Wellenreiter is a GTK/Perl wireless network discovery and auditing tool. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. It detects essid broadcasting or non-broadcasting networks and detects WEP capabilities and the manufacturer automatically. Dhcp and arp traffic will be decoded and displayed to give you further informations about the networks. A flexible sound event configuration lets it work in unattended. An ethereal / tcpdump-compatible dumpfile can be created. GPS is used to track the location of the discovered networks immediately. Automatic associating is possible with randomly generated MAC address. Wellenreiter runs also on low-resolution devices that can run GTK/Perl and Linux/BSD (such as iPaqs). An unique Essod-bruteforcer is now included too. prism2, Lucent, and Cisco based cards are supported.
b6e11e7142d8e615e21c96edf48ca439a7d5cb0d30804df676be298377ebe0b6
Packet Storm new exploits for June, 2003.
641191a8624734d6b9a124e05f637516588e8e4f31f51bd5506b487928a9dd2f
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.
b29e88f9fd0f090c748c4cd79e26bd92be8925d623b093632ad035ac70d0e8d9
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate.
2d1862b108021c9292ece1f23d0c3c49d6cbcc4a5fabdcd0d1fed66bfacb2681
CERT Advisory CA-2003-22 - Microsoft Internet Explorer contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. Versions affected are 5.01, 5.50, and 6.01.
d1c51f0ed560fc53ab28a84f686194993fb73c72aed18f2d752fd2c3faec416d
FreeBSD Security Advisory FreeBSD-SA-03:11.sendmail - Some versions of sendmail (8.12.0 through 8.12.8) contain a programming error in the code that implements DNS maps. A malformed DNS reply packet may cause sendmail to crash its child process and may lead to further possible exploitation.
7f9899383fadb7f77206e97c56d7e465f51be51c5a9e5de02316b0f5c5ded77e
The Apache DoS Evasive Maneuvers Module is a module for Apache 1.3 and 2.0 that detects and fights off DoS attacks and brute force attempts by adding addresses to a 10-second '403 List' and rejecting rapidly repeated requests for the same URL from the same addresses. This module can be configured to talk to ipchains, ipfilter, or any other tool designed to push the attack out to the network layer, and provides email notification in the event of an attack.
45f6196ce2c9de9f714930384f606362ddd04e056083b8e15a46b933f13c3935
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
35a4e6fb6353da937eccdfa4d4bd06985ee1a6fd70aa4a31d2544a20742df2b7
monop local exploit that achieves privilege escalation to the second player's uid.
cf992dfea23b0560132cbee0d12b1b8ce15c6fc35a58e26d678e31f2cf9e5077
Helix Universal Server aka Real Server versions 7, 8, and 9 remote root exploit for both Windows and Linux. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".
15c91505e6cbf8608eb58beff61b02cf4d5a2601de86f3c901a8f1d588027c3a
LKL is a userspace keylogger that runs under linux x86/arch. LKL logs everything which passes through the hardware keyboard port (0x60). Keycode to ASCII translation is supported.
044171738ef8d204530208c5e41d2ef4908d2386129b3558059e68eea2648923
SGI Security Advisory 20030803-01-P - A vulnerability has been reported by sendmail.org that the 8.12.8 and earlier releases shipped with a potential problem in DNS mapping that could lead to a remote denial or service or root compromise. Relatedd CVE Number: CVE-2003-0688.
f599f483c03b2a7dbaa048e9abd60ad17327c2a14fc6add6523e23542a45abb1
Helix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers.
2dbb8dceb018ef54a3e9f64fe191da489067b6b3aa66be81d8e731a9d1ec9d48
Secure Network Operations, Inc. Advisory SRT2003-08-22-104 - widz, the 802.11 wireless IDS system version 1.5 and below, makes use of untrusted input with a system call. If this utility were to be used in a production environment with any non-root users on the system, they would be able to easily escalate their privileges to root.
0a5bd8db53063144a11c8d343d4ad593cd07df746dc5dac63023d1b8f5b20b2b
eEye Advisory - There is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed almost all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a web page as silently and as easily as Internet Explorer parses image files or any other safe HTML content. Version affected: Microsoft Internet Explorer 5.01, 5.5, 6.0, and 6.0 for Windows Server 2003.
dd79f9814eb5b13d2de07d11deb7d6f23493a7bf6e0bf540ffc5293f0568e45c
Local exploit for ViRobot 2.0 that works against the FreeBSD edition. Tested against FreeBSD 4.8.
41059e552df59b7c97ce59335d8a8059d66eb278653f384fb513f884278d70fd
Secure Network Operations, Inc. Advisory SRT2003-08-11-072 - ViRobot 2.0, the Linux-based antivirus solution, has multitudes of suids that are vulnerable to abuse.
b0f7f0118ddf986cbff764a044a771d9d65a93d009a0b5c98382c9be43058a9b
Kfence version 1.2 provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region.
86b7ef83422d92d95d9b4292f22b474924bcfbca4cce50f51c33a6f418dbed1c
Cryptcat is an encrypted version of netcat. It uses AES encryption and a static key to encrypt all transactions. Previous versions had a flaw in which not all network traffic was encrypted so this is the patched version. Many thanks to Eric Sheesley for fixing this utility since the last version is no longer supported.
07d72ba5e5a5601b5d6b9d6c4dbf7a4339f25974ccdc61d11f6d4b78f2c489bd
Remote administration kernel module designed for the 2.4 series. It replaces system calls by inserting a push ret at the beginning of system_call, making the program jump to specified code. It provides a remote terminal backdoor through SYS_read hooking which means you can enter the box through any open tcp port. The connection is XOR encrypted and the module hides ports and pids. It also hides itself from vmalloc structure scanning and lsmod. Tested on Redhat 7.2 and 8.0. Currently lacks SMP support and is not considered stable so please exercise caution when utilizing this.
6b9d7bae3d68b1249acacb7222865ed7c41cc99ea8d9bdfa1e45104e265d2741
Further information and research in regards to the InterSystems Cache vulnerabilities discussed here. Two new vulnerabilities have been discovered and exploits are included.
728fbb24e98602c5fe921cab33d49eb861a834a80b0d955bc059096191267f54
This utility makes use of google.com to figure out what domains are running vulnerable PHP servers. Instructions are written in French.
b3f19d886ee5ea1afc45226f178523ffac8207bfec016dd3e0b692e675b132ef
A Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
f4978177d240a78a9f740f6802aff5a4a303543634e143d074128e57b587ef0d
Banner scanning utility that generates random IP addresses, can search for specified strings, and has a default list of ports to scan if not given a list. Works extremely streamlined as it spawns sixteen children processes.
a29ff2cdc75b2c2460cc3322135bcc6d64cc8afd02c881149655284e653d8275
White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.
8dce9784b0590af718a606fd4452e9c8d12319c1f0f6545582ff6576e80b13f2