dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1772

Time Out$
Premium Member
join:2002-04-28
North Myrtle Beach, SC

Time Out$

Premium Member

BindView's RAZOR Security Site.

Not too long ago when this came out from M$....

Microsoft Security Bulletin MS02-011
Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service
Originally posted: February 27, 2002

There was a TEAM that was given credit for identifying this vulnerability. So I have found time to post this information for the members here. Some of you know all about this group and their fine work .

So I hope now other's here can share in the Info.

This is not for everyone..but you will fine both OpenSource and Microsoft info here..I have had it bookmarked for a while and was just doing some catching up today.

If you do download anything make sure you pay attention to the OS required.

____________________________________________________________

BindView's RAZOR is a worldwide team of cutting-edge security researchers. We are dedicated to advancing the state of the art in securing networks and computers. RAZOR develops the art by identifying new security holes and disclosing our results publicly, so that all may benefit from our research.
»razor.bindview.com/

Papers and Advisories
»razor.bindview.com/publi ··· ex.shtml

Tools
»razor.bindview.com/tools ··· ex.shtml
fenris 0.06
fenris is a comprehensive project intended to provide developers, auditors and analysts with invaluable information about internal structures, behavior and functionality of tested black-box or open-source applications. It features structural trace capabilities, execution path analysis, memory operations and I/O trace, conditional expression detection, visual output and much more.

ngrep 1.40
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

VLAD the Scanner v0.9.2
VLAD the Scanner is a free, open source tool that checks for the common security vulnerabilities on the SANS Top Ten list.

NCPQuery v1.2
NCPQuery is a free, open source tool that allows probing of a Novell Netware server running IP to be queried to enumerate objects.

Despoof 0.9
Despoof is a free, open source tool that measures the TTL to determine if a packet has been spoofed or not.

Zombie Zapper™
Zombie Zapper™ is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, Stacheldraht, Trinoo for Windows, and Shaft. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.

Tfn2kpass
Tfn2kpass allows recovery of the tfn2k password from recovered tfn2k binaries. Recovers from Intel-based Unix and Sun binaries.

warscan
A vehicle for automating any test exploit in an efficient, timely, and large-scale manner.

icmpenum-1.1.1.tgz
This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.

md5-tool
If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.

nbtstat
This is a small utility that does the equivalent of NT's nbtstat -A . It sends a Node Status request to the host specified on the command line, and waits (up to 10 seconds) for the reply. If it gets the reply, it dumps the reply as hex, and then interprets the name table.

ntreg
This is a file system driver for linux, which understands the NT registry file format. With it, you can take registry files from NT, e.g., SAM, SECURITY, etc., and mount them on linux. Currently, it's read-only, though I may add read-write capability in the future.

PipeACL tools v1.0
The PipeACL tools package contains two separate tools for viewing and configuring Win32 named pipe ACLs (Access Control Lists). The pipeacl untility allows you to dump various settings of a named pipe, including the Owner, Group, Sacls (System access control lists), and Dacls (Discretionary access control lists). The pipeaclui untility allows you to view and apply permissions to a specified named pipe. These changes are made in the Dacls of the named pipe itself.

ngrep 1.40
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

RPC tools v1.0
The RPC tools package contains three separate tools for obtaining information from a system that is running RPC services. rpcdump allows you to dump the contents of the endpoint mapper database. ifids is similar to rpcdump but allows you to query a single RPC server and can even allow you to query an RPC server which is not listed in the endpoint map obtained with rpcdump above. walksam is a tool which allows you to dump the information of each user found within the SAM database via Named Pipes or using the additional protocol sequences used by Windows 2000 domain controllers.

ACL tools v1.0
ACL tools contains two tools: lsaacl and samacl. lsaacl allows allows you to display and edit security descriptors for LSA objects. samacl allows you to display and edit security descriptors for SAM objects.

Porttool
Porttool is the proof-of-concept code for the Windows LPC ports vulnerabilities reported by RAZOR to Microsoft.

Strace for NT
Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes.

Zombie Zapper™
Zombie Zapper™ is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, Stacheldraht, Trinoo for Windows, and Shaft. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.

lsadump2.zip
This is an application to dump the contents of the LSA secrets on a machine, provided you are an Administrator.

pwdump2.zip
This is an application which dumps the password hashes (OWFs) from NT's SAM database, whether or not SYSKEY is enabled on the system.

enum
enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts.

_______________________________________________________________________

See this post of a member here at DSLR that has Used on of these Tools. »Re: Port 137 probes increasing?