exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2002-10-04

mod_ssl-2.8.11-1.3.27.tar.gz
Posted Oct 4, 2002
Site modssl.org

mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.

Changes: Updated for Apache 1.3.27 which fixes some security issues.
tags | encryption
SHA-256 | 8d0ec271ba5a8b57a38a31609fe38ed2c151ea9ec0d364126e728cdb81fc945c
awstats-5.0.tgz
Posted Oct 4, 2002
Authored by Eldy | Site awstats.sourceforge.net

AWStats is a short for Advanced Web Statistics. It's a free tool that generates advanced web (but also ftp, syslog or mail) server access statistics graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files often and quickly. It can analyze log files from IIS (W3C log format), Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar and most of all web, proxy, wap servers (and even syslog, ftp servers or mail logs). Take a look at this comparison table for an idea on differences between most famous statistics tools.

tags | web, cgi, system logging
systems | unix
SHA-256 | 044206e655ee8a88d642af8c38323392fcc4c50ee6ea04e601ff1b4c86081601
logrep-1.2.0.zip
Posted Oct 4, 2002
Site logrep.sourceforge.net

Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.

Changes: Server now supports Linux. Logfiles are now compressed to save diskspace and network bandwidth. A customizable top level overview page gives you access to your favorite graphs, reports and links to all nodes. Some minor bugfixes were made.
tags | system logging
systems | unix
SHA-256 | 23b7d1333a66a1c965c242d4db8423122ff9a8a4c677ddb911bf0c7152eca4b9
Samhain File Integrity Checker
Posted Oct 4, 2002
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.

Changes: Now includes a target to build RPM's, fixed samhain.startRedHat, fixed some bugs, allowed scheduler to accept multiple schedules.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 7657c537a6bc7e2a336650f2d4336be9ccf992a0b360eb1644489a0d3e326f24
flea.tar.gz
Posted Oct 4, 2002
Authored by skatE | Site the-diamonds.org

FLEA is a linux rootkit for all distributions.

tags | tool, rootkit
systems | linux, unix
SHA-256 | 1418ef1097de4a79f600218cad9b6a181eda2e8f9f5ed8d5e3b27b95fd6b7290
idefense.apache13.txt
Posted Oct 4, 2002
Authored by Zen-Parse, David Endler | Site idefense.com

iDEFENSE Security Advisory 10.03.2002 - Apache v1.3 before 1.3.27 contains a vulnerability in its shared memory scoreboard which allows attackers who can execute commands under the Apache UID to either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack.

tags | denial of service, local, root
SHA-256 | 1b8f434591124f806dbac5b6052e75154ad5df6e848f041cf4b42f88cb0d8f31
telnet.c
Posted Oct 4, 2002
Authored by Lion | Site cnhonker.com

SunOS 5.5, 5.5.1 and Solaris 2.6, 2.7, and 2.8 SPARC and SunOS 5.7 and 5.8 x86 /bin/login TTYPROMPT remote exploit.

tags | exploit, remote, x86
systems | solaris
SHA-256 | 6f38570fff5965430e3795883b29ecd89446facfe2854c27837e6d2ce22a4cc0
tl004.txt
Posted Oct 4, 2002
Authored by Thor Larholm | Site PivX.com

Thor Larholm security advisory TL#004 - Microsoft Windows 98 through XP contains an overflow in the Windows Help facility which allows arbitrary code execution. Denial of service exploit information included. Demonstration available here.

tags | denial of service, overflow, arbitrary, code execution
systems | windows
SHA-256 | bea9be97470c7487053026c3e2c1f3610d8ef2897d9cfc633dcf350e2450936c
bearshare.4.0.6.txt
Posted Oct 4, 2002
Authored by Aviram Jenik, Gluck, Mario Solares | Site BeyondSecurity.com

Bearshare v4.0.6 and below is contains a directory traversal bug which allows remote attackers to view any file on the system by sending a specially crafted HTTP request. Exploit URL's included.

tags | exploit, remote, web
SHA-256 | cad3d0362461a14c8ccbd95f6f1f600ac94604d550985ae00256a9005707e65c
foxpro.overflow.txt
Posted Oct 4, 2002
Authored by sk | Site scan-associates.net

Scan Associates Security Advisory - Microsoft SQL Server 7.0 and 2000 with all service packs contains an exploitable buffer overflow in the OpenDataSource function when connecting to a "Microsoft Visual FoxPro Driver". Fix available here.

tags | overflow
SHA-256 | 26e594e72485ff41b1bc279d93df4f59a5b54c044de21868a546dfab542a2cbc
brutus05.pl
Posted Oct 4, 2002
Authored by Marco Ivaldi | Site 0xdeadbeef.info

BRUTUS v0.5 is a remote TCP/IP service brute forcer. It tries to break in using TELNET, FTP and POP3 protocols. Login list generation through SMTP vrfy brute-forcing is also supported.

tags | remote, cracker, tcp, protocol
SHA-256 | ae062f6d34c14746efa6629ff0f71bb26b6530315949714ee106b88ce0a3b1d5
ward18.c
Posted Oct 4, 2002
Authored by Marco Ivaldi | Site 0xdeadbeef.info

WARD v1.8 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.

tags | tool, wardialer
systems | linux, unix, openbsd
SHA-256 | de328d9308ffc5500adcca4fe49a4be425aed38f7e62550cd8043829c52709a5
ms02-057
Posted Oct 4, 2002
Site microsoft.com

Microsoft Security Advisory MS02-057 - The Sun Microsystems RPC library in Microsoft's Services for UNIX (SFU) 3.0 on the Interix SDK contains three vulnerabilities, some of which allow remote code execution.

tags | remote, vulnerability, code execution
systems | unix
SHA-256 | 5acec35c4cedcc8aff24a306b384a7772763962d930ae71f8b073f37ff63e2fb
ms02-056
Posted Oct 4, 2002
Site microsoft.com

Microsoft Security Advisory MS02-056 - A Cumulative Patch for SQL Server 7.0, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000, and Microsoft Desktop Engine (MSDE) 2000 fix four vulnerabilities, some of which allow attackers to take complete control over the system.

tags | vulnerability
SHA-256 | 3bf76166be49ef8d4f9d411cefac284e9a953d42055775e31b63ba8cd2072d44
ms02-055
Posted Oct 4, 2002
Site microsoft.com

Microsoft Security Advisory MS02-055 - A remotely exploitable buffer overflow in the HTML Help facility in Windows allows remote code execution via web page or HTML email on all versions of Windows.

tags | remote, web, overflow, code execution
systems | windows
SHA-256 | 40085ad491b3bf7c5e066a96491cdee2d23461e4cae9eca0322bf8b25086bcb8
ms02-054
Posted Oct 4, 2002
Site microsoft.com

Microsoft Security Advisory MS02-054 - On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature has an unchecked buffer in the program that handles the decompressing of files from a zipped file, allowing code of the attackers choice to run.

systems | windows
SHA-256 | 0073160f2cd0980100428ae4c75321cad44b866e6c57d5aca764031e6e60a48a
snort-1.9.0.tar.gz
Posted Oct 4, 2002
Authored by Martin Roesch | Site snort.org

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.

Changes: New stable release with a large number of enhancements and bug fixes. This is the first release to use the "flow" keyword. Full changelog available here.
tags | tool, overflow, cgi, sniffer, protocol
systems | unix
SHA-256 | 405a94e8fcc2629b63d6e303d88e32b16e4fd2363154cf2d02bd4de74d10d041
httpd-2.0.43.tar.gz
Posted Oct 4, 2002
Site apache.org

Apache v2.0.43 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.

Changes: Fixes a cross-site scripting vulnerability in the default error page of Apache 2.0 before 2.0.43 when UseCanonicalName is "Off" and support for wildcard DNS is present which allows remote attackers to execute html and java script as other web page visitors via the Host: header.
systems | unix
SHA-256 | 340e0f3ddc87e1dd13973c52b1bc99ec86ac5b5ef5cc105cda34cc7ff32d0d93
kerb4.tar.Z
Posted Oct 4, 2002
Authored by Mudge | Site atstake.com

Kerberos 4 cracker.

SHA-256 | 1e2ec4124c5ea5abc860098482da56da54827ff1882ff0bc51e8a78488c36135
skey_paper_and_tool.txt
Posted Oct 4, 2002
Authored by Mudge | Site atstake.com

Monkey S/Key challenge/response auditor and white paper. Works similarly in nature to Alec Muffet's CRACK. In essence it takes the md4 value in either HEX or English words and compares it to a dictionary.

SHA-256 | 91361b4f1c1136c90bd9c318b67f64854190eb95ae32e1899a0166c2aa19e602
notsync.zip
Posted Oct 4, 2002
Authored by Kingpin | Site atstake.com

NotSync demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device.

SHA-256 | 7c3c502a14191792cb5a0b396a99c3ae44638139bd248d926f033f961fd04774
dcetest-2.0.tar.gz
Posted Oct 4, 2002
Authored by Dave Aitel | Site atstake.com

Dcetest is a tool which probes a windows machine over TCP port 135, dumping MSRPC endpoint information. It can be though of as the equivalent of rpcinfo -p against a Windows box. Dcetest can also be very useful once inside a DMZ to fingerprint Windows machines on the network. Similar to the rpcdump program from Microsoft, but does not need a DCE stack and so runs on Unixes.

tags | tool, scanner, tcp
systems | windows, unix
SHA-256 | 4a319a08ae0838234f5b6fbd0b4d2e0fac7560a7553a4e1b043527cc17032aa3
apache_1.3.27.tar.gz
Posted Oct 4, 2002
Site apache.org

Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed. Changelog available here.

Changes: Fixed a Cross Site Scripting vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present which allows remote attackers to execute HTML and javascript as other web page visitors via the Host: header.
systems | unix
SHA-256 | 921d6d247d3ad958a4453d6f5d00e4c8b68b958b021542ec1ad3a6c640b4bef8
sara-4.1.1.tgz
Posted Oct 4, 2002
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added test for '8-11' Windows backdoor, Updated XML interface, Updated CSV interface to include service and port, Tweaked tcpscan.sara for performance, Updated XML tag descriptions, Added MAC proxy interface, and supports new FBI/SANS Top 20 Consensus List.
tags | tool, cgi, scanner
systems | unix
SHA-256 | a661b9f271e0bf1ffb19d638027beb79af15e52c66aa40ddb44a06a329ede7c0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close