Microsoft Media Server 4.1 - Denial of Service exploit. This code will crash the Microsoft Media Unicast Server for Windows NT. We have tested this against machines running SP4 and SP6. Exploits the bug in ms00-013
cf6c20c1bd7246463c77ae25834294b7ce3a4cd2ae2fbfb9bfe122b462e14495
If X11forwarding is turned on, and remote xauth is patched, sshing into a compromised server can allow programs to be run on under your ssh client. This is turned on by default in ssh1, ssh2, and openssh.
083e386a21e2ee341ea8c6922e55896cde8a2b905b0e442bf586d17e95bf58d8
SUID Advisory #8 - Corel Linux 1.0 dosemu distribution configuration. Local users can take advantage of a packaging and configuration error (which has been known and documented for a long time) to execute arbitrary commands as root. Exploit description included.
96c2147114c2083d447c403b05ebe76f0fce1a1dd0a956feda12721668e91518
SUID Advisory #7 - Corel xconf utils local root (among others) vulnerability - Local users can take advantage of lack of input validation and the lack of privilege dropping to gain root access, read any file, or perform a denial of service attack on Corel Linux systems.
e0779a0f39462f1e76553c9a16bd665c4bd32dbc04921ce7b2363ed40212fb1b
Basic CallerID Logger is a perl script which provides CID logging to a database. It was written to use mysql but as long as you can generate the table for your own database, it should work fine. It puts the data into the table without any format changes; the idea is that an auxiliary program can make the format changes when it displays the data.
37deaffb089381912d8e5ae0edfe1798a039efd263edc68e910c5ac2e6a2b50f
lkpatch is a Linux kernel patcher. It connects to the fastest mirror, checks for new versions of the Linux kernel, downloads them, and patches your kernel source. It determines the fastest mirror by keeping track of previous download times.
1a234e67a804aa5c05f9783e13ec5602498c8bb1b534244cafd3b180f1e343d3
Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets.
e30cd855861c797c09409abd181162212fe0cd69a038f27e2efee82072f17677
NetBus 1.6 (Patch 4) - Patched to avoid detection by Spider, Drweb, Avp, and Norton Antivirus. Archive password is set to p4ssw0rd. Use at your own risk.
038a91f8d27ee8603040e79ae6d00da67c535f7f1da6333069b65cc5271f73dd
Back Oriface 1.20 (Patch 8) - Patched to avoid detection by Drweb, Avp, and Norton Antivirus. Archive password is set to p4ssw0rd. Use at your own risk.
df6dd89973ea80854ecdeb64af2c2a3c9d1a481a1303416ef991cce0ac773244
ICQ trojan - Patched to avoid detection by Drweb, Avp, and Norton Antivirus. Archive password is set to p4ssw0rd. Use at your own risk.
91109dd3636156804ff080e5ef796d4179d09b7f040f436e6083308b9ad02764
Girlfriend remote control trojan - Patched to avoid detection by Drweb, Avp, and Norton Antivirus. Archive password is set to p4ssw0rd. Use at your own risk.
f0b8301a62219a211d29fb07000acd20f74bc7ce39ff340138b356c7381c941d
Narrow Security Scanner 2000 searches for 341 remote vulnerabilities. Written in perl, tested on Redhat, FreeBSD, and OpenBSD, Slackware, and SuSE.
1865f7490af47de613f86e7a76f25b4390edffeca15d793cdb6566e8202dc5e6
The one and only way to bypass the Power On BIOS password of a Toshiba Notebook. This method works on all models.
e8d2a181c14abba4811368c718535b1ecf1f7973b516f96befe422e3ef52cc4c
Aicmpsend is a perl script for sending custom ICMP packets.
9aedb80c57bf46b31ee5ea9f89cdc5ab838aba4916f18735d83d07848c8192fa
CGI vulnerability scanner version 2.00. Checks for 173 CGI vulnerabilities. Tested on linux, freebsd, and irix.
0431b7efce10152b2d33936031b456224a8417c3e9dd186c96dad485ee727526
HTTP-XpsScanner scans a remote webserver for 77 vulnerable cgi scripts.
9f64d018277b2464ac86046ec1d3fc1aae140c378368b93e82d9c71a193f3bec
Coding in C - a summary of some popular mistakes. Most of them are not detected at compile time with all warnings enabled, which makes them very nasty and hard to detect.
737d50616c03d55f8e032bb3348892b062e5ced53d2c378786dbda33ef725c28
shlog.c is a small program that will do getpeername on its input descriptor, and log a remote host, if it is invoked via a remote session, along with uid/gid to syslog. can be used as additional logging tool for login shells (by putting it into the system profile).
bd42d52088d6edf926cf9b9ece53c386df3616f092ad9588f1a8757e43cc353f
ipac is an IP accounting package for Linux which collects, summarizes, and nicely displays IP accounting data. The output of ipac can be a simple ASCII table, an ASCII graph, or even images with graphs showing traffic progression. ipac can be used for IP traffic analysis and for accounting purposes.
6b4a9beccc08dc306981c47388d502f984e724b1f42f3f0b055e28b67501accc
JFwadmin is a Java 2 high-level X11 tool for ipchains. The GUI displays easy-to-understand services. Features include boot scripts generation, firewall save and restore, automatic interface and IP address and routes detection, and current firewall configuration display.
e5f2f8ccaaeac8588cf914fa1379b5cf4d28b901a6ac22a38c6716b533a65123
SUID Advisory #6 - form.cgi and message.cgi. Anyone can execute any command on the remote system with the priveleges of the web server.
7218fd9d54aa6eeff4bbbbe4da3df325b9a0677e5cf227fce0be65494e9e7c7f
What you don't know will hurt you - Remote information gathering. This paper outlines two models of information gathering . The first model is "noisy" where the attacker uses all known resources with little reguard for what footprints* might be left on the target. The second is "stealthy". Wherein the attacker uses methods and packages designed to subvert logging facilities on the target.
7ad6564fa61c83377ccb981bf858b6053af46d1c53f44d173b57428b2d0d38a9
Netgrep checks a range of hosts for a specific service and grabs the banner. Features the ability to send a string to the port, and the ability to grep through the banner.
5db887fef030a6bd5114a42ab513996b22e0c7934e3da58c0568a6c7af3e6e48
Tfn2k password recovery tool - Tfn2k asks for a password during the build, which is used to prevent someone from recovering the password from the td or tfn binaries. Usefor for forensics, or to command a whole flood network to send you mail letting you know all the machines infected, or to command an attack to stop if you can recover a binary.
cfd719ba0cd05621c443ed48728a727968997b11e93221a512eaa02351d08836
CERT Incident Note - Windows Trinoo tool.
25e2126138bb2e55f48b34087e2f8ea0f59f9b3c7211778a0c2d68d6de4c24f4