This advisory documents an anomaly involving Microsoft's Wireless Network Connection. If a laptop connects to an ad-hoc network it can later start beaconing the ad-hoc network's SSID as its own ad-hoc network without the laptop owner's knowledge. This can allow an attacker to attach to the laptop as a prelude to further attack.
f839868422e9ffeb14223e1c4f5afe8eThis is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
007b9032c081f6fef832762eec96be5eNCPQuery is an open source tool that allows probing of a Novell Netware 5.0/5.1 server running IP. It uses TCP port 524 to enumerate objects with public read access, disclosing such information as account names, server services, and other various objects. A remote attacker can gather the equivalent information provided by the console command "display servers" and the DOS client command "cx /t /a /r" without authentication. Includes a Win32 port.
8f0ebc47aeb03c48c6970c78d3275d79NMRC created this secured, Debian-based Linux distribution that has Openwall, HAP-Linux, Bastille, and many other patches and features included.
4f24c61aff0e68d20009a47d93a3c14cNMRC covert channel using ISN to transmit data from one computer to another.
20f2269b9d920ddfe33c251d2ddde505NMRC symmetric file encryptor/decryptor/wiper that includes multiple crypto choices (Rijndael, Serpent, or Twofish) and multiple secure file wiping techniques.
df7f0bda78b0682f452ef0c53c1b3180NetWare Enterprise Web Server 5.1 has a couple security problems - When NDS browsing via the web server is enabled, if an attacker can reach that server's port 80 they can enumerate information such as user names, group names, and other system information. In addition, poor handling of GET commands will allow for GroupWise WebAccess servers to display indexes of the directories instead of HTML files.
3b5768becf6d2f625d569d0330371237Packet Storm Contest Entry - Strategies for Defeating Distributed Attacks. (Text Format)
628a94c2b3abad1394a73826480b6873Object Enumeration in Novell Environments - Due to a combination of legacy support and default settings, Novell Netware servers using native IP will leak system information via TCP port 524 when properly queried. In mixed Novell/Microsoft environments, information regarding Microsoft devices is leaked via the Service Advertising Protocol (SAP) table. Third party products, such as those used to synchronize directory services between environments can further the problem. Essentially, a remote attacker can gather the equivalent information provided by the console command "display servers" and the DOS client command "cx /t /a /r" without authentication.
ed52bf34d17e54095f1b53202c9dea03NCPQuery is an open source tool that allows probing of a Novell Netware 5.0/5.1 server running IP. It uses TCP port 524 to enumerate objects with public read access, disclosing such information as account names, server services, and other various objects. A remote attacker can gather the equivalent information provided by the console command "display servers" and the DOS client command "cx /t /a /r" without authentication.
294c7dddb91d74f1e182b0d96273012cDespoof is a utility that tries to determine if a received packet is in fact spoofed by checking the TTL. This command-line utility is intended for near real-time responding (such as being triggered from an IDS). The README explains it all. This utility is based on an idea by Donald McLachlan [don@mainframe.dgrc.crc.ca] (thanks Don!). Despoof runs on most Unix systems (tested on Linux, *BSDs), and requires libnet 1.0 and libpcap 0.4.
07f2ba923e414e86b0a7dd6aee21d5b6BindView RAZOR Team Analysis of DVWSSR.DLL - The risks of having dvwssr.dll are not as severe as originally reported in media outlets Friday morning, but still severe enough that system administrators responsible for NT systems to investigate. The risks involve whether or not a certain DLL is loaded, how rights are set, and potentially how Front Page 98 is used.
741bdf7a183e2d3d358a281a462d6d51Zombie Zapper Unix version 1.2 - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
9363ce5dcef7c232049cb3939f7265b3Zombie Zapper v1.2 Windows NT Source Code - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
fb49214cec80694420e8e53705c8ea31Zombie Zapper Unix version - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
91bf249439b2af4d04cd3eafc8a082e8Razor has acquired a copy of the Windows Trojan Trinoo, the following is technical information gained from disassembling the binary.
2c3b11b28d6e18377678758fca03a8cdTfn2k password recovery tool - Tfn2k asks for a password during the build, which is used to prevent someone from recovering the password from the td or tfn binaries. Usefor for forensics, or to command a whole flood network to send you mail letting you know all the machines infected, or to command an attack to stop if you can recover a binary.
85a08d1006bc2666af3ae36a80775b53If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.
41f0416f00dfa37b2e904ad115bee208This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
887a4b39a441342a46a392bddced1aaaDistributed Denial of Service Defense Tactics - This paper details some practical strategies that can be used by system administrators to help protect themselves from distributed denial of service attacks as well as protect themselves from becoming unwitting attack nodes against other companies.
e1f0aceb853031be5bb2d08b3d12c772Packet Storm Contest Entry - Strategies for Defeating Distributed Attacks.
234c8cd4cd88e8f102eb20c093490d72Pandora v4 Beta 2.1 Netware Attack tool for Linux - Offline password auditing and Online attack for the X Windows platform on Linux. The Online software requires an IPX-aware kernel and root.
ac9f165a580e9bc451e0e66b15064028Pandora v4 Beta 2 Full Source Code for Linux.
b489e501ec9bd46220b75aa3007db7c5BETA - Documentation on using Pandora v4, with updated white papers, tips, and tricks. Included with the regular software, download this if you just wish to read the docs.
c934738488a063a95e729af1a948b9e8Pandora v4 Beta 2 Full Source Code for Windows.
72932bc7430e83bdf72c421871121c46
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed