Cain and Abel is a password recovery tool for Windows 95/98 operating systems. It allows easy recovery of Logon passwords, Share passwords (local and remote), Screen Saver passwords, Access Database passwords, DialUp passwords, Link passwords and any other application defined password cached in your system or in external .PWL and registry files. SMB passwords (MD4 hashed passwords) can also be recovered with a powerful distributed SMB sniffer. Warning: McAffee falsely detects this as a virus because it is free and cracks passwords. Archive password is set to p4ssw0rd. Use at your own risk.
2ad214b1781bd46564e79979d9d163a5f661737c204358c15222ce5173a1d2d6FreeBSD-SA-00:26 - The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command. The code is executed as the user who is retrieving mail: thus if root reads email via POP3 this can lead to a root compromise.
7805e554d84ca0867143ca1acddfa28152891c433df64b183b257ce27d1b467aFreeBSD-SA-00:31 - The Canna server, which is not installed by default, contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.
a5c72623b3c311e90c72f4b47d9722fac689db56ba5ef144be25900514208d35FreeBSD-SA-00:29 - The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows remote anonymous FTP users to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
bd79217c21c14fb58f503398bbd1738af72e6d6b50c3fa9c2bc3c38460cad46eThe IPchains firewall module for Webbin lets you graphically create ipchains firewall scripts. Nearly all of the IPchains options are supported.
e9e4ca8ee5f5cf23ecbd6ec157cf5a2fbdc3c7b70222a8c4d8146233b4d5a1e2This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
7dd9dff24e6037faf7edb54f4aa1d397ba8c0d8dbd219a1e687d2693b363d74fFinding Holes in Your PBX Before Someone Else Does. Covers switching algorithms, susceptibility to tapping, conferencing, remote access, maintenance feature vulnerabilities, line testing capabilities, undocumented maintenance features, software loading and update tampering, tamper and error detection, crash-restart attacks, live microphone vulnerabilities, embedded login IDs and passwords, alarms and audit trails, silent monitoring, override (intrude), voice mail security, and denial of service.
b6a45e7fe26d88d33f6721a1d6230eca3c90adec5d7102210d6b0c826ca87093Tetrinet v0.6 for linux denial of service exploit. If a user on the local network sends an encrypted string and disconnects before the login is completed, the Tetrinet server exits with a broken pipe.
eade1092a1446a89cdd3abe32e722299cf310cac965b8038dcba3b09b7b7ca8fSnort 1.6.2.2 ported to Windows - This is a working port of Snort to Windows NT/2000/9x. Changes include interface names, filenames, and syslog changes. Source available here.
9f853454f4330a398ff17c7d7961ca2d15d41680e45ecc3e2d3db6c48320f32fThis paper re-examines the denial-of-service issue. It looks at the techniques used to accomplish denial of service including process recovery, resource destruction (crash), and resource overload. Looking at how DOS functions allows for the design of other DOS attacks aimed at the processes used by the operating system, the network protocols and the users.
a9ad3a5877fc1dae59b4e631b8e55e3f39c02254ab7704ea871612315b0770e4keepalive.c is a program which keeps your TCP connection alive. It sends null characters at an interval, keeping your connection from timing out. It is transparent to the user.
df09ebf6757775e0c6fd15aae4838cc8a09f356ada4ac2c983c7b73089c277b6Microsoft Security Bulletin (MS00-041) - Microsoft has released a patch for the "DTS Password" vulnerability in a component that ships with Microsoft SQL Server 7.0. If the Data Transformation Service (DTS) packages are in use, the password can be retrieved by programmatically interrogating the package's Properties dialogue. Microsofts FAQ on this issue is available here.
c26bbe82b902991c970291aeebc8a484a534f0f0330e3a3f1894e63d8ba4ef1eFalse snort rules last updated 06/08/2000. Detects Yahoo pager data, AOL chat data, SNMP, SMB queries, etc.
e0cc37cf4a21ee024fcd1f4811062eb6344ecd5ccc67f4d3f42512e62ec32562Updated snort rules to detect backdoors last updated 06/08/2000.
f3315df3c4af8b6c1423b26b3e8a49b4234f17ab007ee5f6486e46b8511b5bd6Full set of updated snort rules using using 'any' instead of "$HOME_NET" variables. Last updated 07/06/2000.
5907c0a852e13e6fdfc0d193bd84932d7e82af352b2e2db8215bf03c0807b37dFull set of updated snort rules last updated 07/06/2000.
8f2f5be918905c16c2ea7fef322ac37cfda25eddaee72a7bfe96436f01547010SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts.
df3b100d9597e4b7779ae77a7a940a9a1600461d5ef6f0bd4f62fb09de55d264httptunnel creates a bidirectional data channel through an HTTP proxy, from your isolated computer behind a restrictive firewall, to a system on the Internet you have access to.
fa94137cdf3c452d021d119de04f604855720305fd21a4be637a35a40973e87aAdvanced DIG is a TCP-based DNS client for Windows that supports most of the available options, including AXFR zone transfer. It features an extended mode which utilizes a TCP connection to acquire any info that can be supplied by server and supports 20 different queries to nameserver.
05abb1699e8459fd87c20edc3198396b1829b838b9c14076681af59876d592ecTraceroute - specially for quick network route discovery (1-2 secounds to find the route). Unlike standard traceroute it traces all the way to host at once, therefore saving time. Also measures the time neccesary for packet to return and looks up all intermediate routers. Unlike Windows tracert it's based on UDP protocol, therefore allowing to trace networks where incoming ICMP messages are filtered.
c238c4aaeb3149070eeeea575b95ade9bae711edca6673c50217bceacdf602caPscan checks C source code for problematic uses of printf style functions such as "sprintf(buffer, variable)", which have been the source of many security holes. It does not check for buffer overflows or other misuse of function parameters.
c6beb8eac16a70536e72db9caef8391c0211c691fbe1f60769b326232ad168e7MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses. It works with Sendmail 8.10. and will alter or delete various parts of a MIME message according to a flexible configuration file, making it much more flexable than procmail-based approaches.
060e05bb1f912fcf23f1cf9cdc835dc17c3c00d26c2214978397831fe97fa71eCgichk is a web vulnerability scanner which automatically searches for a series of interesting directories and files on a given site. Instead of focusing on vulnerable CGI scripts, it looks for interesting and/or hidden directories such as logs, testing, secret, scripts, stats, restricted, code, robots.txt, etc.
00f728b8d463d4ea4ae90a6b6889e0e1180310ca172ab39a1e41c54fbc690abcRalf Chat 1.2, a free CGI based chat system has remote vulnerabilities. User passwords can be retrieved in plain text and the default admin password is rarely changed.
21496428c515d4f09bbdd9f2637fed3eefe3cd485f5e1fdd028a2f105210de2fLinux Security Week July 10 - In this issue: Securing Sendmail, Understanding the Diffie-Hellman Key Exchange, PGP patch, BitchX dos vulnerability, man vulnerability (makewhatis /tmp bug), multiple freebsd patches, OpenSSH uselogin vulnerability, weekly security news, and much more.
5bf9f698ffac215b3b0414186453110003cc34c633afda3c9caa8af9944d10af
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed