Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
1fa1703c34c1e615e7bcfa6d847c612795623e8bc52d36b15a8846c391362248This Metasploit module uses QEMU's Monitor Human Monitor Interface (HMP) TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04.
31bb8b20fecf053ea400a06b2e8d39f22d910c3d0025edb6108fcff42b5aa6e0GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
d62669a8f41e078eaa220ce77a32f4f3f801e3099357ae8c705498fe73884ec5Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.
7dd9706d9d60f259d8e6ef790111d2ef99c07abddaae6debfdc64b5c0856ce2f330 bytes small Windows/x86 reverse TCP shellcode that connects to 192.168.201.11:4444.
12149f06ca22bb6ea072202a3c3d714fb9e0922026292c67e2fc3c768fa2b30fSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4a8101d820e391a210f836d8cb8fc953fc835a3ca83173448ab294811eb348ecCyberArk's Credential Provider loopback communications on TCP port 18923 are encrypted with key material that has extremely low entropy. In all currently-known use cases, the effective key space is less than 2^16. For an attacker who understands the key derivation scheme and encryption mechanics, knowledge of the source port and access to the payloads of a given client-server exchange are sufficient to reduce effective key space to one. In cases where the source port is not known, the encrypted payloads will be unable to withstand a brute force attack. Additionally, the user identification mechanism used by CyberArk's Credential Provider is vulnerable to a race condition where an unauthorized/unprivileged user can submit one or more encrypted query requests. If the race is won, the attacker will be able to retrieve sensitive information including passwords and password metadata. Versions prior to 12.1 are affected.
7dede6bcc7b3021a2a5c5df1eb3c7bc0663ae7d954677866d63352936b9f568aNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
064183ea642dc4c12b1ab3b5358ce1cef7d2e7e11ffa2849f16d339f5b717117The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.
817d39612fc53f7a2ee93673d737d89c13b73c3517209d386b6ada61eca137bbLinux/x86 egghunter reverse TCP shell shellcode generator with dynamic IP and port.
f381e9e627457c622f41f2e0f02fd7275a109fbf7c64277852a12fa68a12f383This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.
0516b2a0dc860ebf19e63ce4021cd59c81f89b4c0605fd9ecea4c32742d682e0Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
5bbc850a274b933a4e8b0ac7d5bc8b0527c3eddbaee7f8a9389c284f27a6fe1486 bytes small Linux/x86 reverse TCP shell with dynamic IP and port binding shellcode.
098ad2f853874de86f3c54be8fe5f0603e48dcd1deaae5ff49d0f3c6ecd04c34Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bdb8a6488b759fe95ceeebf88694df69fbc77cb5b2be1390f21cfe378daef97eGlobal Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
70fc96e2f1e0cd752068e94fb4f37b3f19d670243921f76b0f2114578151f1e3A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication in order to connect to the respective TCP ports and perform different privileged actions. SAP Netweaver JAVA versions 7.10 through 7.50 are affected.
805643e688fbee4c048d322779d58d6f9b53b1939424fabfb2fd739907f62af5CHIYU TCP/IP Converter devices suffers from a crlf injection vulnerability. Versions affected include BF-430, BF-431, and BF-450M.
e7a596a59cae5f2c12a480ba0005a90bec441a27f46a82c5481c45eb383eab21Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
512c31ebafb9013dfaf82b0123e088f976d3c1b57658ea60a7c8825a1c4bf7c7Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
5d6beae72888b5b7c4d4d6bcef2c37256c736435fd1b08ff642ee4c60a310ea5Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
ef8eb970940d435e07001fccf2ac210f539a9bb09ea1ef146c5f6ff4cc15a402Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6bGlobal Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
70fae385cd6c9bbcc73c17efabd236f0a0bfe00d11b0c9360651ec7e4baf42c2Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
0dd41d5c99202fa4387bb5b9db7ce55236fc913b65e3a9fb58f697d3480f14efBackdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.
2f11b22f4a81eedb7df75e8958cdd82cecb3055d43ca8789947305c47f9b576a142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.
333530589c154018011a1ee45adb6102c069fc8e7b0ef4eaecdb98fd693c95d6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed