pmdump.exe is a tool that dumps memory for a specified process to a file (as opposed to tools like memdump and dd which dump all of the RAM at once). It is useful for auditing things that might store passwords in memory (for example, VPN clients, email clients, and instant-messaging applications).
94c49f4cc016507e13114f00dcc62054PromiscDetect for Windows NT 4.0 / 2000 / XP checks if your network adapter(s) is in promiscuous mode or not (that is, in most cases, if a sniffer is running on the computer or not). Of course the attacker might be intercepting the communication between the tool and the adapter, making the result unreliable, but there are probably many more cases out there where the tool will really detect a sniffer.
117ec27602980ae13307a7c2021a5d90Sqldict is a dictionary attack tool for Microsoft SQL Server which lets you test if the accounts are strong enough to resist an attack or not.
0895cc3c5abeeec189431c9ed11fb307WinZapper is a tool which allows you to erase event records selectively from the Security Log in Windows NT 4.0 and Windows 2000. Winzapper FAQ available here.
a65ff77e71977ded0fe4fa4964f33c48AckCmd is a special kind of remote Command Prompt for Windows 2000. It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through a firewall in some cases. More information can be found in the ACK Tunneling Trojans paper.
3bbbc2ffe5b7a002556c3f97a35bf45aSnitch turns back the asterisks in password fields to plaintext passwords.
f517d5537ab9dde173081af6df01f70fInzider v1.2 shows which processes listen at which ports, and can be used to find Back Orfice 2000 when it is hidden in another process. This is like LSOF for Windows 95/98, Windows NT 4.0 and Windows 2000.
0d46638e9baca3a8fd88dca08251d120FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.
9a55ee09bba39df20b06092fe138e7bdThe "Strip Script Tags" feature in Firewall-1 can be circumvented by adding an extra less than sign before the SCRIPT tag. The code will still execute in both Navigator and Explorer.
f6ba91a8013bd49f0441d329466bf7ceA vulnerability has been found that the installation of Internet Explorer 5 introduces in Windows NT through the Task Scheduler service. This vulnerability makes it possible for a User to become a member of the Administrators group if he/she can do an interactive logon. The Task Scheduler service is an "improved" version of the usual Schedule service - they are not the same thing. The Schedule service is replaced by the Task Scheduler when Internet Explorer 5 is installed on Windows NT. Microsoft security bulletin 51 addresses this issue and is available here.
e9991d8c19541097d8ee637e3fdb62a5DelGuest deletes the built-in Guest account in Windows NT. This account is supposed to be impossible to delete, and it is impossible to delete through the ordinary user interface, but with DelGuest you can do it.
835c226ee7904c1b92b094dc9c004d00Buffer overflows in FTP Serv-U 2.5.
906da498a406991b2fd52c997fb6f63d".."-hole in Alibaba 2.0.
fd4f9bd36fef18f0559909ac1aa8b1afVulnerabilities in BisonWare FTP Server 3.5.
091e70fb3fbf912ad617ef9bf5c585b5".."-hole in Broker FTP Server v.3.0 Build 1.
b3f4bb510aa80f6ea1e374881e645c1fNetscape Enterprise Server SSL Handshake Bug
2122e3da6d4b338816dbeb3437477f39Buffer overflow in AspUpload 1.4.
fa59dbe8856f3c12f4968d4bc4ac6d59GSD (Get Service Dacl) gives you the DACL (Discretionary Access Control List) of the Windows NT service you specify as a command line option.
68d340db93e090c0fd05c5b63b705d0cA DLL that works like passfilt.dll, but enforces some extra password policies to make it harder for password crackers like l0phtcrack to crack LANMAN hashes of the passwords.
9a7144627a4754967943b7cc27e4c344Fake SMB server that tries a dialect downgrade to get plaintext passwords from remote users. For Windows NT.
a725e520fe9df6aa6dd306e48306eebeUses Null Sessions to retrieve account and share information from Windows NT.
1adebac2af113067f6d634bbe1c9fbebA UDP port scanner for Windows. Works with Win95/Winsock2.2, Windows 98, NT.
e50ced2efd1fe549f98592f2ed394ac5
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed