Nematodes (Beneficial Worms) - This presentation presents concepts for taking expoitation frameworks into the next evolution: solving complex security problems by generating robustly controllable beneficial worms. The Why, How, and What of Nematode creation are discussed, along with some concepts in Mesh routing. Problems discussed include legal issues, controlling your worm, writing an intermediate language, the Nematode Intermediate Language (NIL) for writing robust worms, reliability problems, commications protocols, and future work.
446fdad6f1cbb3d6964e71c5e4b8c7eeb406f2582978a27b2314f9e084849e8dA paper by Immunity describing in technical detail the details of the LLSSRV issue described in MS05-010. This paper also describes how this issue affects Windows 2000 AP SP3 and SP4 without authentication, something which was not described in the MS05-010 bulletin.
9a2d067a18b330af81f10c5e578a7b8b552bacf8da50268824d53fb63f24a752White-paper that discusses how large enterprises use a different class of software than small companies. This software and the environment it is purchased in is subject to particular constraints that often require a different strategy. This paper presents the problems with concrete and current examples and suggests some solutions.
c6c4f6b12fb74b7afadba7327aaa5573e227432e84a466f69fc60cb82f8ebd7aImmunity Security Advisory - A double-free weakness in the XDMCP parser of dtlogin (CDE) results in remote code execution against popular server operating systems, such as Solaris. This attack is performed over UDP port 177.
34a2ff7508addcf429bd6658dd04890ff4df50eab6a7461c5b52a69bb51e0b7dImmunity Security Advisory - The Compaq Web Management system (HP HTTP) has a bug in its validation system that allows an anonymous user to upload trusted certificates.
abd992377e84fc44d38444954b8896715b7619fe2c505a46a3639e73084980f2Immunity Security Advisory - Remotely exploitable stack overflows exist in Computer Associates Unicenter TNG Utilities awservices.exe. Successful exploitation elevates an attacker to SYSTEM privileges. All known versions of Unicenter TNG 2.4 are affected.
1625a608ed26cffca06238ca193f1bde9f9b610f98606c2b6088043899bef4c8MOSDEF is a 100% Python retargetable compiler for C->shellcode that has been released to the public under the LGPL.
54e0931a0105789ff6e3a81c696033a19f35fb5cfc10aafb6e9eddb334d14ddfHelix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers.
2dbb8dceb018ef54a3e9f64fe191da489067b6b3aa66be81d8e731a9d1ec9d48SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC). Changelog available here.
86d96bf99bcd039981ca89f8b55edca9f39fa71986a9df7c51797e24f233dbcdSPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL 0.5.1 from the SPIKE Web page. Several working examples are included. Screenshot available here.
142ae177527d9498126eb4a70b71c1f2642ba5f5f28fd5e7203dd87aadb7b24eSPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
54a911963dbe4a6caf791058bad81c96bb56b6161bdc47bc2ca775b8dbf8b47aWindows 2000 Service Pack 3 can be crashed remotely via TCP port 135 due to a vulnerability in the DCE-RPC stack of Windows 2000 and related OS's. This vulnerability allows anyone who can connect to port 135 TCP to disable the RPC service. Disabling the RPC service causes the machine to stop responding to new RPC requests, disabling almost all functionality. Proof of concept available here.
542a8cc5b49599b1ff7b27bc7d61b0fce3dc381c63264d8103928579a9a3db5aSPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
7e60aa2ee5f63e45aef6983e693d49307392415159e2911380a829d8738ba7dfDcetest is a tool which probes a windows machine over TCP port 135, dumping MSRPC endpoint information. It can be though of as the equivalent of rpcinfo -p against a Windows box. Dcetest can also be very useful once inside a DMZ to fingerprint Windows machines on the network. Similar to the rpcdump program from Microsoft, but does not need a DCE stack and so runs on Unixes.
4a319a08ae0838234f5b6fbd0b4d2e0fac7560a7553a4e1b043527cc17032aa3SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
08787f66244491fa56d1a647c261268d4044bc34cf9b2299b02a138f29c94598HashDB is a networked md5 hash comparison tool that allows you to automatically check the hashes of any files you download against a master database stored at www.immunitysec.com. This allows you to download source tarballs without worrying that they've been replaced by trojaned ./configure files.
4a1fc0b4fd64f1f50f53b470729606f6873f9dff312ef2a66c32af02f31e6501SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC). SPIKE Blackhat talk available here.
a03cde9d9e6a0610628520b29ddaca21cfc758c0f5b56e014e242ef63cc09f87SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).
4b6f55e50509d028e4bd6ddd572448488111ccb0ec96471f70c82403816b6ba9SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
9b38f8f7bb8355547afc59ac401553989648c2392fa630a1188abaabde229a6bSPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).
e055b1879513702841a95c003e9606a987f0497b30ff9ffd6517017a36ef0fe0SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included.
2cc7ac85df579320ecd4e4c70e6ba4fec0eb040650fc9349630356851e1d99d5Apachefun is Spike script which exploits the new apache chunked data vulnerability. Tested on Apache-AdvancedExtranetServer/1.3.23. Causes a segmentation fault.
9ed9fcf633dfcf3b3a1be428ab70c47b438e1a4d1d7914f38023343154914d01Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.
d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed