BigBoo is a YABASST, Yet Another Block And Superblock Subversion Tool. It swallows, encrypts and hides your files in a ext2/ext3 or swap partition.
8dc8de2c28d02a5a800080fda7db637c17cc5b80323a6992cb451a25b9745367Kernel Security Therapy Anti-Trolls (KSTAT) is a very powerful security tool to detect many kinds of rogue kernel rootkits. It analyzes the kernel through /dev/kmem and detects modified syscalls as well as various other problems. This version runs on 2.4.x only, and can assist in finding and removing trojan LKMs. It supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more.
812c5cc62aa476aea9387d2843ecea645455345d2f9415eacffea7e0beea1515Kstat is a powerful tool for Linux v2.4.x which displays information taken directly from kernel structures taken from /dev/kmem. This is especially useful when we can't trust output from usual sources and applications, for example after an unauthorized access to our systems. Effective if something like ps, ifconfig, lsmod, or system calls are patched.
8ee897a12c159a2bc0dc9c6babaec6df62f6271169fe30d9b5a432b2792ee52aKstat is a tool for Linux which can find an attacker in your system by a direct analysis of the kernel via /dev/kmem, bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more.
88b0b99c154e47fea38908d1d46542850be4215cd28ce2024ba4ade238b560a1FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want.
bcc76c9851a69009bf74d505e657a312772e80b7ff657d12821a4290e44b1042S0ftpj Security Advisory SPJ-004-000 - Multiple remote CGI vulnerabilities in MailStudio2000. Users can view any file on the system, as well as execute commands remotely as root. Major search engines can be used to locate vulnerable hosts. Exploit descriptions included.
6550727efc6ec1b93efcd6c291fe46eb0b814d183be7bc7774db23d9d629e939Sniffit 0.3.7beta Linux/x86 Remote Exploit. Tested on RedHat 5.2, 6.0, 6.2.
23c271cadbc52f8891f04dff58f2d091757e47858573b3d9b6ea26e75ffc4906Linux kernel 2.2.x implementation of the CaRoGNa 2.0.x module Secret technique of the divine HOKUHACKO school [ Hokuto No Ken rules ;)] Sacred Strike of the Modular Renewal that bumps root down.
2bf133e86ea4fc0e68826e775d8668b2e43f6fcbf8405c0482cbca6bbceed460Simple module to prevent lame people from using your box as a launch base for spoofed ip packets. Intercepts the socketcall() system call looking for the IP_HDRINCL parameter passed via setsockopt().
f2a3456b36ee72088bb3f22154d0d0757742823d0a1f5aa1bbe881390873b18eLinux Loadable Kernel Module to keep an eye on the system, and add security 'on the fly' to a prexisting running box. Contains a simple implementation of BSD securelevels, while waiting for the official 'in-distro' arrival of Linux Capabilities [POSIX 1.e] in 2.4.x and strong ACLs.
acb13ad23d34d3ac027d69404c713c283d541fe9f98969f2779ff97bcff33812s0ftpr0ject Security Advisory 003-000: Remotely Exploitable Buffer Overflow in Sniffit. Possibly all systems running Sniffit (0.3.7beta and all versions logging mail headers). Successful attacks depend on being able to craft shellcodes so they can bypass input filter.
a304b30bb689966880a997812a854919d1e4be60e485e7b36713ff31343e60acSpjy2ksniff.c Network sniffer to operate passive attacks and find weaknesses in the protection of the traffic on your LAN. It uses the pcap(3) library to access to datalink level. Newbie (limited) version.
f92ff5362d4b2ff3a27899cba95cba754e336710159c7446b80329d721ae113b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed