| Main Index | Archives | Discussion Forum | Contacts & Submissions | [Packet Storm Security] Connection from gw1.firstusa.com [206.151.92.65], utilizing Mozilla/4.5 [en] (Win95; U), on Thursday, 11-Feb-1999 09:05:57 PST has been logged. New Files & Info This section last updated on Wednesday, 10-Feb-1999 13:32:32 PST Coming here from a search engine query result link? Try the search engine here then to find the file you Packet Storm Site are looking for. With a database-driven search Search engine that indexes this entire site, you're much more Basic Search Options likely to find what you're looking for with a simple query here. Hint: Simple queries like "wingate", "mscan", "BO", "hotmail", "ssh*", and "rootkit*" will provide the best results. The most recently added or modified files in our Packet Storm Survey publically accessible directories My Biggest Concern About The Internet * /~tattooman/ip-spoof/unix-spoof-code/snoof.tar.gz on Is Most Closely Wed Feb 10 13:21:20 1999 Related To * /~tattooman/detect-unix/nettest0.8.tar.gz on Tue Feb 9 22:20:57 1999 Privacy * /~tattooman/unix-audit/audit-0.2.tar.gz on Tue Feb 9 Security 22:15:28 1999 Spam * /~tattooman/exploits-Feb-99/pine4.10-remote.txt on Online Commerce Tue Feb 9 21:55:18 1999 Government * /~tattooman/exploits-Feb-99/ftpd.txt on Tue Feb 9 Regulation 21:47:51 1999 Computer Crime * /~tattooman/bo/nobo13.exe on Tue Feb 9 21:42:12 1999 Pornography * /~tattooman/exploits-Feb-99/clearcase2.txt on Tue Feb 9 21:29:20 1999 * /~tattooman/exploits-Feb-99/netscape4.5-applets.txt on Tue Feb 9 21:25:04 1999 * /~tattooman/new-exploits-99/sshd-1.x-2.x-login.txt on Tue Feb 9 21:22:11 1999 * /~tattooman/exploits-Feb-99/cf40.txt on Tue Feb 9 21:18:41 1999 Previous Polls * /~tattooman/exploits-Feb-99/ms-access97-passwds.c on Tue Feb 9 21:07:06 1999 * /~tattooman/ip-spoof/unix-spoof-code/pwrspoof.tgz on Tue Feb 9 20:32:47 1999 * /~tattooman/exploits-Feb-99/pepsi5.c on Tue Feb 9 20:31:58 1999 * /~tattooman/exploits-Feb-99/reboot.ini-passwds.txt on Tue Feb 9 11:05:24 1999 * /~tattooman/exploits-Feb-99/pine-bof-10000.txt on Tue Feb 9 10:52:58 1999 * /~tattooman/cryptography/ssh/LATEST-IS-SSH-2.0.12 on Tue Feb 9 07:38:22 1999 * /~tattooman/unix-audit/nessus-snap/nessus-990209.tgz on Tue Feb 9 07:09:47 1999 * /~tattooman/utility-unix/lread-3.0.zip on Tue Feb 9 06:05:11 1999 * /~tattooman/exploits-Feb-99/hp5crash.txt on Tue Feb 9 06:01:55 1999 * /~tattooman/exploits-Feb-99/netbsd-netstat.txt on Tue Feb 9 05:42:04 1999 Check Out The 200 Most Recently Added Files! Check Out The 1000 Most Recently Added Files! Got a program, security tool, news, announcement, or exploit to share? Email submissions to PacketStorm@Genocide2600.com. Please specify whether you want your submission to be posted with provided link and/or credit, or anonymously. Also, please make sure to review the FAQ on the Contacts & Submissions page before making any submissions. Note: Most of the files, exploits, and advisories listed on this site are updated as new information is released or submitted, but they will be listed under the original date, so please make sure to recheck anything of interest and keep your own files updated. * /*-----[Feb 10, 1999]-----*/ --------------------------------------------------------------------- * PGP 6.0.2i source code (for win and mac) - The PGP 6 source code books have now been completely scanned and proof-read, and PGPi has created an international version: PGP 6.0.2i. The source code is available for download now, and binaries for Windows & MacOS will be ready soon. 6.8-7.2 MB. From The International PGP Home Page. --------------------------------------------------------------------- * snoof.tar.gz - A DNS spoofer based on ADM's "ADMsnOOfID" code. This has been almost completely recoded, for better performance, BIND 8 compatibility, and user defined TTL. By Doc_Chaos [RoC]. --------------------------------------------------------------------- * pepsi5.c - A new improved version of pepsi, the random source host UDP flooder. --------------------------------------------------------------------- * NOBO v1.3 - NOBO is a program that detects incoming Back Orifice (BO) packets on a Windows 95/98 machine. It opens the BO port and keeps waiting for any packet coming from BO clients. Once a packet is received, NOBO logs it with information about the sender (IP address and host name). NOBO can just ignore the packet or be configured to reply back with a message. This release features pingflood detection, option to configure the computer name to be returned in fake PING replies, and several bugfixes. 73k. By Flávio Veloso. --------------------------------------------------------------------- * audit v0.2 - The audit program recursively searches through directories looking for files that may not be needed by checking permissions, names, sizes, types, ownership, links, and timestamps. 12k. By Jeff Tranter. --------------------------------------------------------------------- * nettest v0.8 - Nettest is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down. 14k. By Rene Chaddock. --------------------------------------------------------------------- * ms-access97-passwds.c - Program to check for Microsoft Access 97 database password weaknesses. --------------------------------------------------------------------- * clearcase2.txt - More security holes found in Rational Software ClearCase - race conditions result in local root compromise. --------------------------------------------------------------------- * /*-----[Feb 9, 1999]-----*/ --------------------------------------------------------------------- * ftpd.txt - Remote buffer overflows in FTP servers lead to potential root compromise. ProFTPD (1.2.0pre1) and Wuarchive ftpd (2.4.2-academ[BETA-18]). --------------------------------------------------------------------- * reboot.ini-passwds.txt - REBOOT.INI file created by Microsoft BackOffice 4.0 Setup utility exposes passwords in plaintext. --------------------------------------------------------------------- * pine-bof-10000.txt - Pine 4.x mail client Denial of Service attack due to buffer overflow. --------------------------------------------------------------------- * nmap v2.07 - The Network Mapper - See description below. This is a platform portability improvement release. 316k. By Fyodor. --------------------------------------------------------------------- * LREAD v3.0 - LREAD is a set of command line tools to read and write Linux extended 2 filesystems (Linux's standard filesystem) from DOS or Windows (3.x, 9.x or NT) running on the same machine. 224k. By Jason Hunter. --------------------------------------------------------------------- * netbsd-netstat.txt - Security hole in NetBSD netstat allows non-root users to examine any kernel memory location. --------------------------------------------------------------------- * hp5crash.txt - Denial of Service attack against HP printers. --------------------------------------------------------------------- * /*-----[Feb 8, 1999]-----*/ --------------------------------------------------------------------- * ClearCase.txt - Poor security coding leaves several race conditions and other security problems in Clear Case, a configuration management program from Rational Software. Local root compromise. "clear_waste.sh" exploit code included. By Dr Mudge, of L0pht Heavy Industries. --------------------------------------------------------------------- * WinNT Forensic Toolkit v1.1 - The Forensic ToolKit™ contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. Notable features: AFind - lists files by their last access time without tampering the data, can be used with ntlast to determine all user activity, even if file logging is/was not enabled; HFind - scans disks for hidden files; SFind - scans disks for hidden data streams and lists the last access times; FileStat - quick dump of all file and security attributes; Hunt - quickly check to see if server reveals too much info via NULL sessions. 275k. By NT OBJECTives, Inc.. --------------------------------------------------------------------- * Net-RawIP v0.05b - Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. This release is ported to Perl 5.005 and *BSD, has numerous bugfixes, implements the function called "linkoffset", has a _real_ traceroute script, oshare script (kills Win98 dead), and more. 26k. By Sergey V. Kolychev. --------------------------------------------------------------------- * RCR Bot v1.1 - RCR Bot is a plug-in for Back Orifice. It is an IRC client, Channel Bot style. The client is fully customizable and once installed on the BO'ed machine and logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. This version has its own ident server installed. 77k. By Zhenya. --------------------------------------------------------------------- * Colorlogs v1.0 - Colorlogs color codes your logfiles for simpler reading. Sit at a distance and watch for specified colors in the logfile output to alert you of unusual activity. By J-Dog. --------------------------------------------------------------------- * cf40.txt - Cold Fusion v4.0 security - A variety of security holes described in Cold Fusion v4.0. By .rain.forest.puppy.. --------------------------------------------------------------------- * pgp4pine v1.47 - Latest release of PGP shell interface for pine mail client for Linux. 52k. By Chris Wiegand. --------------------------------------------------------------------- * "Security - Hacking Methodology" - A paper that attempts to analyze "hacking" as an operations research problem with a mathematical foundation. By CyberTrace. --------------------------------------------------------------------- * "Incremental Information Integrity" - An interesting paper that rationalizes network security by dividing network information into four categories and then assigning each layer/category a part in a traditional hacking scenario. By CyberTrace. --------------------------------------------------------------------- * nmap v2.06 - The Network Mapper - This is a recommended upgrade "quick fix" release. New features include: Added the squid proxy to nmap-services, nmap looks in more places for nmap-os-fingerprints, fixed memory allocation bugs, improved compatibility with larger variety of platforms. 315k. By Fyodor. --------------------------------------------------------------------- * pine4.10-remote.txt - Remote execution of arbitrary code *still* possible with the latest release of Pine, v4.10. --------------------------------------------------------------------- * nmap v2.05 - The Network Mapper - nmap is a utility for port scanning large networks, although it works fine for single hosts. General features include: Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses packet filters), UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, and output to machine parseable or human readable log files. This latest release features: Over 25% more OS fingerprints, Nmap now comes with its own nmap-services, Increased the maximum number of OS guesses nmap will make, Random number generation now takes advantage of the /dev/urandom or /dev/random, Machine parseable logs are now more machine parseable, nmap-fingerprintinting-article, CHANGELOG file, updated docs, many bugfixes, code optimizations, much more. This is one of the most useful security tools ever created. Your security/network toolbag is incomplete without nmap! Check out the nmap directory for lots of nmap "add-ons" and accessories. 315k. By Fyodor. --------------------------------------------------------------------- * ku v1.1p2-3 - KU (killuser) is a utmp based shell admin utility similar to slay, for maintaining shell logins, based on anything from idle time, tty, user name, user group, user GID, if they are telnetted in, and more. Bugfixes and code optimization with this release. 39k. By Nathan Benson and Gage Cartman. --------------------------------------------------------------------- * The Freefire Project - The Freefire Project: Support for Developers of Free Security Solutions. This is an excellent web site / portal for finding free IT Security Solutions. The primary focus is to support developers, designers and security experts in the usage of free software. Bernd has just released Freefire Bulletin #4, which can be found on the web site, and has made plenty of updates to the site recently. By Bernd Eckenfels. --------------------------------------------------------------------- * Autobuse - snapshot918416038 - Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like. 17k. By Grant Taylor. --------------------------------------------------------------------- * Descent into Microsoft (Part 1), By Jon Splatz - Hilarious article about the adventures of Jon Katz ... err ... Splatz in obtaining an elusive Windows refund. By James S. Baughn. --------------------------------------------------------------------- * !BOF! Back Orifice Freeze v1.20.1011 - BOF is a program which listens on UDP port 31337 (or a port of your choice - port 31337 since this is the default listening port for a BO server) for BO client packets. It then sends malformed data packets back to the client using the correct encryption key causing major problems (BO client "freezes up" and the process has to be killed) for the BO client user. This release features NetBus logging and bugfixes. 148k. By Wacky Zany Crazy Productions. --------------------------------------------------------------------- * /*-----[Feb 7, 1999]-----*/ --------------------------------------------------------------------- * SecureCRT 2.3.2 (Official Release) - SecureCRT is a 32-bit terminal emulator designed for Internet and intranet use with support for SSH (Secure Shell), telnet and rlogin protocols. SecureCRT's SSH support includes Blowfish, DES, 3DES, and RC4 ciphers; and, both password and RSA authentication. VT100, VT102, VT220 and ANSI terminal emulations (color too). Features include: port forwarding, named sessions, auto login, printing, zmodem file transfer, emacs mode, and SOCKS firewall support. New features in SecureCRT 2.3 include X11 forwarding, SSH compression, support for connections through TIS plug-gw, and much more. For Windows95/98/NT. 1.2MB. By Van Dyke Technologies, Inc.. --------------------------------------------------------------------- * Protolog v1.0.7 - Protolog (The Internet Protocols logger) is a set of three daemons that logs incoming IP/TCP, IP/UDP and IP/ICMP packets. Also produces detailed logs. 28k. By Diego Javier Grigna. --------------------------------------------------------------------- * nessus-990207.tgz - daily snapshot of Nessus-stable Nessus is a free, open-sourced and easy-to-use security auditing tool. See below for information about the latest plugins and snapshots. 543k. The Nessus Project. --------------------------------------------------------------------- * Nessus vulnerabilities checklist The Nessus plugin list, updated daily now along with the latest snapshot of nessus-stable CVS source trees. Now with 187 plugins listed. 83k. The Nessus Project. --------------------------------------------------------------------- * Nessus CVS source tree snapshot mirror - Packet Storm Security will be providing a mirror of the daily Nessus CVS source tree snapshots, along with daily updates of the Nessus plugin list. Nessus is an excellent security auditing tool that is being actively developed on a daily basis. The Nessus Project. --------------------------------------------------------------------- * - Any local user can cause an Alpha Linux machine to reboot, lock up or become unstable. Discovered by KSR[T]. --------------------------------------------------------------------- * System Recovery v1.02 - This is a simple program that can be used to set a database of important system files, and then compare them to see if any were hacked and changed with trojans binaries. 40k. By Patrick Lambert. --------------------------------------------------------------------- * firewall.sh v1.0 - A console menu-based script to configure a firewall on Linux 2.0 system using ipfwadm. 8k. By Patrick Lambert. --------------------------------------------------------------------- * /*-----[Feb 6, 1999]-----*/ --------------------------------------------------------------------- * watchdog v4.3 - watchdog is a daemon that monitors systems processes and loads, and will automatically reboot a server if the load rises above a defined level. Very useful tool. 96k. By Michael Meskes. --------------------------------------------------------------------- * Traceroute-Ulmo v5 - Parallel and improved traceroute (goes fast even on bad channels). 109k. By Bradley Ward Allen. --------------------------------------------------------------------- * Thermoprog - Thermoprog is a bruteforce password cracker for Angelfire password reminder. If you can't crack the real password, maybe you'll have more luck with the Password Hint Question. Coded in Java, and utilizes the Java virtual machine (download JDK or JRE). 6k. By Terminator. --------------------------------------------------------------------- * ssh v2.0.12 - SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, and rdist. Changelog. 1.1MB By Tatu Ylonen. --------------------------------------------------------------------- * spoof.0.1.tar.gz - Latest release of Spoof Library project by Fyodor, now supports IP/UDP/TCP spoofing. 10k. By CyberPsychotic. --------------------------------------------------------------------- * slmail3.1.txt - Several Denial of Service attacks exist in SLMail 3.1 due to buffer overflows. Exploit description included; no fix from vendor yet. Discovered by eEye Digital Security Team. --------------------------------------------------------------------- * router-tcpaccess-DoS.txt - Potential Denial of Service attack against wide variety of routers. Preliminary alert, exploit code included, Cisco and other vendors are investigating. Discovered by HD Moore. --------------------------------------------------------------------- * random-stack.text - "Protecting Against Some Buffer-Overrun Attacks" - An excellent analysis of buffer overruns, with example exploit code included. By Richard Kettlewell. --------------------------------------------------------------------- * nobo-DoS.txt - NOBO, the Back Orifice scan detector, has a serious buffer overflow that can result in simple Denial of Service attack against NOBO users. Exploit code included. --------------------------------------------------------------------- * netscape4.5-nsform.tmp.txt - Netscape 4.5* dumps NSFORM*.TMP file in the temp directory, and does not delete it as should be done. Personal information from form submissions, such as credit card and social security card numbers, exposed. Double check that security at your local library or cybercafe. Discovered by SKYLAB.ORG. --------------------------------------------------------------------- * ms-access-97-passwords.txt - Microsoft Access 97 databases protected with a password are stored in foreign mdb's table attachements as plaintext. This can be accessed very easily by issuing a strings and grep operation on the foreign mdb. Discovered by Donald Moore (MindRape), of Damaged Cybernetics. --------------------------------------------------------------------- * mod_ssl v2.2.2-1.3.4 - mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the SSL/TLS implementation library SSLeay. Quick bugfix release. 549k. By Ralf S. Engelschall. --------------------------------------------------------------------- * mod_ssl v2.2.1-1.3.4 - mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the SSL/TLS implementation library SSLeay. SSLProtocol directive; HowTo user manual chapter added. 549k. By Ralf S. Engelschall. --------------------------------------------------------------------- * mcrypt v2.1.7 - A replacement for the old unix crypt(1) command. Mcrypt uses the following encryption (block) algorithms: Blowfish, DES, TripleDES, 3-WAY, SAFER-SK64, SAFER-SK128, CAST-128 TEA (extended) and GOST. CBC and ECB modes of encryption are supported. Compatible with the old unix crypt. 241k. By Nikos Mavroyanopoulos. --------------------------------------------------------------------- * Libnet v0.10a - Libnet is a collection of routines to help with the construction and handling of network packets. It provides a portable framework for low-level network packet writing and handling. Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary and complementary functionality. 83k. By route. --------------------------------------------------------------------- * ippl v0.11 IP protocols logger - Highly configurable IP protocols logger (ICMP, TCP, UDP). 23k. By Hugo Haas and Etienne Bernard. --------------------------------------------------------------------- * Net-RawIP v0.05a - Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. This release is ported to Perl 5.005 and *BSD, has numerous bugfixes, implements the function called "linkoffset", has a _real_ traceroute script, oshare script (kills Win98 dead), and more. 26k. By Sergey V. Kolychev. --------------------------------------------------------------------- * Nessus snapshots served up daily now! - The Nessus Project CVS server now has an FTP server where you can retrieve a daily snapshot of the CVS source tree. Head to ftp://cvs.nessus.org/pub/nessus-cvs/ at 00:00:00 GMT for your fresh snapshot of this excellent free, open-source security auditing tool. Easy to use, great user interface, and over 180 plugins now! By The Nessus Project. --------------------------------------------------------------------- * Security Scene Errata Updates - The security professionals at ATTRITION have found and exposed more errors, lies, and charlatans in the computer security industry. They don't seem to miss anything and always have some excellent observations. --------------------------------------------------------------------- * windows-FAT-recursion.txt - Windows FAT Filesystem Advisory: Recursive directory creation can be used as a Denial of Service attack against Windows* servers that allow anonymous FTP upload, and any that allow users to create directories and execute files. By xm, of Geek Mafia. --------------------------------------------------------------------- * CERT Advisory CA-99.02 - Trojan Horses - This is an actual CERT advisory, just released on 2/5/99, stating that "any system can be affected by Trojan horses". I thought it was a joke at first, a spoofed email, but CERT is finally getting around to releasing a generic advisory about trojan horses, and only 3,500 years after the concept of trojan horses was first implemented by the Greeks. This one goes in the humor section; sorry CERT. --------------------------------------------------------------------- * /*-----[Feb 5, 1999]-----*/ --------------------------------------------------------------------- * Why does Friday have to be so damned busy? Work and school take up way too much time. Go get some gourmet brainfood at NewsTrolls while we work on the massive update to this section, which will all be dumped into Saturday, 02/06/99. -- ken, Sat Feb 6 03:18:03 UTC 1999 --------------------------------------------------------------------- * /*-----[Feb 4, 1999]-----*/ --------------------------------------------------------------------- * NetGuard v1.0.0 - The NetGuard package consists of two small programs (TCPguard and UDPguard) that detect TCP and UDP connections/packets. Using route's libnet, netguard is able to kill connections, detects half-open TCP connections, LAND attcks, WINNUKE attacks, HPING packets, QUESO probes, SYN-floods, PORTD scans, and more. By Monk. --------------------------------------------------------------------- * NTLast™ v2.5 - Latest version of NTLast, this release features IIS administration functionality by incorporating username searches, IIS and SMB activity filtering from command line, IIS activity command line searches made easy, substantial speed increases and code optimization, new switches. By NT OBJECTives, Inc.. --------------------------------------------------------------------- * NTO Scanner™v1.2 - NTO Scanner™ is a fast TCP/IP port scanner for Windows NT, with ablitiy to test for port detail leaks. Plenty of great features and configuration options. By NT OBJECTives, Inc.. --------------------------------------------------------------------- * NTLast v1.5 - NTLast is a security audit tool for Windows NT. It's a Win32 command line utility with several switches that search the event log for Interactive/Remote/Failed logon stats. 211k. By NT OBJECTives, Inc.. --------------------------------------------------------------------- * WinNT Forensic Toolkit - The Forensic ToolKit™ contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. Notable features: AFind - lists files by their last access time without tampering the data, can be used with ntlast to determine all user activity, even if file logging is/was not enabled; HFind - scans disks for hidden files; SFind - scans disks for hidden data streams and lists the last access times; FileStat - quick dump of all file and security attributes; Hunt - quickly check to see if server reveals too much info via NULL sessions. 272k. By NT OBJECTives, Inc.. --------------------------------------------------------------------- * traffic-vis v0.30 - traffic-vis is a network monitoring/auditing tool that can plot communications between hosts on a TCP/IP network, and quickly answer questions such as Who is saturating your Internet link. This version is a major rewrite, splitting the program up into several smaller tools. 40k. By Damien Miller. --------------------------------------------------------------------- * ntop v1.1cr1 - ntop v1.1cr0 [Candidate Release #1] - ntop is a Unix tool that shows the network usage, similar to what the popular top Unix command does. Has an interactive mode and a web mode for greater functionality and options, shows network traffic sorted according to various criteria, displays traffic statistics, shows IP traffic distribution among the various protocols, analyses IP traffic and sorts it according to the source/destination, displays IP Traffic Subnet matrix (who's talking to who?), reports IP protocol usage sorted by protocol type. Protocols recognized: TCP, UDP, ICMP, IPX, Decnet, AppleTalk, FTP, HTTP-IC (Internet Cache a.k.a. squid), DNS, Telnet, Netbios (including Netbios-over-IP), POP, SNMP, NFS, X11, DLC, RARP/ARP. Latest snapshot, completely multi-threaded, symaphore utilization, asynchronous address resolution, bugfixes. 224k. By Luca Deri and Stefano Suin. --------------------------------------------------------------------- * SNMP::Monitor v0.1008 - SNMP::Monitor - A Perl module for watching interface status, logging interface utilization and arbitrary other SNMP queries. Features: add or delete routers from or to a set of managed routers, start a permanently running monitor that is watching your interfaces and can do logging into a database, display a graphical view of the interface utilization via the WWW, show interface statistics, includes an access control system that restricts access to given users based on interface and/or host. 27k. By Jochen Wiedmann. --------------------------------------------------------------------- * Net-RawIP v0.05 - Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. This release is ported to Perl 5.005 and *BSD, has numerous bugfixes, implements the function called "linkoffset", has a _real_ traceroute script, oshare script (kills Win98 dead), and more. 23k. By Sergey V. Kolychev. --------------------------------------------------------------------- * Gate v0.1.4 - Gate is a Unix based network security scanner that incorporates the use of lxdialog to provide a range of tests on remote hosts specified by either an ip range or a single system. 53k. By Stas Lanford, of Tishina Syndicate. --------------------------------------------------------------------- * dirwatch101.c - dirwatch101 monitors a directory and all the files in it for any changes, any files that have new data added to them, that data logged to a file. By ajax. --------------------------------------------------------------------- * lsh-snapshot-1999-01-08 - lsh is a GPL'd implementation of the ssh protocol version 2. It is under active development. 275k. By Niels Möller. --------------------------------------------------------------------- * lsh-snapshot-1999-01-05 - lsh is a GPL'd implementation of the ssh protocol version 2. It is under active development. 267k. By Niels Möller. --------------------------------------------------------------------- * NT4ALL v1.01 - The NT4ALL tool lets any user log into an NT machine with any password. Every user that has WRITE access to the \WINNT\SYSTEM32 directory can use this tool (even GUEST user). Now works on NT4+SP4. 78k. By 9. --------------------------------------------------------------------- * pcapture v0.2.1 - pcapture is a tool for capturing packets from the network. 83k. By Lawrence Berkeley National Laboratory. --------------------------------------------------------------------- * tcpslice v1.1a3 - tcpslice is a tool for extracting portions of packet trace files generated using tcpdump's -w flag. 94k. By Lawrence Berkeley National Laboratory. --------------------------------------------------------------------- * ku v1.1p2-2 - ku (killuser) is a utmp based shell admin utility for maintaining shell logins, based on anything from idle time, tty, user name, user group, user GID, if they are telnetted in, and more. New features added, including minor changes and bug fixes. 39k. By Nathan Benson and Gage Cartman. --------------------------------------------------------------------- * pgp4pine v1.46 - Latest release of PGP shell interface for pine mail client for Linux. 53k. By Chris Wiegand. --------------------------------------------------------------------- * WebRamp M3 Perceived Bug? - Check the bottom half of this file for WebRamp's reply to the original posting to BugTraq (in the same file) about serious security problems with the WebRamp M3 router. *sniff sniff*....I smell corporate marketing bullshit. --------------------------------------------------------------------- * The OSKit - Rolling your own Operating System? This maybe what you want - "The OSKit is a framework and a set of 31 component libraries oriented to operating systems, together with extensive documentation. By providing in a modular way not only most of the infrastructure "grunge" needed by an OS, but also many higher-level components, the OSKit's goal is to lower the barrier to entry to OS R&D and to lower its costs. The OSKit makes it vastly easier to create a new OS, port an existing OS to the x86 (or in the future, to other architectures supported by the OSkit), or enhance an OS to support a wider range of devices, file system formats, executable formats, or network services. The OSKit also works well for constructing OS-related programs, such as boot loaders or OS-level servers atop a microkernel." Too cool. --------------------------------------------------------------------- * OpenBIOS - Free Your System - Now this is a kickass idea! From the web site: "PCs have had BIOSes since the dawn of time. And since the beginning, they have been DOS-specific, 16-bit, real-mode, etc. -- not something that a modern OS such as Linux, Hurd, or BSD can use. The OpenBIOS group intends to create a free BIOS for PCs." --------------------------------------------------------------------- * SECURED and SeOS - Two interesting products to hit the commercial security market recently: SeOS - Security Monitor, and SECURED - software that is claimed to offer virtually complete, blanket protection of all services. One patch for everything??? SECURED uses "two proprietary technologies", namely "STOP (Stack Overflow Protection) which prevents damage from buffer overflow attacks, one of the most common system hacks" and "DSX (Dynamic Security Extension) which eliminates the many vulnerabilities associated with the all-powerful root and administrator accounts". They sell AbirNet SessionWall-3 too, btw. No source code, "proprietary technologies", vague descriptions, meaningless endorsements, and those pictures that so simplify information security. SECURED *might* look like a reasonable security solution if I started drinking and smoking crack. By MEMCO. (Thanks to HNN for the heads up on this one). --------------------------------------------------------------------- * /*-----[Feb 3, 1999]-----*/ --------------------------------------------------------------------- * The Hack FAQ - By Simple Nomad, 1-31-99 (read html version) - This FAQ is intended to show and explain the steps and techniques behind hacking. While it serves both admin and hacker alike, the perspective is from the intruder. An excellent and very comprehensive FAQ/tutorial. By Simple Nomad, of Nomad Mobile Research Centre (NMRC). --------------------------------------------------------------------- * The Hack FAQ - By Simple Nomad, 1-31-99 (d/l zipped txt version)- This FAQ is intended to show and explain the steps and techniques behind hacking. While it serves both admin and hacker alike, the perspective is from the intruder. An excellent and very comprehensive FAQ/tutorial. 99k. By Simple Nomad, of Nomad Mobile Research Centre (NMRC). --------------------------------------------------------------------- * Big Brother v.1.09a (source code for UNIX) - Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts it's own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. Features: Web-based status display, Configurable warning and panic levels, Notification via Pager or email, Support for grouping of machines, Support for modem monitoring, Selectable paging delays, Heterogeneous Network Support. Monitors: dns nntp ftp smtp and pop3 testing, connectivity via ping, http servers up and running, disk space usage, uptime and cpu usage, essential processes are still running, messages and warnings. New with this release: notification acknowledgements, HTMLized status logs, configurable notification options, support for more OSes, better installation procedures, support for specific disk partition monitoring, support for compressed grouping output, full df and HTTP output, all internet services are paged now, noping option allows ping test to be disabled, Y2K compliant, touchtime completely replaces Unix touch command, support for dns server checking using the dns keyword, support for Display grouping of machines, ability to test web pages via proxy servers, improved security, much more. 137k. By The MacLawran Group Inc. --------------------------------------------------------------------- * xnec_lpc.c - Linux /usr/bin/lpc (PLP Line Printer Control program) contains buffer overflow with local root compromise. Exploit code and patch fix included. --------------------------------------------------------------------- * ws_ftp-DoS.txt - WS_FTP Server Remote Denial of Service Attack. Exploit example included. Discovered by eEye Digital Security Team. --------------------------------------------------------------------- * linux2.2.1-proc-smp-race-sniffer.txt - Detailed descriptions of SMP /proc race conditions in Linux 2.2.1 kernel. Patches and Linux-2.2.1 /proc SMP race sniffer exploit code included. --------------------------------------------------------------------- * netscape4.5-applets.txt - Netscape 4.5 does not properly handle untrusted Java runtime code (applets), and potentially leaves client user vulnerable when malicious Java applet code secretly opens socket connections. Simple exploit code example and solution included. --------------------------------------------------------------------- * netstation.navio.comm-rte.txt - AIX netstation.navio-com.rte v1.1.0.1 used for the Navio NC browser contains serious NFS-related security hole, when default configuration script is used. Test and fix included. --------------------------------------------------------------------- * mcrypt v2.1.6 - A replacement for the old unix crypt(1) command. Mcrypt uses the following encryption (block) algorithms: Blowfish, DES, TripleDES, 3-WAY, SAFER-SK64, SAFER-SK128, CAST-128 TEA (extended) and GOST. CBC and ECB modes of encryption are supported. Compatible with the old unix crypt. 241k. By Nikos Mavroyanopoulos. --------------------------------------------------------------------- * MindTerm v0.98 - MindTerm is a complete ssh-client in pure java. It can be used either as a standalone java-application or as a java-applet. Three packages of importance are provided, terminal, ssh, and security. The terminal package is a rather complete vt102/xterm-terminal. The ssh-package contains the ssh-protocol and also "drop-in" socket replacements to use ssh-tunnels transparently from a java application/applet. It also contains functionality to realize a ssh-server. Finally the security package contains RSA, DES, 3DES, RC4 and Blowfish ciphers. 184k. By MindTerm web site. --------------------------------------------------------------------- * No Security is Bad Security - Very interesting and detailed description of the consequences faced when security is ignored, and general precautions that should be taken to improve computer/information security. --------------------------------------------------------------------- * The Rules of DisInformation - The Politician's Credo - A complete guide to the "arts" of social engineering, FUD, and disinformation, for the aspiring politician, or anyone else who desires to crush the rest of the world, one person at a time, to succeed. --------------------------------------------------------------------- * lanlord v0.2-1 - Lanlord dhcpd lease reporting program is designed to let you know who has what address lease to which machine. It runs on the DHCP Server as a CGI and uses CSS to modify output. 3k. lanlord web site. --------------------------------------------------------------------- * ku (killuser) v1.1pre2 - ku (killuser) is a utility for maintaining shell logins, based on anything from idle time, tty, user name, user group, user GID, if they are telnetted in, and more. (what a cool program name, eh?) 39k. By Nathan Benson and Gage Cartman. --------------------------------------------------------------------- * "Another Paper on Linux Security" - Yes, another whitepaper on Linux security. This is a good place to start reading when you decide to get serious and lock down your Linux box. By Bronc Buster. --------------------------------------------------------------------- * "Audits from hell" - "Find out how to avoid those audit nightmares" - An excellent, very insightful excerpt from Carole Fennelly's "Wizard's Guide To Security". One of those "must-read" articles. Published online by SunWorld Magazine. --------------------------------------------------------------------- * The Ten Commandments of Computer Ethics - This is an old, but very meaningful (or should be!) list of rules regarding "computer ethics", that should always be kept in mind by anyone who even thinks of touching a keyboard. From the Computer Ethics Institute, Washington, D.C. --------------------------------------------------------------------- * HP-UX: A Security Overview, Part One - Excellent whitepaper on HP-UX security, covering many of the basics. By tip. --------------------------------------------------------------------- * HP-UX: A Security Overview, Part Two - Excellent whitepaper on HP-UX security, covering many of the basics. By tip. --------------------------------------------------------------------- * /*-----[Feb 2, 1999]-----*/ --------------------------------------------------------------------- * BSB-Monitor v1.0 - BSB-Monitor is a very simple network monitor. It scans the network periodically and offers the result as an HTML page and an easily parseable status file. 3k. By Darko Krizic. --------------------------------------------------------------------- * Autobuse - snapshot917980385 - Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like. 17k. By Grant Taylor. --------------------------------------------------------------------- * TCP Chorusing in the Windows 9x TCP/IP Stack - Flaws in the Windows 9x TCP/IP Stack can lead to Denial of Service attacks - this issue is not new, but the problems described by Dan Kaminsky in this article are. By Dan Kaminsky. --------------------------------------------------------------------- * Nessus Vulnerability Checklist - This checklist, with excellent descriptions of over 180 of the most common and serious vulnerabilities, is useful not just for Nessus users, but for anyone who is in the process of closing security holes and locking down systems. By The Nessus Project. --------------------------------------------------------------------- * Big Brother v.1.09 (source code for UNIX) - Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts it's own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. Features: Web-based status display, Configurable warning and panic levels, Notification via Pager or email, Support for grouping of machines, Support for modem monitoring, Selectable paging delays, Heterogeneous Network Support. Monitors: dns nntp ftp smtp and pop3 testing, connectivity via ping, http servers up and running, disk space usage, uptime and cpu usage, essential processes are still running, messages and warnings. New with this release: notification acknowledgements, HTMLized status logs, configurable notification options, support for more OSes, better installation procedures, support for specific disk partition monitoring, support for compressed grouping output, full df and HTTP output, all internet services are paged now, noping option allows ping test to be disabled, Y2K compliant, touchtime completely replaces Unix touch command, support for dns server checking using the dns keyword, support for Display grouping of machines, ability to test web pages via proxy servers, improved security, much more. 137k. By The MacLawran Group Inc. --------------------------------------------------------------------- * smashdu.c - Digital Unix Buffer Overflow Exploits - Digital Unix 4.0x with the new executable bits on the stack and heap contains numerous remote and local buffer overflows, resulting in remote and local root compromises. --------------------------------------------------------------------- * Net::Nessus::Client perl module v0.04 - Perl-based Nessus Security Scanner Client application that can be used as a non-GUI replacement for other Nessus Client applications, and used to open requisite connections with NessusD Servers. Net-Nessus-0.04.readme. 15k. By Jochen Wiedmann. --------------------------------------------------------------------- * NetGuard v0.0.3 - The NetGuard package consists of two small programs (TCPguard and UDPguard) that detect TCP and UDP connections/packets. This latest release uses route's libnet, is able to kill connections, uses bitmasks to get flags, detects Queso connection attempts, has better SYN-flood detection code, more. By Monk. --------------------------------------------------------------------- * cprobe.sh v1.0 - cprobe v1.0 mass cgi scanner shell script. There are plenty of cgi vulnerability scanners on the Net, but this one has some really nice features: scans for over 23 cgi scripts with known security vulnerablities, checks for httpd version information, if server is running frontpage extentions checks for 4 major pwd files, scans a single host or a list of hosts, reports whether file is not found, access is forbidden, a server error was encountered, or connection timed out, logs findings to individual files. Requires netcat. By headflux (hf@efnet). --------------------------------------------------------------------- * Net-RawIP v0.04e - Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. 22k. By Sergey V. Kolychev. --------------------------------------------------------------------- * mcrypt v2.1.5 - A replacement for the old unix crypt(1) command. Mcrypt uses the following encryption (block) algorithms: Blowfish, DES, TripleDES, 3-WAY, SAFER-SK64, SAFER-SK128, CAST-128 TEA (extended) and GOST. CBC and ECB modes of encryption are supported. Compatible with the old unix crypt. 230k. By Nikos Mavroyanopoulos. --------------------------------------------------------------------- * Information Systems Security Organization (ISSO) / NSA Comparison of Commercial and Government Intrusion Detection and Network Secruity Tools - Exactly what the title says - note that this is in Microsoft Access database format. Part of the CIDER Project. --------------------------------------------------------------------- * How To Break Out of Restricted Shells and Menus, v2.3 - An excellent whitepaper detailing methods for breaking out of virtually any kind of restricted shell or menu you might come across. By the infamous ET LoWNOISE, of Colombia, S.A.. --------------------------------------------------------------------- * UNIX & Computer Humor Gallery Updates - More images have been added to the UNIX & Computer Humor Image Gallery in the UNIX & Computer Humor Archives. Once again, thanks to attrition.org for some of the images. --------------------------------------------------------------------- * Innerpulse News Network is back! - Siko and the Innerpulse News Network are back, still waiting for the innerpulse.com domain name to be switched over, but back nonetheless. --------------------------------------------------------------------- * /*-----[Feb 1, 1999]-----*/ --------------------------------------------------------------------- * Chronicle Remote Registry Query Tool v1.0b - Chronicle Remote Registry Query Tool - This utility will determine the current service pack/hotfix level of all Windows NT machines on in your NT domain. Chronicle's filtering feature allows you to check for the existence of hotfixes that only relate to your current configuration. Chronicle.dat status: The version shipped with chronicle.zip does not yet need updating. 1.1MB. By Rhino9 - Security Research Team. --------------------------------------------------------------------- * Chronicle v1.0b Source Code - Chronicle Remote Registry Query Tool Source Code. 50k. By Rhino9 - Security Research Team. --------------------------------------------------------------------- * Libnet v0.10 - Libnet is a collection of routines to help with the construction and handling of network packets. It provides a portable framework for low-level network packet writing and handling. Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary and complementary functionality. 83k. By route. --------------------------------------------------------------------- * Nessus 990201 UNIX Security Scanner - Latest release of Nessus - a security scanner that scans a given network, searching for vulnerabilities which could be exploited by some remote intruder. Excellent security auditing tool with a client/server architecture, over 180 plugins. New with this release: More plugins, A ciphered layer between the server and the client, Plugins intercommunication (for faster tests), many bug fixes, GTK 1.1.x compatibility (yes, it's still compatible with GTK 1.0.x), much more. Download gtk and gmp2 library (needed for the ciphered layer). For UNIX. 525k. md5 sum: 2e3f0f57d8ef6a876409fcf81ccc0c40 By The Nessus Project. --------------------------------------------------------------------- * ippl v0.8 IP protocols logger - Highly configurable IP protocols logger (ICMP, TCP, UDP). 21k. By Hugo Haas and Etienne Bernard. --------------------------------------------------------------------- * Slurpie v2.0b distributed password cracker - Slurpie is a passwd file cracker similar to CrackerJack and John the Ripper except that it runs in a distributed environment. It supports file based and generated dictionary comparison. 8k. By Adam Klosowicz. --------------------------------------------------------------------- * spoofscan.c - "Spoofs" your IP as another box on your ethernet segment, portscans a host "from" that ip, sniffs responses from the host. "Proof of Concept" program. 8k. By jsbach. --------------------------------------------------------------------- * [N]Curses Hexedit v0.9.1 (for *nix) - Curses Hexedit is a full screen hex editor using the curses, ncurses (4.2), or pdcurses library. Features: familiar setup, similiar to Norton's Diskedit, File Selection widget for selecting a file to edit, allows Inserting and Deleting bytes from the file, fast boyer-moore string and byte searches, Undo - keeps track of all changes, reverting back to original always possible, base conversion/calculator utility built in, portable. 91k. By Adam Rogoyski. --------------------------------------------------------------------- * (pd)Curses Hexedit v0.9.1 (DOS version) - See description above. 129k. By Adam Rogoyski. --------------------------------------------------------------------- * NT4ALL ver 1.0 - The NT4ALL tool lets any user log into an NT machine with any password. Every user that has WRITE access to the \WINNT\SYSTEM32 directory can use this tool (even GUEST user). 77k. By 9. --------------------------------------------------------------------- * lsof v4.40 - Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. Changes: Corrected problems with large device number handling for 64 bit Solaris 7, added more /dev/kmem-based Linux glibc evasions and some bugs have been fixed. 686k. By Vic Abell. --------------------------------------------------------------------- * Trinux Tools Page - Lots of updates made to the Trinux Tools Page. Trinux web site, Trinux ftp. MD Franz is the Trinux Project Leader. --------------------------------------------------------------------- * /*-----[Past News]-----*/ --------------------------------------------------------------------- * New Files For January 19-31 '99 --------------------------------------------------------------------- * New Files For January 1-18 '99 --------------------------------------------------------------------- * New Files For December '98 --------------------------------------------------------------------- * New Files For November '98 --------------------------------------------------------------------- 15644Feb/11/1999195.57.132.4