Napalm Magazine issue #6 - In this issue: Security Hole in Veritas Volume Manager, Security Certification (CISSP), IPsec Crash Course (part 1), OS Detection with ARP, UNIX Lesson 1, BBS List, and URL's.
a5a77e4ed131792c2e4f79c9cc6574ba1ff5c8c6ac8846d52a6864af1cbfc0c3
bd.pl is a backdoor written in perl which sits on port 33556 by default, requires a password, and unsets the history environment variables.
1c5d8d2842c81db357d15533c0b4ab88013b89b5b556a2e3cb9494eb5e8e9a38
WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each.
f66747fe1c3efb7f98a0b76e20c56baf2efea4d7adf3ae8f603bfb1fcc4364e6
fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000.
1985383a8c4a1bd9fdb9bde3638a6dc40d228e18f469aee8d932cdeec65324e4
Weekly Newsletter from Help Net Security Issue 23 - 24.07.2000 - Covers weekly roundups of security related events. In this issue: Roxen v2.0.68 vulnerability, Local INN vulnerability, Outlook Persistant mail-browser link, Outlook malformed Email header vulnerability, O'Reilly Website Professtional overflow in webfind.exe, Ikey 1000 problems, HP Jetdirect FTP dos, Remotely Exploitable buffer overflow in Outlook, New encryption regulations, ACLU Challenge to Carnivore, First Autocad virus, Linux Distribution Security Report, Passive Fingerprinting, To Build a Honeypot, Auditing your Firewall Setup, and more.
ed0317e9c9ddb128a467dfc27e6de6e2a1b635e7f27a3b2e4b24e5f145e2ea73
Microsoft Security Bulletin (MS00-050) - Patch Available for "Telnet Server Flooding" vulnerability. A remote denial of service vulnerability has been discovered in the Telnet Server that ships with Microsoft Windows 2000. The denial of service can occur when a malicious client sends a particular malformed string to the server. Microsoft FAQ on this issue available here.
bba34b7eee04c58ecad1b77e6d0506c48a99cbdb0ac1fe88c3e79a1b3bc9cc0c
Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups.
2f7dee6b0a712a2ec0f4773b51daa24e069086bc2dbc73ffb50a9d1c4ccfdca7
phpDistributedPortScanner is a Web-based distributed TCP portscanner which uses plain PHP to perform distributed portscans against a single host. You can add new nodes just by uploading a tiny PHP script onto a Web server and adding a line to your master script to use it. Nodes are used in parallel and support multiple "threads" per node to increase your speed. It is portable and doesn't require shell access to use.
1c49f7b9da92d7a66903e494bea560d54e18954e889992ee27386d188b2a0b17
Virtual FTPD v6.4 is a secure FTP daemon which is derived from the OpenBSD ftp daemon and can allows virtual FTP accounts which do not have an /etc/passwd entry.
f92531e5dd84ba4031e283de97b474f29d03d61be5a82618cc1dfbec141ce93c
Form Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer.
0a106d313f4d701240d2c353c6d13d94bd56cd95675b225e91644c39bf674c86
Click Responder v1.02 remote exploit - spawns an xterm from the victim computer.
641649b9d5e09cdbd6153ff158fd12a709fc05ea1502c9ebc1c2a9a2d2e706b7
bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm.
8bef063aa4f8a6099294506a682482551cb6e76ed05df104f7d8cd504ab6d562
AlienForm2 remote cgi exploit - Spawns an xterm from target machine.
0f1c6a0e6f0f4c3ce24670e4260bc91a1fbb65613853982bf45a8ba4a3f01572
bnbform.cgi v4.0 and below remote exploit - reads any file on the system.
f8545048ece8ca8481bfdc18a36d3918bf84ddc084afd0240f23a03690f02408
Plague creates an environment that is capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.
d0c697c299afbe79b68c6fc88129c5152681cdea9beda495f35458857831f64e
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
b21e0c7cd4490e8f8b3298322e233f20a446833d396d1dbf1425841070a3a518
UDPer is a logic bomb written in ASM for Windows which floods a victim with packets at a certain date.
51b9a0b285efad03f7affe599d3191b523a7c8d338e58191576976773663182a
wuscan.c scans machines for wu-ftpd v2.60.
41a7363d1e18322f41e204724ac52e57fa76aedb7c0deeb69188eedafc9c9ca4
SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
27190bafedd46710e361a4de759ed1fb919aefd7840e72731dda48838278f0bf