Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
4450b9ecd3bc40104031d83fad31d0bb3fc7aa15de4088460aa734c06f2e1f2bNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
9b7c09b2ad9ca53f5cfabc99a0192300cd940cd655db511887531ec2aad3c21eSilencer holds three different functionalities. It will deploy a backdoor in a listening service that an attacker must connect to, feed the magic word, and then portscan the machine to find the bindshell spawned, it has an Apache backdoor that allows a connection over HTTP to drop to a shell, and it also has a read sniffer built in that goes through the kernel read() process and then logs it to /tmp/.es.rox. The authors ask to be contacted if anyone finds any systems or kernels that this does not work on.
41eb4095cd39cb456d3f839ae2f1d1ccad55ea5d5d7cc64453d8653a4a0b9510Millenium v1.0 is a tool that easily finds and removes the Millenium v1.0 Trojan from an infected system. Delphi source code included. Archive password is set to p4ssw0rd. Use at your own risk.
3d0b022fef41255c18a84cb2bb4beed53eb944912a153d1f3712c5e647a1c8acA detailed analysis and exploitation of the RPC Long Filename heap overflow found in the CoGetInstanceFromFile API that was originally discovered by NSFOCUS.
4620d24fc5b0277f481e241862c7c21d92522cc493f4613d81f9170a54cff666Remote exploit for netris version 0.5 on RedHat 8.0 that makes use of a buffer overflow vulnerability where a client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking.
f8edfa8276857fffd804744d1421a08844b4eda9116d04980bca6788d879b5dbLocal root exploit for hztty 2.0 that makes use of the buffer overflows discovered by Jens Steube.
e360b247ce91f66c52b245f714c8b4264ad70b33de8167e86466a0d04336a40e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed