c72c2c8e2f9991b043Remote denial of service exploit for the Microsoft Messenger service buffer overflow described in ms03-043 which causes the target machine to reboot. Includes the ability to send the packet from a spoofed source address and requires the remote netbios name. Tested against Windows 2000 SP4.
e48b844bc994ff34f0e2029f0cb487338b88afdd156b72483f465c14da1a3d48
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed