what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Dug Song

Email addressdugsong at monkey.org
First Active1999-12-21
Last Active2004-06-18
dsniff-2.4b2.tar.gz
Posted Jun 18, 2004
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a powerful sniffer which automatically detects and parses many protocols, only saving the interesting bits. filesnarf saves files sniffed from network file system traffic. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: This particular version is a modified release by Michael Robin that has been migrated to work with libnet 1.2 libraries. Includes a new tool called filenamesnarf.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 4a78a46ce5efe6f6ac271db49d1bf28238da3d4eb346603510f969291bf6df2c
fragroute-1.2.tar.gz
Posted Apr 23, 2002
Authored by Dug Song | Site monkey.org

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior. Includes scripts to defeat even the current CVS snort IDS.

tags | denial of service
systems | unix
SHA-256 | 6899a61ecacba3bb400a65b51b3c0f76d4e591dbf976fba0389434a29efc2003
dsniff-2.3.tar.gz
Posted Dec 18, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a powerful sniffer which automatically detects and parses many protocols, only saving the interesting bits. filesnarf saves files sniffed from network file system traffic. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: New programs: dnsspoof, msgsnarf, sshmitm, webmitm. Dnsspoof forges DNS queries and answers, msgsnarf records selected messages from sniffed AOL Instant Messenger, ICQ 2000, IRC, and Yahoo! Messenger chat sessions, sshmitm monkey-in-the-middle. proxies and sniffs SSH traffic redirected by dnsspoof(8), capturing SSH password logins, and optionally hijacking interactive sessions. webmitm transparently proxies and sniffs web traffic redirected by dnsspoof(8), capturing most "secure" SSL-encrypted webmail logins and form submissions. Also added VRRP, pcAnywhere 7, 9.x, SMTP, rexec, RPC ypserv, NNTPv2, Checkpoint Firewall-1 Session Authentication Agent, and Microsoft PPTP MS-CHAP (v1, v2) parsing to dsniff.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 24844b9aecb37c603acba7e5d7d54fcb89ac8d2f19c95606476444378b4f46fd
blackhat-fw1.tgz
Posted Sep 1, 2000
Authored by Dug Song, John McDonald, Thomas Lopatic

A Stateful Inspection of FireWall-1 - In this advisory we summarize our findings from BlackHat 2000 on Checkpoint Firewall-1. It is susceptible to several trivial attacks against its inter-module authentication protocols, IP address verification has flaws, FWN1 and FWA1 is vulnerable to a replay attack, Fastmode vulnerabilities, FWZ Encapsulation vulnerabilities, and Stateful Inspection problems, and much more. Included in the tarball is the presentation in two formats, the technical documentation for the vulnerabilities, and the source code used in the demonstation.

tags | paper, vulnerability, protocol
SHA-256 | 2307e3b4992373126506a9e8ddec37a8bb211d7837d390f321905d5f799474dd
dsniff-2.2.tar.gz
Posted Jun 19, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a powerful sniffer which automatically detects and parses many protocols, only saving the interesting bits. filesnarf saves files sniffed from network file system traffic. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: New filesnarf program which saves files sniffed from network file system traffic, Rewrote HTTP decoding in dsniff, Alpha platform support, Fixed arp discovery in arpredirect on Linux, Added -m flag to enable automatic protocol detection in dsniff (based on the classic file(1) command), Added TDS (Sybase, Microsoft SQL Server) parsing to dsniff, and Added regular expression matching and POP support to mailsnarf.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 2c83a22007336345ee4a0b4a690b0df387ca6dc1f1c1ac7eb68f04e8465c341c
dsniff-2.1.tar.gz
Posted May 22, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: Add -c flag to specify half-duplex TCP stream reassembly in dsniff (better support for sniffing off switched ports using arpredirect), fixed OSPF parsing in dsniff, fixed webspy URL ignoring.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 093d542c616d5bd7e35c508ad364c6cb4963df7d7c5d7c4a1477cb28a7907860
dsniff-2.0.tar.gz
Posted May 18, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: Major dsniff rewrite! Add configurable decode triggers and debug traps to dsniff, rewrote dsniff RPC framework, added portmap, NFS, mountd, PostgreSQL, Meeting Maker, poppass, RIP, OSPF parsing dsniff decoders. Made dsniff savefile format portable, fixed RSET handling in mailsnarf.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 4411ee32799cac95096d37b654d30296e78e4da6da85a4406e3b21247fdcddda
dsniff-1.8.tar.gz
Posted Apr 11, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: Added SOCKS parsing, pcanywhere parsing, SMB parsing, IRC parsing, and NAI sniffer parsing to dsniff.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 52ba277dacb74c072066d3c2127476355fb36af015fc50f685a3fc540d94ddb2
icadecrypt.c.txt
Posted Apr 1, 2000
Authored by Dug Song | Site monkey.org

icadecrypt cracks the weak hash encryption on stored Citrix ICA passwords (in appsrv.ini).

tags | exploit
SHA-256 | 0181118dcdd35e59f180e0f657ec91f83b1e6c2830741f73a27b7ac95c081f4c
dsniff-1.7.tar.gz
Posted Mar 30, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: Dsniff can now parse Microsoft SMB, Citrix ICA, Oracle SQL*Net (v2/Net8), and LDAP. Other small bugfixes and improvements were made.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 225820da6efd655e320bfc3aad29eacd2e1d5d8ab01102d238e091882265cbf7
dsniff-1.6.tar.gz
Posted Mar 13, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: Added parsing for Napster, AIM, ICQ (v2, v5), and CVS pserver. Now supports more non-glibc Linux systems missing ether_ntoa(). Unique HTTP authentication information by directory is now supported. dsniff now skips IMAP command tag, and doesn't rely on /etc/services.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | dc0cbf5de5dcd7b2cd3f8f5fc63b1f88894d28623fddcc4131a33f704890dbc5
dsniff-1.5.tar.gz
Posted Feb 22, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: HTTP proxy fixes, manpages, telnet fix.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 449d5e99419d841257a23438af4cf6e26c853ffadb72594c0f80c2235d98093a
ftp-ozone.c.txt
Posted Feb 22, 2000
Authored by Dug Song | Site monkey.org

Exploit for recent FW-1 FTP problems - Demonstrate a basic layer violation in "stateful" firewall inspection of application data (ftp within IP packets). Checkpoint alert about this vulnerability here.

tags | exploit
SHA-256 | 105b9db1985030576cb537ea4954c1985eb1a0c41554c114e8d7e40766964ac2
dsniff-1.4.tar.gz
Posted Feb 2, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. tcpnice slows down specified in-progress TCP connections via "active" traffic shaping (useful for sniffing fast networks). forges tiny TCP window advertisements, and optionally ICMP source quench replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: New tcpnice program (Slows down traffic in a network via "active" tcp shaping. Added HTTP proxy support in dsniff, urlsnarf, webspy. Fixed mailsniff mbox formatting of ^From in message body, added NNTP processing to dsniff, and added the -v (verbose) flag to tcpkill and tcpnice.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | ba306b87355e9c1d8376d5d3f9f68256f968bcc1d37df2585318b8b878a45c5c
dsniff-1.3.tar.gz
Posted Jan 24, 2000
Authored by Dug Song | Site monkey.org

dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.

Changes: Addition of Berkeley db output file format to dsniff, as well as restricting logging to unique auth info, new tcpkill program, new dsniff manpage, DNS lookups in dsniff and urlsnarf, addition of HTTP Basic Authentication, Referer, and User-Agent logging to urlsnarf, improved RPC message parsing in dsniff, improved SMTP parsing in mailsnarf, improved HTTP 1.x parsing in dsniff, urlsnarf, and webspy. fixes for IMAP, Rlogin, Telnet option parsing in dsniff, and addition of X11 MIT-MAGIC-COOKIE parsing to dsniff.
tags | tool, local, sniffer, tcp, protocol
SHA-256 | 7b757d3d67ea684c61afe0f432de550f86a550a5802b5bfe37f1b4d779d76c3a
dsniff-1.2.tar.gz
Posted Jan 11, 2000
Authored by Dug Song | Site monkey.org

Dsniff contains several powerful new network tools, written for use in penetration testing. Arpredirect is a very effective way of sniffing traffic on a switch by forging arp replies. Findgw determines the local gateway of an unknown network via passive sniffing, which can be used in conjunction with arpredirect to intercept all outgoing traffic on a switch. Macof floods the network with random MAC addresses, causing some switches to fail in open repeating mode, facilitating sniffing. Dsniff is a simple password sniffer which parses passwords from many protocols, only saving the "interesting" bits. Mailsnarf is a fast and easy way to violate the Electronic Communications Privacy Act of 1986. Urlsnarf outputs all requested URL's from HTTP traffic. Webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time (as the target surfs, your browser surfs along with them, automagically).

Changes: Ported to FreeBSD, Add NFS mount parsing / RPC framework to dsniff, Add -i flag to specify interface to use.
tags | tool, web, local, sniffer, protocol
SHA-256 | 3e2ba48592e238432309cc390cea45781fbf3bfd215112c6d81acde38ca6916c
dsniff-1.1.tar.gz
Posted Dec 21, 1999
Authored by Dug Song | Site monkey.org

Dsniff contains several powerful new network tools, written for use in penetration testing. Arpredirect is a very effective way of sniffing traffic on a switch by forging arp replies. Findgw determines the local gateway of an unknown network via passive sniffing, which can be used in conjunction with arpredirect to intercept all outgoing traffic on a switch. Macof floods the network with random MAC addresses, causing some switches to fail in open repeating mode, facilitating sniffing. Dsniff is a simple password sniffer which parses passwords from many protocols, only saving the "interesting" bits. Mailsnarf is a fast and easy way to violate the Electronic Communications Privacy Act of 1986. urlsnarf outputs all requested URL's from HTTP traffic. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time (as the target surfs, your browser surfs along with them, automagically).

tags | tool, web, local, sniffer, protocol
SHA-256 | 5b8ac1a36bdcb8085709d1fb176ea958619549ff8c83cdd6c06ec75272cde04f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close