Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:55:11 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1024466964&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20Windows%20NT%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2Fnt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1024466964.1338191711.1338191711.1338191711.1%3B%2B__utmz%3D32867617.1338191711.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/102443/reglookup-src-1.0.0.tar.gz http://packetstormsecurity.org/files/102443/reglookup-src-1.0.0.tar.gz http://packetstormsecurity.org/files/102443/RegLookup-Registry-Parser-1.0.0.html Mon, 20 Jun 2011 08:35:37 GMT RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. http://packetstormsecurity.org/files/101015/reglookup-src-0.99.0.tar.gz http://packetstormsecurity.org/files/101015/reglookup-src-0.99.0.tar.gz http://packetstormsecurity.org/files/101015/RegLookup-Registry-Parser-0.99.0.html Mon, 02 May 2011 18:04:33 GMT RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. http://packetstormsecurity.org/files/87018/reglookup-0.12.0.tar.gz http://packetstormsecurity.org/files/87018/reglookup-0.12.0.tar.gz http://packetstormsecurity.org/files/87018/RegLookup-Register-Parser-0.12.0.html Tue, 09 Mar 2010 21:12:34 GMT RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. http://packetstormsecurity.org/files/85449/KiTrap0D.zip http://packetstormsecurity.org/files/85449/KiTrap0D.zip http://packetstormsecurity.org/files/85449/Windows-NT-2K-XP-2K3-VISTA-2K8-7-NtVdmControl-KiTrap0d-Local-Ring0-Exploit.html Thu, 21 Jan 2010 00:12:04 GMT Microsoft Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()->KiTrap0d local ring0 exploit. http://packetstormsecurity.org/files/85008/tsl-bypass.txt http://packetstormsecurity.org/files/85008/tsl-bypass.txt http://packetstormsecurity.org/files/85008/Terminal-Server-License-Bypass.html Mon, 11 Jan 2010 22:21:23 GMT This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server. http://packetstormsecurity.org/files/83134/ms02_018_htr.rb.txt http://packetstormsecurity.org/files/83134/ms02_018_htr.rb.txt http://packetstormsecurity.org/files/83134/Microsoft-IIS-4.0-.HTR-Path-Overflow.html Thu, 26 Nov 2009 00:34:53 GMT This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters. http://packetstormsecurity.org/files/83012/ms03_026_dcom.rb.txt http://packetstormsecurity.org/files/83012/ms03_026_dcom.rb.txt http://packetstormsecurity.org/files/83012/Microsoft-RPC-DCOM-Interface-Overflow.html Thu, 26 Nov 2009 00:34:53 GMT This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :) http://packetstormsecurity.org/files/82940/ms06_040_netapi.rb.txt http://packetstormsecurity.org/files/82940/ms06_040_netapi.rb.txt http://packetstormsecurity.org/files/82940/Microsoft-Server-Service-NetpwPathCanonicalize-Overflow.html Thu, 26 Nov 2009 00:34:53 GMT This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0. http://packetstormsecurity.org/files/71146/cisco-sa-20081022-asa.txt http://packetstormsecurity.org/files/71146/cisco-sa-20081022-asa.txt http://packetstormsecurity.org/files/71146/Cisco-Security-Advisory-20081022-asa.html Wed, 22 Oct 2008 22:50:17 GMT Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak. http://packetstormsecurity.org/files/53392/winntcomp.txt http://packetstormsecurity.org/files/53392/winntcomp.txt http://packetstormsecurity.org/files/53392/winntcomp.txt.html Thu, 04 Jan 2007 02:53:42 GMT A critical security vulnerability has been found in the Windows NT Message compiler. Arbitrary code execution might be possible. http://packetstormsecurity.org/files/52547/NBTEnum33.zip http://packetstormsecurity.org/files/52547/NBTEnum33.zip http://packetstormsecurity.org/files/52547/NBTEnum33.zip.html Wed, 29 Nov 2006 02:41:50 GMT NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares. If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included. http://packetstormsecurity.org/files/49433/NTharden.pdf http://packetstormsecurity.org/files/49433/NTharden.pdf http://packetstormsecurity.org/files/49433/NTharden.pdf.html Sun, 27 Aug 2006 23:00:39 GMT Whitepaper discussing the hardening of Windows NT. http://packetstormsecurity.org/files/46385/AD20060509a.txt http://packetstormsecurity.org/files/46385/AD20060509a.txt http://packetstormsecurity.org/files/46385/AD20060509a.txt.html Sun, 21 May 2006 17:51:29 GMT eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port. http://packetstormsecurity.org/files/45347/lbrute.zip http://packetstormsecurity.org/files/45347/lbrute.zip http://packetstormsecurity.org/files/45347/lbrute.zip.html Wed, 12 Apr 2006 04:22:52 GMT lbture is a local Windows account password brute forcer. It supports dictionary attacks and resume. Works on Windows NT/2K/XP/2K3. http://packetstormsecurity.org/files/42288/EEYEB-20050523.txt http://packetstormsecurity.org/files/42288/EEYEB-20050523.txt http://packetstormsecurity.org/files/42288/EEYEB-20050523.txt.html Wed, 14 Dec 2005 07:57:35 GMT eEye Security Advisory - eEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that could allow any code executing on a Windows NT 4.0 or Windows 2000 system to elevate itself to the highest possible local privilege level (kernel). http://packetstormsecurity.org/files/41163/un-D_0WNED.c http://packetstormsecurity.org/files/41163/un-D_0WNED.c http://packetstormsecurity.org/files/41163/un-D_0WNED.c.html Wed, 02 Nov 2005 06:20:13 GMT GoodTech Telnet Server for Windows NT/2000. http://packetstormsecurity.org/files/41066/win-useradd.c http://packetstormsecurity.org/files/41066/win-useradd.c http://packetstormsecurity.org/files/41066/win-useradd.c.html Sun, 30 Oct 2005 23:33:42 GMT 318 byte useradd shellcode for Russian Windows NT/2k/XP variants. http://packetstormsecurity.org/files/40365/dsa-830-1.txt http://packetstormsecurity.org/files/40365/dsa-830-1.txt http://packetstormsecurity.org/files/40365/Debian-Linux-Security-Advisory-830-1.html Tue, 04 Oct 2005 03:09:21 GMT Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users. http://packetstormsecurity.org/files/40218/prott_packV01A.zip http://packetstormsecurity.org/files/40218/prott_packV01A.zip http://packetstormsecurity.org/files/40218/prott_packV01A.zip.html Fri, 23 Sep 2005 07:32:28 GMT Protty is a ring 3 library developed to protect against shellcode execution on Windows NT based systems. http://packetstormsecurity.org/files/39657/SSRT051023.txt http://packetstormsecurity.org/files/39657/SSRT051023.txt http://packetstormsecurity.org/files/39657/HP-Security-Bulletin-2005-10.23.html Sun, 28 Aug 2005 19:14:10 GMT HP Security Bulletin - A potential vulnerability has been identified with Openview Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to gain privileged access. Affected versions: Openview Network Node Manager (OV NNM) 6.2, 6.4, 7.01, 7.50 running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux. http://packetstormsecurity.org/files/39409/efilter.c http://packetstormsecurity.org/files/39409/efilter.c http://packetstormsecurity.org/files/39409/efilter.c.html Wed, 17 Aug 2005 05:08:33 GMT Efilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of program's active SEH frames take over the exception. In short words it reports programs exceptions even if they are handled by original program. http://packetstormsecurity.org/files/38530/nullsessions.txt http://packetstormsecurity.org/files/38530/nullsessions.txt http://packetstormsecurity.org/files/38530/nullsessions.txt.html Thu, 07 Jul 2005 14:33:13 GMT By taking advantage of hardcoded named pipes allowed for NULL sessions and using the property of MSRPC that, by default, all available RPC interfaces in a process can be reached using any opened endpoint, it is possible to anonymously enumerate Windows services and read the Application and System eventlogs of a remote Windows NT 4.0 or Windows 2000 system. http://packetstormsecurity.org/files/38132/goodtechDoS.txt http://packetstormsecurity.org/files/38132/goodtechDoS.txt http://packetstormsecurity.org/files/38132/goodtechDoS.txt.html Mon, 20 Jun 2005 06:59:15 GMT GoodTech SMTP Server for Windows NT/2000/XP version 5.14 is susceptible to a denial of service vulnerability. http://packetstormsecurity.org/files/37194/sctune.zip http://packetstormsecurity.org/files/37194/sctune.zip http://packetstormsecurity.org/files/37194/sctune.zip.html Mon, 18 Apr 2005 22:21:34 GMT Sctune is a small utility to generate copy/pasteable shellcode for various versions of Windows NT, 2000, 2003 and XP. Function addresses are automatically generated based on the system on which you run sctune. http://packetstormsecurity.org/files/35912/WIPv011.tgz http://packetstormsecurity.org/files/35912/WIPv011.tgz http://packetstormsecurity.org/files/35912/WIPv011.tgz.html Thu, 27 Jan 2005 04:29:09 GMT Whitepaper giving an overview of a security assessment against Windows NT machines when penetration testing. Provides insight from both attacker and administrative perspectives.