Crank is short for "CRyptANalysis toolKit", and its overall purpose is to provide a powerful and extensible GUI environment for solving classical (pen-and-paper) ciphers, providing as much automation as possible. Initial focus is on the cryptanalysis of monoalphabetic substitution ciphers. Screenshot here.
f73d572d6f270f68602a58e15b0586b43eb8e84e3a88bb3f0dec245dd8373760
The Linux Port/Socket Pseudo ACLs project is a patch to Linux kernel v2.4 which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
ed2f336ad923cb7fcd422234d333896b85061056cacad39281932db7bbbd3801
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
9522e8f64c1ea233aa3195e5dc3679d130d38d5ad8beaa23061b7e061b674412
Microsoft Security Advisory MS01-044 - Five new security vulnerabilities have been discovered in IIS 4.0 and 5.0. A buffer overrun vulnerability involving the code that performs server-side include (SSI) directives. An attacker with the ability to place content onto a server can include a malformed SSI directive that, when the content was processed, results in code of the attacker's choice running in Local System context. A privilege elevation vulnerability results because of a flaw in a table that IIS 5.0 uses. The vulnerability results in any file whose name matched that of a file on the list would run in-process. Three denial of service vulnerabilities have been discovered, one of which keeps IIS 5.0 from serving content until the admin removes the spurious entry from the File Type table for the site. A cumulative patch for IIS has been released which fixes these bugs and includes the functionality of all security patches released to date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT(r) 4.0 Service Pack 5. Microsoft FAQ on these issues available here.
86a6c34ac8613bb7c6bdccb36a4617a7d4f8e84039dccfea1658e58b76fba2aa
NetWare Enterprise Web Server 5.1 has a couple security problems - When NDS browsing via the web server is enabled, if an attacker can reach that server's port 80 they can enumerate information such as user names, group names, and other system information. In addition, poor handling of GET commands will allow for GroupWise WebAccess servers to display indexes of the directories instead of HTML files.
adf0654a73f370790f57c8f495e47ab5ce8db6242f05e002639e1d51d2ce342f
Ghost Port Scan is an advanced port scanner and a firewall rule disclosure tool. Uses IP & ARP spoofing, sniffing, stealth scanning to provide pen-testers and admins with software that allows them to test the settings of a remote host, even if it is firewalled.
a561efdf4a81c7e763675ced7458466594fcec703c1f87710d5f425a558e7508
DSNS is advanced network scanner for Windows 2000. It uses fast and stealthy SYN scanning to find open ports and is able to probe the services that are running on that ports. So you can check proxies, scan for SMTP relaying hosts and more. Screenshot available here.
d730c6535d1594939bc89fc7becab3112945080010d45ce8ec3c6422996a8b49
PHP-Nuke Written by Sequioa Software contains sendmail.php, which allows remote users to execute commands and see files on the web server.
15b60f966f6d41df63275f87611839fefc622ea85815d79655554d3868a7aa03
Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session?s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
ce594acde232ad4a7b74271391c27bc59ffbfc1f8099e11abf4fda4049d4df40
Security Holes in Remedy Client Installer - Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Tested on Solaris 2.6 and 8, using the installer for AR 4.5.1. Other platforms are likely vulnerable as well.
c95b5fdfab0923436993b9af56b0a4a3494ae9311cfd445be9ca1fe847a44131
Local root compromise in MicroFocus Cobol for Solaris/Sparc - If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 can be tricked into running code as root due to a permission problem.
6be64d2889f4def783b33e0ef5fcbe35a375d34660178a987267aed924cd2601
Taranis redirects traffic on switch hardware by sending spoofed ethernet traffic. This is not the same as an ARP poisoning attack as it affects only the switch, and doesn't rely on ARP packets. Plus, it is virtually invisible because the packets it sends aren't seen on any other port on the switch. Evading detection by an IDS that may be listening on a monitoring port is as simple as changing the type of packet that is sent by the packet spoofing thread.
55677af0b5be5d2fdd1fca759e87ee3dd12d7484052a0dead1e36a389f6542c5
Phrack Magazine Issue 57 - In this issue: IA64 shellcode, Ethernet Spoofing with Taranis, ICMP based OS Fingerprinting, Vudo Malloc Tricks, Once upon a free(), Against the System: Rise of the Robots, Holistic approaches to attack detection, NIDS on Mass Parallel Processing Architecture, Modern SSL Man-in-the-middle attacks, Architecture Spanning Shellcode, Writing ia32 Alphanumeric Shellcode, Cupass and the Netuserchangepassword Problem, Phrack World News, Phrack Loopback, and Linenoise.
7d7d5e63b2e6f015a2b392c8f1d5487fdf5a081fa2495efeb1bf9c6d0efd62c6
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
0af199f2e17c821efb6810cf7e3ff308e165e9e3a88dbc63c59e90c2b9093df2
Microsoft Security Advisory MS01-043 - The NNTP service in Windows NT 4.0 and Windows 2000 contains a memory leak in a routine that processes news postings. Each time such a posting is processed that contains a particular construction, the memory leak causes a small amount of memory to no longer be available for use. If an attacker sent a large number of posts, the server memory could be depleted to the point of crashing. Microsoft FAQ on this issue available here.
dda3214336aa2b8b38f85dc3ac8b2f9efa83fe45b72894061530dc0f802ec8b9
Store.cgi from Key to the Web's ecommerace solution contains a vulnerability which allows web users to read any file on the system. Exploit URL included.
0c35ce0b2d171b46048cd2cee55ae9e0bebb76665535c56dce2ba5fe63c19216
Rootscanner.pl is a scanner to find root.exe, the backdoor left by the code red II worm. Takes a starting and ending IP as input.
21cbf680c0db7d3768a2e3451a2b47859affe8f26026c6864f0328fa8b512f66
Code Red II Removal Tool 1.0 Beta - For Windows.
150de76011fc309d3b139edd0ae45c4095686761dc20f1bc26675d091a010fc5
Code Red II Class C scanner.
9131112695fe046f5968472ade56091fc7b175ab9e38584dc38f6124fba65fc4
Ctrace is a multiprotocol traceroute tool, written in perl.
acd7d4f609b7d12e077ea2402a3ddc61ffbb5a971ecbf8c7d7d275426788f263
Spoofing tool for ICMP packets - In perl! Able to send any ICMP type. More info on ICMP types available here. Requires the Net::Raw::IP module.
f09dbd27a1265b34e14ded59d4c3798f44bb6e8a0aa0363cb3444e878bf421a5
TCP-Junkie is a random TCP packet generator written in perl. Generates random TCP packets with random source address, source port and random flags. Pretty funny and can be useful for firewall testing.
6678d52cad967712c1ca8de71e30b003b57191be15501c38c480b4049ef33f4f
Sprint Lite is an OS fingerprinting tool which is similar to Queso except that it is written in Perl and is still actively being developed. It only sends 1 syn packet, to avoid IDS detection. Requires Net::RawIP.
bc8f4c04b3aa25867b3e4c3858fcf3511a579dcc6f68b53b65f78aec83cb8f2c
Sprint is an OS fingerprinting tool which is similar to Queso except that it is written in Perl and is still actively being developed. Requires Net::RawIP.
34856680f6c298699b209d783d24b3d8cc493d72e1a8d188a9b15c5607438ae6
Emailkit is an email bomber/faker for Windows 95/98/NT. It is very fast due to multithreading and has nice features like being able to attach files.
832d9a5fb27ae02d3f791a0963f4751aa7f48e302d0a0a6c878895a7ef25da5f