Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:07:53 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2223507679&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2FWin2k%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2223507679.1338178073.1338178073.1338178073.1%3B%2B__utmz%3D32867617.1338178073.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/39340/Ibis-1.8.zip http://packetstormsecurity.org/files/39340/Ibis-1.8.zip http://packetstormsecurity.org/files/39340/Ibis-1.8.zip.html Sun, 14 Aug 2005 22:32:03 GMT Ibis, or Italian Broadcast IP Scanner, is a multithreaded broadcast scanner for Windows. Binary, source code, and documentation are included in the archive. http://packetstormsecurity.org/files/36897/pmdump.exe http://packetstormsecurity.org/files/36897/pmdump.exe http://packetstormsecurity.org/files/36897/pmdump.exe.html Fri, 01 Apr 2005 10:24:10 GMT pmdump.exe is a tool that dumps memory for a specified process to a file (as opposed to tools like memdump and dd which dump all of the RAM at once). It is useful for auditing things that might store passwords in memory (for example, VPN clients, email clients, and instant-messaging applications). http://packetstormsecurity.org/files/35110/efuzz01.zip http://packetstormsecurity.org/files/35110/efuzz01.zip http://packetstormsecurity.org/files/35110/efuzz01.zip.html Wed, 24 Nov 2004 04:31:37 GMT Efuzz is an easy to use Win32 tcp/udp protocol fuzzer which finds unknown buffer overflows in local and remote services. Uses config files to define the range of malformed requests. Includes C source, released under GPL. http://packetstormsecurity.org/files/32976/createfile.cpp.txt http://packetstormsecurity.org/files/32976/createfile.cpp.txt http://packetstormsecurity.org/files/32976/createfile.cpp.txt.html Tue, 30 Mar 2004 02:34:00 GMT WinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation. http://packetstormsecurity.org/files/31332/fport.zip http://packetstormsecurity.org/files/31332/fport.zip http://packetstormsecurity.org/files/31332/fport.zip.html Mon, 07 Jul 2003 20:16:53 GMT Fport v2.0 is powerful windows tool which reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications. Supports Windows NT4, Windows 2000 and Windows XP. http://packetstormsecurity.org/files/31328/RpcScan101.zip http://packetstormsecurity.org/files/31328/RpcScan101.zip http://packetstormsecurity.org/files/31328/RpcScan101.zip.html Mon, 07 Jul 2003 19:21:57 GMT RpcScan enumerates the RPC endpoint-map elements for port 135. You may differentiate between, for example, Windows NT 4.0 SP3 or before and Windows NT 4.0 SP4 or later, Windows 2000 SP2 or before and Windows 2000 SP3, default Windows XP and Windows XP SP1, Windows XP Home Edition and Windows XP Professional. http://packetstormsecurity.org/files/30730/SHEdit.zip http://packetstormsecurity.org/files/30730/SHEdit.zip http://packetstormsecurity.org/files/30730/SHEdit.zip.html Sun, 12 Jan 2003 23:34:46 GMT SHEdit is an offline editor for the SID History Active Directory attribute which goes around the limitation built into the DsAddSidHistory API, allowing an administrator in any domain to access any other domains in the forest as any user. http://packetstormsecurity.org/files/30713/nbtdeputy101.zip http://packetstormsecurity.org/files/30713/nbtdeputy101.zip http://packetstormsecurity.org/files/30713/nbtdeputy101.zip.html Mon, 06 Jan 2003 17:33:30 GMT NBTdeputy register a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. NBTdeputy helps to resolve IP address from NetBIOS computer name for Windows XP and .Net servers on your local network which have ports 137 and 138 open, similar to Proxy ARP. http://packetstormsecurity.org/files/30562/tcpview.zip http://packetstormsecurity.org/files/30562/tcpview.zip http://packetstormsecurity.org/files/30562/tcpview.zip.html Fri, 06 Dec 2002 03:48:56 GMT Tcpview v2.3 is a tool for Windows which shows all TCP and UDP network connections and which program has each open including listening ports, local and remote addresses, and state of TCP connections. Similar to the powerful unix tool lsof. Tested on Windows NT/2000/XP and Windows 98/Me. Also works on Win95 with Winsock update. Screenshot available here. http://packetstormsecurity.org/files/26553/logagent.txt http://packetstormsecurity.org/files/26553/logagent.txt http://packetstormsecurity.org/files/26553/logagent.txt.html Fri, 16 Aug 2002 04:23:34 GMT LogAgent 2.1 is a tool made in Perl for recollecting log files from various applications and various machines into a central location in (almost) real-time in order to improve network activity awareness. http://packetstormsecurity.org/files/26552/ComLog.pl http://packetstormsecurity.org/files/26552/ComLog.pl http://packetstormsecurity.org/files/26552/ComLog.pl.html Fri, 16 Aug 2002 04:18:04 GMT ComLog.pl, a WIN32 command prompt logger - The goal of this paper is to present a new Perl tool made to monitor DOS sessions on Windows NT/2K (should also work on XP). This tool can be used by administrators to keep a history of commands typed in the DOS command prompt and the associated output, for example on an IIS server. This can help admins to figure out what an attacker has done after compromising the machine via one of the numerous vulnerabilities available. http://packetstormsecurity.org/files/25966/promiscdetect.exe http://packetstormsecurity.org/files/25966/promiscdetect.exe http://packetstormsecurity.org/files/25966/promiscdetect.exe.html Tue, 23 Apr 2002 05:21:10 GMT PromiscDetect for Windows NT 4.0 / 2000 / XP checks if your network adapter(s) is in promiscuous mode or not (that is, in most cases, if a sniffer is running on the computer or not). Of course the attacker might be intercepting the communication between the tool and the adapter, making the result unreliable, but there are probably many more cases out there where the tool will really detect a sniffer. http://packetstormsecurity.org/files/25685/locker.zip http://packetstormsecurity.org/files/25685/locker.zip http://packetstormsecurity.org/files/25685/locker.zip.html Thu, 31 Jan 2002 06:21:14 GMT Windows 2000 Group Policy may be disabled by locking the policy files. Microsoft does not have sufficient plans to replace the system files to fix this problem so we developed an application that can be run on a domain to search for Group Policy files and lock them. Once the Group Policy files are locked the subsequent logins will attempt to read the Group Policy Objects but will not be able to so the Group Policies will not be propagated to the user or the machine. This can be a serious problem depending on the domain's reliance on Group Policy. More info on Windows group policy available here. http://packetstormsecurity.org/files/25474/regbrws001.zip http://packetstormsecurity.org/files/25474/regbrws001.zip http://packetstormsecurity.org/files/25474/regbrws001.zip.html Thu, 22 Nov 2001 06:55:13 GMT RegistryBrowser is a utility which demonstrates problems associated with stolen windows passwords by remotely browsing remote system registries using a specified user account. Tested on Windows NT and 2000. http://packetstormsecurity.org/files/25351/irs15.exe http://packetstormsecurity.org/files/25351/irs15.exe http://packetstormsecurity.org/files/25351/irs15.exe.html Thu, 11 Oct 2001 04:47:40 GMT IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target. http://packetstormsecurity.org/files/25294/irs14.exe http://packetstormsecurity.org/files/25294/irs14.exe http://packetstormsecurity.org/files/25294/irs14.exe.html Fri, 14 Sep 2001 05:24:39 GMT IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target. http://packetstormsecurity.org/files/25289/irs12.exe http://packetstormsecurity.org/files/25289/irs12.exe http://packetstormsecurity.org/files/25289/irs12.exe.html Tue, 11 Sep 2001 17:38:33 GMT IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target. http://packetstormsecurity.org/files/25238/irs10.exe http://packetstormsecurity.org/files/25238/irs10.exe http://packetstormsecurity.org/files/25238/irs10.exe.html Wed, 29 Aug 2001 05:51:45 GMT IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target. http://packetstormsecurity.org/files/25174/dsns10.zip http://packetstormsecurity.org/files/25174/dsns10.zip http://packetstormsecurity.org/files/25174/dsns10.zip.html Thu, 16 Aug 2001 05:20:08 GMT DSNS is advanced network scanner for Windows 2000. It uses fast and stealthy SYN scanning to find open ports and is able to probe the services that are running on that ports. So you can check proxies, scan for SMTP relaying hosts and more. Screenshot available here. http://packetstormsecurity.org/files/25055/scooplm003.zip http://packetstormsecurity.org/files/25055/scooplm003.zip http://packetstormsecurity.org/files/25055/scooplm003.zip.html Tue, 24 Jul 2001 04:19:25 GMT ScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000. http://packetstormsecurity.org/files/24659/scooplm002.zip http://packetstormsecurity.org/files/24659/scooplm002.zip http://packetstormsecurity.org/files/24659/scooplm002.zip.html Tue, 17 Apr 2001 01:06:37 GMT ScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000. http://packetstormsecurity.org/files/24394/scooplm001.zip http://packetstormsecurity.org/files/24394/scooplm001.zip http://packetstormsecurity.org/files/24394/scooplm001.zip.html Sat, 03 Mar 2001 07:48:09 GMT ScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000.