TCPStatFlow is a tool for network administrators which detects covert network tunnels running on ports which are accepted by most outbound firewalls by sniffing the network and measuring the symmetry of the data sent. HTTP / HTTPS / FTP / SMTP / POP3 protocols send much more data one direction than the other, and if a ssh server is set up on these ports, this tool will detect it by noticing that the amounts of data sent don't look like the protocol which is supposed to run on that port.
edb152cf1f06f1962ff42720fbff6cfbd9daa4d1d85ea1d53115ce88c1b4b64dThe Distributed Checksum Clearinghouse, or DCC, is a cooperative and distributed system intended to detect bulk mail coming into a system and will reject it.
2f476de13060b278cb221d669067e66c09195b7dcecfec7dcc04ef5cfee1d3d0CryptoFS is an encrypted filesystem utility for Linux that makes use of a normal directory to store files encrypted.
ae2f691a9721e9208cc390c6d006895155fc2518ad2da913cf5ed1c0c1674fddNetwork tool used to grab IP traffic and keep track of data counts. Makes use of libpcap with a network interface card in promiscuous mode.
ab75c578a74824c7ab52a814a16237cb83af9f0389b8ed8e2ef897b019c54aabWifiScanner is an analyzer and detector of 802.11b stations and access points which can listen alternatively on all the 14 channels, write packet information in real time, search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. All network traffic may be saved in the libpcap format for post analysis. It works under Linux with a PrismII card and with the linux-wlan driver.
2922011841b10545e3600b736c01294e263378a69b8cb0786618609b7add895aafick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
a9418042c3490f68bb352a42942e86fffb10c67a8e8be9dc065aa60b8d9a1ebcRkdet is a small daemon intended to catch someone installing a rootkit or running a packet sniffer.
70566370454539579616899488fd4883ab43de0eba344590afd540a01ddd50b6Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
4923561c01a4c32b8a2d4f42772f5d3002c1c22b849d7cbf665111013dba4682THC-Secure Deletion v3.1 for UNIX is the latest release of van Hauser's suite of secure deletion and overwriting utilities. Included are 'srm' - secure deletion of files
84723b3bc93dbba5d4c86c232ca6c84566ef1cbf281823588a7b902a539b70acA thoroughly written paper that covers the discussion of SYN, FIN, Null, Xmas, Idle, and Zombie scanning. It gives strong compare and contrast insight on methodologies to use when determining open ports on a host and remote operating system detection. It shows example scans and discusses IP enumeration along with the utilization of tools like hping2 and nmap to dig deeper.
94fdfe8c27434702f45ddf6f796fca9e7deafcac818de86e1ae4dce9246bcc94Remote exploit for mod_gzip when in debug mode for versions 1.2.26.1a and below. Yields user id of the webserver. Tested against RedHat 8.0 and FreeBSD 4.7.
84af6d61c9fc50f2b274b91ce6e52fe5474e910aad12553f3e47926b21d32e6eWith Distributed John (DJohn) you can crack passwords using several machines to get passwords sooner than using a single machine. The cracking in itself is done by John The Ripper and djohn's server (djohnd) divides the work in work packets and coordinates the effort among the clients (djohn), which are the ones who do the work. Readme available here.
706959c41a8c5af41dc7bece54cd562282a245ba2029979c068206628158b55bOpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here. Also works against OpenBSD v2.x.
02d1b6e6fd805a42150e80b21f685c51c4db5a62cb4d1d9e22b42e2992724a5cIA WebMail Server v3.1 and below (iaregdll.dll version 1.0.0.5) remote exploit in perl. Tested against Windows XP Home SP1 and Windows 2000 Pro SP4. Included shellcode downloads netcat and spawns a shell.
46b9847fb05761825572db77b563585c6c829d08fe1ddd7ba09ddacbc98ff73bWith Distributed John (DJohn) you can crack passwords using several machines to get passwords sooner than using a single machine. The cracking in itself is done by John The Ripper and djohn's server (djohnd) divides the work in work packets and coordinates the effort among the clients (djohn), which are the ones who do the work. Readme available here.
f1a63546aef80577490d25c91d94da6e0845e55278f8c4aaa35ff85e14ecab30Dazuko is a kernel module which provides 3rd-party applications with an interface for file access control. Useful for on-demand virus scanning, as a file-access monitor/logger or external security implementations. It operates by intercepting file-access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the kernel module to allow or deny the file-access. The 3rd-party application also receives information about the file, such as type of access, process ID, user ID, etc.
1ef829a3436cfc5494c895c4a054b9ef9df8ef3b6a60daad6b7e1379717ca70dMod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. In addition to filtering requests, it also can create Web application audit logs. Understands regular expressions and POST payloads and runs on both branches of Apache.
7f4114a4d7b2e7b8ab0bdd6fbdf6d1caedaf7212fb4e0e943edcb73c5b0d8d4dRenAttach is an e-mail filter/processor which runs from a user's .forward file. It is designed to protect end users (particularly those using Windows) from malicious e-mail attachments. It does not scan specifically for viruses, but rather renames e-mail attachments so that they can not be accidentally executed. It handles both UUencoded and MIME-encoded attachments. It can be used from within sendmail, postfix, procmail, or pretty much anywhere else.
b18b17b7a99ab8ab472976a76d69a1001caa47cb921d48c33d8d4e48b1483b52Cyclone floods a victim host with UDP packets on a user specified port.
bfec24b2894a36df29f47b8ed1e00f731fba39f9c1c521d6761a39ae553f6a58Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It includes HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs. Supports 18 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Cisco Pix.
c7f283d96c2a7f1fe0ac0419e299b027c11711a8a41959e483161e2c90b361dcRolis Guestbook version 1.0 is susceptible to php injection cross site scripting attacks.
79e815ebb7be676e76426a0e17297e327cf6c44d0c6d1dacc79e8088de2b8dc8phpWebFileManager version 2.0.0 is susceptible to a directory traversal attack due to a lack of input validation.
11a43dc0602f1582c83e6543b3980c8c54dc65ad457fb56add731e8860a3b758NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.
852c4463ccb97a58ecaf9041db4c846ee003660cb27e1d5da9855d1d9bf1cbe7pServ 2.0.x Beta webserver remote exploit that makes use of the User-Agent HTTP Header buffer overflow.
5c7a46786ee5ec0c5d78688145e1527fbd30b89d6df3a01b81f5ebb54be1a36dAtstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.
cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed