DoS-Linux.tar.gz | Tue Jan 4 00:50:23 2000 |
Remote denial of service attack against linux kernel 2.2.7 - 2.2.9, in perl. By misteri0 |
syslog-ng-1.3.11.tar.gz | Tue Jan 4 00:50:16 2000 |
syslog-ng as the name shows is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Changes: Some HP-UX and tcp related bug fixes. Homepage here. By Balazs Scheidler |
imp-range.c | Tue Jan 4 00:50:09 2000 |
Tool for scanning networks which generates an list of IP addresses between a starting and ending ip. By Shake |
cgichk1_36.c | Tue Jan 4 00:50:02 2000 |
Y2k fix for cgicgk-1_35, which would return false positives on any server with a date of 2000. By su1d sh3ll of UnlG |
winfingerprint-222.zip | Tue Jan 4 00:50:01 2000 |
Winfingerprint 222: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controlller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes. Changes: -m (mass scan) now outputs in framed HTML. This makes the output from large network scans useable for the first time. Homepage here. By Vacuum. |
filetraq-0.2.tgz | Tue Jan 4 00:50:01 2000 |
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups. Changes: Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. Homepage here. By Jeremy Weatherford |
iMailv5.txt | Tue Jan 4 00:49:22 2000 |
On iMail Server 5.0 for Windows NT 4.0 SP 6a, a malicous user can read and send emails as any other user on the system. The issue lies in how iMail handles the creating of new email accounts, and how it stores them. Exploit instructions included. By Simon |
suse.majordomo.txt | Tue Jan 4 00:49:15 2000 |
The mailinglist software "majordomo" was found having several local vulnerabilties. However, the licence of the program prohibites us providing a fix. You should either remove majordomo or trust your local users until an official fix from greatcircles is available. SuSE security website here. |
localscan.tar.gz | Tue Jan 4 00:49:07 2000 |
Localscan is a Perl-based frontend for nmap. It allows the user to compare the results of an nmap portscan with the results of a previous nmap portscan made when the subnet or IP range being scanned was in a "known-good" configuration. Essentially, localscan allows the user to use a portscanner and ask "What new ports are open?" instead of just asking "What ports are active?" Homepage here. By Dylan Greene |
SuSEcompartment-0.5.tar.gz | Tue Jan 4 00:49:07 2000 |
SuSE Compartment is a program to build secure compartments for running untrsted/insecure programs, and has got the usual uid/gid setting and chrooting abilitity, but the nice thing is the easy access to linux per process capabilities. Homepage here. By Marc |
find_ddosV2.tar.Z | Tue Jan 4 00:48:52 2000 |
Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client. Changes: Detects TFN2k. Homepage here. |
sos.tgz | Tue Jan 4 00:48:51 2000 |
Socks Scan V 2.0 - Scan a host for SOCKS servers. Includes the SOCKS perl module. By Icehouse |
elza-1.4.3.zip | Tue Jan 4 00:48:35 2000 |
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicring browser behavoir almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning. Homepage here. By Phillip Stoev |
TFN_toolkit.htm | Tue Jan 4 00:33:02 2000 |
Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit. Homepage here. By Randy Marchany |
stacheldraht.analysis | Tue Jan 4 00:25:38 2000 |
The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents. Homepage here. By David Dittrich |
CA-2000-01.distributed | Tue Jan 4 00:19:35 2000 |
CERT Advisory CA-2000-01 - Denial-of-Service Developments. A distributed denial-of-service tool called "Stacheldraht" has been discovered on multiple compromised hosts at several organizations. X-Force released a paper on trin00 and TFN. CERT DoS homepage here. |
ezwfw.iso | Sun Jan 2 11:33:53 2000 |
The SPIRO-Linux EZ-Way Firewall allows you to setup and maintain a firewall easily, and without much strain on resources. It can be set up on a 486 with 8MB RAM, although a much more robust system is recommended for larger networks. This is meant to be a drop in replacement for the expensive and restrictive Firewall products available on the commercial market today. Homepage here. By Rick Collette |
aide-0.5.tar.gz | Sun Jan 2 11:27:58 2000 |
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with. Changes: MD5 sums are now correct. Users must update their databases; they have false sums. With hash library support, you can have many more hash algorithms, and many bugfixes have been made. Note that the author's PGP keys have changed. Homepage here. By Rami Lehti |
squidtaild.2.1a2.tgz | Sun Jan 2 11:20:56 2000 |
Squidtaild is a Squid log file monitoring program that will crosscheck new access.log entries with user-defined filters and report all hits (using HTML pages, email, or winpopups). It is ideal for schools and businesses that wish to monitor their Internet activity for policy violations (that can be custom generated). Changes: This complete Perl rewrite of Trailer is faster, more flexible, and offers more options. Homepage here. By Stefan Folkerts |
psftp-0.15.full.tar.gz | Sun Jan 2 11:14:46 2000 |
Psftp is an FTP client that uses ssh 1.x as its backend. Thus, all file transfers and communications using it are encyrpted and secure. It provides a command-line FTP interface on top of scp and ssh. Changes: The ssh interface code has been rewritten (this should speed things up tremendously), auto-detection of the authentication method has been improved, history is now saved, remote file completion has been added, and some misc. bugs have been fixed. Homepage here. By Nadeem Riaz |
nmap-2.3BETA12.tgz | Sun Jan 2 11:07:26 2000 |
nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode. And you don't want to have 10 different scanners around, all with different interfaces and capabilities. Thus I incorporated virtually e very scanning technique I know into nmap. Changes: Interactive mode which allows you easily launch multiple scans (either synchronously or in the background), random scanning order (to evade IDS), a option to scan random IPs, and rpm fixes. RPM available here. Homepage here. By Fyodor |
aps-0.12.tar.gz | Sun Jan 2 11:07:17 2000 |
Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. Changes: now able to filter a port-range and able to print packet statistics at termination. Homepage here. By Christian Schulte |
analogx.www.txt | Sun Jan 2 11:07:10 2000 |
Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1. Windows 95 is confirmed vulnerable, possibly other platforms. By Underground Security Systems Research |
fastrack.remote.txt | Sun Jan 2 11:07:04 2000 |
A vulnerability in Netscape FastTrack 2.01a will allow any remote user to execute commands as the user running the httpd daemon (probably nobody). I've only tested the version of Netscape FastTrack that comes with SCO UnixWare 7.1, 2.01a. I'm not sure what other platforms, if any, are vulnerable. Unixware exploit included. By Brock Tellier |
filetraq-0.1.tgz | Sun Jan 2 11:06:59 2000 |
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups. Homepage here. By Jeremy Weatherford |
ntattack.zip | Sun Jan 2 11:06:51 2000 |
Paper detailing a successful attack against a NT server running the avirt mail service. In powerpoint, html, and text format. Homepage here. By JD Glaser |
1999-exploits.tgz | Thu Dec 30 22:22:46 1999 |
All the exploits for 1999! |
9912-exploits.tgz | Thu Dec 30 22:19:41 1999 |
Exploits for December, 1999. |
ntop-1.2a10.tar.gz | Thu Dec 30 22:09:32 1999 |
ntop is a tool that shows the network usage, similar to what the popular Unix command top does. ntop can be used in both interactive or web mode. In the first case, ntop displays the network status on the user's terminal whereas in web mode a web browser (e.g. netscape) can attach to ntop (that acts as a web server) and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. Changes: A fix for a buffer overflow caused by long URL requests, and many new enhancements. Homepage here. By Luca Deri |
linux-2.3.35.tar.gz | Thu Dec 30 22:07:06 1999 |
Linux kernel version 2.3.35 (developmental). www.kernel.org |
Sportal-2.2b.tar.gz | Thu Dec 30 21:58:25 1999 |
Sportal is made for people that need to know what is going on in their systems. It monitors files that you select, for "hot words" that you also select, through a graphical interface. When a hot word is found in the file being watched, it will let you know. There is no restriction on the numbers of files or hot words. Changes: A lot of bug fixes, a new pallete of colors, faster text scroll, and finished transparent background support. Homepage here. By Rodrigo Alvaro Diaz Leven |
psftp-0.10.full.tar.gz | Thu Dec 30 21:53:21 1999 |
Psftp is an FTP client that uses ssh 1.x as its backend. It provides a command-line FTP interface on top of scp and ssh. Homepage here. By Nadeem Riaz |
init.tar.gz | Thu Dec 30 21:49:06 1999 |
initscripts-4.48-1 on RedHat Linux is vulnerable to a race condition. Contains the l0pht advisory on the subject and exploit. By Mudge |
savant.dos.txt | Thu Dec 30 21:18:08 1999 |
The Savant Web Server V2.0 Win9X / NT / 2K and possibly other versions has a buffer overflow caused by a NULL Character in the parsing Get Command routine. By Underground Security Systems Research |
vnsl.tgz | Thu Dec 30 20:49:40 1999 |
vnsl (vENOMOUS Scripting Language version 0.1b) can be used to script connections to daemons and backdoors. By Venomous |
majordomo.local.txt | Thu Dec 30 20:41:01 1999 |
A vulnerability in majordomo allows local users to gain elevated privileges. By Brock Tellier |
CA-99-17.dos | Thu Dec 30 20:34:32 1999 |
CERT Advisory CA-99-17 - Denial-of-Service Tools. Recently, new techniques for executing denial-of-service attacks have been made public. MacOS 9 can be abused by an intruder to generate a large volume of traffic directed at a victim in response to a small amount of traffic produced by an intruder. This allows an intruder to use MacOS 9 as a "traffic amplifier," and flood victims with traffic. A tool similar to Tribe FloodNet (TFN), called Tribe FloodNet 2K (TFN2K) was released. |
vxe1.tgz | Thu Dec 30 20:25:17 1999 |
VXE - Virtual eXecuting Environment protects Unix daemons from compromise in a manner similar to chroot. A main problem with UNIX security is that superuser can do with system anything he wants. There are programs (daemons) which work with superuser privilegies, for example popd, sendmail, and accessible from network (Internet/Intranet). There could be bugs in any program, so intruder connects to such programs via network, exploit existing bugs in it and get a control over all of the host. VXE (Virtual eXecuting Environment) protects UNIX servers from such intruders, hacker attacks from network and so on. It protects software subsystems, such as: SMTP, POP, HTTP and any other subsystem, already installed on the server. Free for non-commercial use. Homepage here. |
wmmon.freebsd.txt | Thu Dec 30 20:15:18 1999 |
Wmmon is a popular program for monitoring CPU load and other system utilization. It runs as a dockapp under WindowMaker. The FreeBSD version of this program has a feature that can be trivially exploited to gain group kmem in recent installs, or user root in really old installs. This affects the FreeBSD version because under FreeBSD the program must be installed setgid kmem or setuid root in order to access system load information through the memory devices. The Linux version should not be vulnerable because it reads information through procfs which requires no special privileges. By Steve Reid |
csm.dos.txt | Thu Dec 30 19:48:41 1999 |
Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A and other older versions. Possibly exploitable. By Underground Security Systems Research |
inet-4.zip | Thu Dec 30 19:18:26 1999 |
InET Magazine #4 has been realeased with articles about the SS7 Telephony Protocol, IPv6 crypto and security, |
nt.security.update.122999.txt | Thu Dec 30 19:03:39 1999 |
Windows NT Security Update - Reflections from 1999 and into 2000, Savant Web Server Denial of Service, Avirt Rover Buffer Overflow, Netscape Navigator 4.5 Runs Arbitrary Code, Live Webcast, How Secure is Your Exchange Server? Update, and Using Windows 2000's Run As Command. NTsecurity homepage here. |
sms.192.cde | Thu Dec 30 18:57:31 1999 |
Sun Microsystems Security Bulletin #192 - Vulnerabilities in CDE and openwindows. Vulnerable versions include SunOS 5.7, 5.7_x86, 5.6, 5.6_x86, 5.5.1, 5.5, 5.4, 5.3, 4.1.4, and 4.1.3_U1. Vulnerable programs include the ToolTalk messaging utility, ttsession, CDE dtspcd, CDE dtaction, and the CDE ToolTalk shared library. |
sms.191.sadmind | Thu Dec 30 18:51:10 1999 |
Sun Security Bulletin #191 - The sadmind program is installed by default on SunOS 5.7, 5.6, 5.5.1, and 5.5. In SunOS 5.4 and 5.3. A buffer overflow vulnerability has been discovered in sadmind which is exploited by a remote attacker to execute arbitrary instructions and gain root access. |
trinokiller.c | Thu Dec 30 18:37:23 1999 |
This program remotely kills trino nodes on version 1.07b2+f3 and below. Homepage here. |
VisualLast128reg.exe | Thu Dec 30 18:31:40 1999 |
VisualLast is a powerful NT audit tool which is being given out for free to help y2k efforts. VisualLast is an automated audit tool that scans/filters/sorts NT security logs for the purpose of identifying unauthorized network accesses. VisualLast can scan an unlimited amount of network hosts and create a consolidated view of the network activity. This version of VisualLast will not expire, nor is it limited. However, it does not contain the advanced features of version 2.0 about to be released. Homepage here. By JD Glaser |
ethereal-0.8.0.tar.gz | Thu Dec 30 18:21:37 1999 |
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Changes: New features include loadable module support for decoders, many logfile formats, A command-line utility called "editcap" allows you to trim capture files and convert to different file formats, added configureability. Added the following protocols - TNS, ISIS, Gryphon, AppleTalk's NBP and RTMP, IRC. Updated the following protocols - NFS, RCP, GRE, BGP, SNMP, SMB, NetBIOS, IPX, ICQ, RADIUS, VLAN, TACACS+/XTACACS, LLC/SNAP, NTP, ISAKMP, HTTP. Homepage here. By Gerald Combs. |
zodiac-0.4.6.tar.gz | Thu Dec 30 18:15:09 1999 |
Zodiac is a portable, extensible and multithreaded DNS tool. It is meant to be used as a DNS packet monitor and DNS protocol test and debuging tool. It's basic features are: sniffing of DNS datagrams on an ethernet device, decoding of all types of DNS packets, including safe decompression (partly finished, SOA record are, for example, not decoded yet), nice display and gui, if you like ncurses and text based frontends, always interactive in all situations through built in command line, threaded and flexible design. Advanced features include: local DNS spoof handler, jizz DNS spoof, exploiting a weakness in old bind implementations, determines jizz-weakness, id-prediction and resolver type remotely, id spoofing, exploiting a weakness in the dns protocol itself, implements some advanced DNS denial of service attacks, including flood, label compression and unres attack, advanced DNS smurf. Homepage here. By Scut of Team Teso |
grabbb-0.1.0.tar.gz | Thu Dec 30 18:12:34 1999 |
Clean, functional, and fast banner scanner. Changes: Code fixes, portability fixes. Should run really well now. By Scut of Team Teso |
ascend-foo.c | Thu Dec 30 18:09:28 1999 |
ascend foo denial of service exploit - basically just another lame echo/echo link, but has nice results on ascend, the router needs to be rebooted. By Scut of Team Teso |