Archives Services Contact Us Search


See our backend page for how you can include this list, sidebars etc. on your site!

DoS-Linux.tar.gzTue Jan 4 00:50:23 2000
Remote denial of service attack against linux kernel 2.2.7 - 2.2.9, in perl. By misteri0
syslog-ng-1.3.11.tar.gzTue Jan 4 00:50:16 2000
syslog-ng as the name shows is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Changes: Some HP-UX and tcp related bug fixes. Homepage here. By Balazs Scheidler
imp-range.cTue Jan 4 00:50:09 2000
Tool for scanning networks which generates an list of IP addresses between a starting and ending ip. By Shake
cgichk1_36.cTue Jan 4 00:50:02 2000
Y2k fix for cgicgk-1_35, which would return false positives on any server with a date of 2000. By su1d sh3ll of UnlG
winfingerprint-222.zipTue Jan 4 00:50:01 2000
Winfingerprint 222: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controlller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes. Changes: -m (mass scan) now outputs in framed HTML. This makes the output from large network scans useable for the first time. Homepage here. By Vacuum.
filetraq-0.2.tgzTue Jan 4 00:50:01 2000
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups. Changes: Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. Homepage here. By Jeremy Weatherford
iMailv5.txtTue Jan 4 00:49:22 2000
On iMail Server 5.0 for Windows NT 4.0 SP 6a, a malicous user can read and send emails as any other user on the system. The issue lies in how iMail handles the creating of new email accounts, and how it stores them. Exploit instructions included. By Simon
suse.majordomo.txtTue Jan 4 00:49:15 2000
The mailinglist software "majordomo" was found having several local vulnerabilties. However, the licence of the program prohibites us providing a fix. You should either remove majordomo or trust your local users until an official fix from greatcircles is available. SuSE security website here.
localscan.tar.gzTue Jan 4 00:49:07 2000
Localscan is a Perl-based frontend for nmap. It allows the user to compare the results of an nmap portscan with the results of a previous nmap portscan made when the subnet or IP range being scanned was in a "known-good" configuration. Essentially, localscan allows the user to use a portscanner and ask "What new ports are open?" instead of just asking "What ports are active?" Homepage here. By Dylan Greene
SuSEcompartment-0.5.tar.gzTue Jan 4 00:49:07 2000
SuSE Compartment is a program to build secure compartments for running untrsted/insecure programs, and has got the usual uid/gid setting and chrooting abilitity, but the nice thing is the easy access to linux per process capabilities. Homepage here. By Marc
find_ddosV2.tar.ZTue Jan 4 00:48:52 2000
Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client. Changes: Detects TFN2k. Homepage here.
sos.tgzTue Jan 4 00:48:51 2000
Socks Scan V 2.0 - Scan a host for SOCKS servers. Includes the SOCKS perl module. By Icehouse
elza-1.4.3.zipTue Jan 4 00:48:35 2000
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicring browser behavoir almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning. Homepage here. By Phillip Stoev
TFN_toolkit.htmTue Jan 4 00:33:02 2000
Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit. Homepage here. By Randy Marchany
stacheldraht.analysisTue Jan 4 00:25:38 2000
The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents. Homepage here. By David Dittrich
CA-2000-01.distributedTue Jan 4 00:19:35 2000
CERT Advisory CA-2000-01 - Denial-of-Service Developments. A distributed denial-of-service tool called "Stacheldraht" has been discovered on multiple compromised hosts at several organizations. X-Force released a paper on trin00 and TFN. CERT DoS homepage here.
ezwfw.isoSun Jan 2 11:33:53 2000
The SPIRO-Linux EZ-Way Firewall allows you to setup and maintain a firewall easily, and without much strain on resources. It can be set up on a 486 with 8MB RAM, although a much more robust system is recommended for larger networks. This is meant to be a drop in replacement for the expensive and restrictive Firewall products available on the commercial market today. Homepage here. By Rick Collette
aide-0.5.tar.gzSun Jan 2 11:27:58 2000
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with. Changes: MD5 sums are now correct. Users must update their databases; they have false sums. With hash library support, you can have many more hash algorithms, and many bugfixes have been made. Note that the author's PGP keys have changed. Homepage here. By Rami Lehti
squidtaild.2.1a2.tgzSun Jan 2 11:20:56 2000
Squidtaild is a Squid log file monitoring program that will crosscheck new access.log entries with user-defined filters and report all hits (using HTML pages, email, or winpopups). It is ideal for schools and businesses that wish to monitor their Internet activity for policy violations (that can be custom generated). Changes: This complete Perl rewrite of Trailer is faster, more flexible, and offers more options. Homepage here. By Stefan Folkerts
psftp-0.15.full.tar.gzSun Jan 2 11:14:46 2000
Psftp is an FTP client that uses ssh 1.x as its backend. Thus, all file transfers and communications using it are encyrpted and secure. It provides a command-line FTP interface on top of scp and ssh. Changes: The ssh interface code has been rewritten (this should speed things up tremendously), auto-detection of the authentication method has been improved, history is now saved, remote file completion has been added, and some misc. bugs have been fixed. Homepage here. By Nadeem Riaz
nmap-2.3BETA12.tgzSun Jan 2 11:07:26 2000
nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode. And you don't want to have 10 different scanners around, all with different interfaces and capabilities. Thus I incorporated virtually e very scanning technique I know into nmap. Changes: Interactive mode which allows you easily launch multiple scans (either synchronously or in the background), random scanning order (to evade IDS), a option to scan random IPs, and rpm fixes. RPM available here. Homepage here. By Fyodor
aps-0.12.tar.gzSun Jan 2 11:07:17 2000
Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. Changes: now able to filter a port-range and able to print packet statistics at termination. Homepage here. By Christian Schulte
analogx.www.txtSun Jan 2 11:07:10 2000
Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1. Windows 95 is confirmed vulnerable, possibly other platforms. By Underground Security Systems Research
fastrack.remote.txtSun Jan 2 11:07:04 2000
A vulnerability in Netscape FastTrack 2.01a will allow any remote user to execute commands as the user running the httpd daemon (probably nobody). I've only tested the version of Netscape FastTrack that comes with SCO UnixWare 7.1, 2.01a. I'm not sure what other platforms, if any, are vulnerable. Unixware exploit included. By Brock Tellier
filetraq-0.1.tgzSun Jan 2 11:06:59 2000
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups. Homepage here. By Jeremy Weatherford
ntattack.zipSun Jan 2 11:06:51 2000
Paper detailing a successful attack against a NT server running the avirt mail service. In powerpoint, html, and text format. Homepage here. By JD Glaser
1999-exploits.tgzThu Dec 30 22:22:46 1999
All the exploits for 1999!
9912-exploits.tgzThu Dec 30 22:19:41 1999
Exploits for December, 1999.
ntop-1.2a10.tar.gzThu Dec 30 22:09:32 1999
ntop is a tool that shows the network usage, similar to what the popular Unix command top does. ntop can be used in both interactive or web mode. In the first case, ntop displays the network status on the user's terminal whereas in web mode a web browser (e.g. netscape) can attach to ntop (that acts as a web server) and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. Changes: A fix for a buffer overflow caused by long URL requests, and many new enhancements. Homepage here. By Luca Deri
linux-2.3.35.tar.gzThu Dec 30 22:07:06 1999
Linux kernel version 2.3.35 (developmental). www.kernel.org
Sportal-2.2b.tar.gzThu Dec 30 21:58:25 1999
Sportal is made for people that need to know what is going on in their systems. It monitors files that you select, for "hot words" that you also select, through a graphical interface. When a hot word is found in the file being watched, it will let you know. There is no restriction on the numbers of files or hot words. Changes: A lot of bug fixes, a new pallete of colors, faster text scroll, and finished transparent background support. Homepage here. By Rodrigo Alvaro Diaz Leven
psftp-0.10.full.tar.gzThu Dec 30 21:53:21 1999
Psftp is an FTP client that uses ssh 1.x as its backend. It provides a command-line FTP interface on top of scp and ssh. Homepage here. By Nadeem Riaz
init.tar.gzThu Dec 30 21:49:06 1999
initscripts-4.48-1 on RedHat Linux is vulnerable to a race condition. Contains the l0pht advisory on the subject and exploit. By Mudge
savant.dos.txtThu Dec 30 21:18:08 1999
The Savant Web Server V2.0 Win9X / NT / 2K and possibly other versions has a buffer overflow caused by a NULL Character in the parsing Get Command routine. By Underground Security Systems Research
vnsl.tgzThu Dec 30 20:49:40 1999
vnsl (vENOMOUS Scripting Language version 0.1b) can be used to script connections to daemons and backdoors. By Venomous
majordomo.local.txtThu Dec 30 20:41:01 1999
A vulnerability in majordomo allows local users to gain elevated privileges. By Brock Tellier
CA-99-17.dosThu Dec 30 20:34:32 1999
CERT Advisory CA-99-17 - Denial-of-Service Tools. Recently, new techniques for executing denial-of-service attacks have been made public. MacOS 9 can be abused by an intruder to generate a large volume of traffic directed at a victim in response to a small amount of traffic produced by an intruder. This allows an intruder to use MacOS 9 as a "traffic amplifier," and flood victims with traffic. A tool similar to Tribe FloodNet (TFN), called Tribe FloodNet 2K (TFN2K) was released.
vxe1.tgzThu Dec 30 20:25:17 1999
VXE - Virtual eXecuting Environment protects Unix daemons from compromise in a manner similar to chroot. A main problem with UNIX security is that superuser can do with system anything he wants. There are programs (daemons) which work with superuser privilegies, for example popd, sendmail, and accessible from network (Internet/Intranet). There could be bugs in any program, so intruder connects to such programs via network, exploit existing bugs in it and get a control over all of the host. VXE (Virtual eXecuting Environment) protects UNIX servers from such intruders, hacker attacks from network and so on. It protects software subsystems, such as: SMTP, POP, HTTP and any other subsystem, already installed on the server. Free for non-commercial use. Homepage here.
wmmon.freebsd.txtThu Dec 30 20:15:18 1999
Wmmon is a popular program for monitoring CPU load and other system utilization. It runs as a dockapp under WindowMaker. The FreeBSD version of this program has a feature that can be trivially exploited to gain group kmem in recent installs, or user root in really old installs. This affects the FreeBSD version because under FreeBSD the program must be installed setgid kmem or setuid root in order to access system load information through the memory devices. The Linux version should not be vulnerable because it reads information through procfs which requires no special privileges. By Steve Reid
csm.dos.txtThu Dec 30 19:48:41 1999
Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A and other older versions. Possibly exploitable. By Underground Security Systems Research
inet-4.zipThu Dec 30 19:18:26 1999
InET Magazine #4 has been realeased with articles about the SS7 Telephony Protocol, IPv6 crypto and security,
nt.security.update.122999.txtThu Dec 30 19:03:39 1999
Windows NT Security Update - Reflections from 1999 and into 2000, Savant Web Server Denial of Service, Avirt Rover Buffer Overflow, Netscape Navigator 4.5 Runs Arbitrary Code, Live Webcast, How Secure is Your Exchange Server? Update, and Using Windows 2000's Run As Command. NTsecurity homepage here.
sms.192.cdeThu Dec 30 18:57:31 1999
Sun Microsystems Security Bulletin #192 - Vulnerabilities in CDE and openwindows. Vulnerable versions include SunOS 5.7, 5.7_x86, 5.6, 5.6_x86, 5.5.1, 5.5, 5.4, 5.3, 4.1.4, and 4.1.3_U1. Vulnerable programs include the ToolTalk messaging utility, ttsession, CDE dtspcd, CDE dtaction, and the CDE ToolTalk shared library.
sms.191.sadmindThu Dec 30 18:51:10 1999
Sun Security Bulletin #191 - The sadmind program is installed by default on SunOS 5.7, 5.6, 5.5.1, and 5.5. In SunOS 5.4 and 5.3. A buffer overflow vulnerability has been discovered in sadmind which is exploited by a remote attacker to execute arbitrary instructions and gain root access.
trinokiller.cThu Dec 30 18:37:23 1999
This program remotely kills trino nodes on version 1.07b2+f3 and below. Homepage here.
VisualLast128reg.exeThu Dec 30 18:31:40 1999
VisualLast is a powerful NT audit tool which is being given out for free to help y2k efforts. VisualLast is an automated audit tool that scans/filters/sorts NT security logs for the purpose of identifying unauthorized network accesses. VisualLast can scan an unlimited amount of network hosts and create a consolidated view of the network activity. This version of VisualLast will not expire, nor is it limited. However, it does not contain the advanced features of version 2.0 about to be released. Homepage here. By JD Glaser
ethereal-0.8.0.tar.gzThu Dec 30 18:21:37 1999
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Changes: New features include loadable module support for decoders, many logfile formats, A command-line utility called "editcap" allows you to trim capture files and convert to different file formats, added configureability. Added the following protocols - TNS, ISIS, Gryphon, AppleTalk's NBP and RTMP, IRC. Updated the following protocols - NFS, RCP, GRE, BGP, SNMP, SMB, NetBIOS, IPX, ICQ, RADIUS, VLAN, TACACS+/XTACACS, LLC/SNAP, NTP, ISAKMP, HTTP. Homepage here. By Gerald Combs.
zodiac-0.4.6.tar.gzThu Dec 30 18:15:09 1999
Zodiac is a portable, extensible and multithreaded DNS tool. It is meant to be used as a DNS packet monitor and DNS protocol test and debuging tool. It's basic features are: sniffing of DNS datagrams on an ethernet device, decoding of all types of DNS packets, including safe decompression (partly finished, SOA record are, for example, not decoded yet), nice display and gui, if you like ncurses and text based frontends, always interactive in all situations through built in command line, threaded and flexible design. Advanced features include: local DNS spoof handler, jizz DNS spoof, exploiting a weakness in old bind implementations, determines jizz-weakness, id-prediction and resolver type remotely, id spoofing, exploiting a weakness in the dns protocol itself, implements some advanced DNS denial of service attacks, including flood, label compression and unres attack, advanced DNS smurf. Homepage here. By Scut of Team Teso
grabbb-0.1.0.tar.gzThu Dec 30 18:12:34 1999
Clean, functional, and fast banner scanner. Changes: Code fixes, portability fixes. Should run really well now. By Scut of Team Teso
ascend-foo.cThu Dec 30 18:09:28 1999
ascend foo denial of service exploit - basically just another lame echo/echo link, but has nice results on ascend, the router needs to be rebooted. By Scut of Team Teso

Copyright © 1999 Kroll-O'Gara Information Security Group, All Rights Reserved. Legal Notice