«
Expand/Collapse
141 items tagged "tcp"
Related tags:
stack [+],
nmap port scanner [+],
windows [+],
tcp ports [+],
security weakness [+],
number generation [+],
vulnerability [+],
microsoft [+],
cisco ios [+],
tls [+],
threaded [+],
service [+],
mac [+],
cisco security advisory [+],
cisco security [+],
asterisk [+],
vulnerabilities [+],
udp [+],
tcp ip stack [+],
shellcode [+],
shell [+],
sequence prediction [+],
ricky lawshae [+],
ricky [+],
picking [+],
ops [+],
open ports [+],
opc server [+],
modbus [+],
heap corruption [+],
electronic locks [+],
denial [+],
dan kaminsky [+],
cisco ios software [+],
black ops [+],
black [+],
automated solutions [+],
automated [+],
xdmcp [+],
widnows [+],
virtual channel [+],
usa [+],
unix systems [+],
udp connections [+],
tool [+],
tls server [+],
telnet servers [+],
tcp level [+],
target [+],
tar gz [+],
server [+],
security issue [+],
scapy [+],
scanners [+],
scanner banner [+],
scan [+],
resource exhaustion [+],
remote desktop [+],
read [+],
rdp [+],
ports [+],
network tool [+],
network [+],
microsoft windows [+],
magic packets [+],
magic packet [+],
linux kernel versions [+],
kernel panic [+],
hosts [+],
fyodor [+],
fast [+],
encapsulation [+],
domain scanner [+],
dns [+],
desktop protocol [+],
denial of service exploit [+],
ctunnel [+],
complemento [+],
client [+],
black hat [+],
Software [+],
Pentesting [+],
tcp session [+],
tcp segment [+],
tcp ip [+],
tar bz2 [+],
session [+],
secret squirrel [+],
rfc [+],
reliability [+],
relevant specifications [+],
privilege escalation vulnerability [+],
perl [+],
perjack [+],
os x intel [+],
null pointer [+],
man in the middle attack [+],
mac os x [+],
mac os [+],
local privilege escalation [+],
intel [+],
hacking [+],
extension header [+],
dynamic delay [+],
dragoflybsd [+],
document updates [+],
document [+],
device [+],
darknet [+],
cisco ios software release [+],
chaos communication congress [+],
asia [+],
arp [+],
Tools [+],
port scanner [+],
denial of service [+],
multi [+],
scanner [+],
service vulnerability [+],
zabbix [+],
xxx [+],
x86 [+],
vnc server [+],
vista [+],
video [+],
usbsploit [+],
usb stack [+],
usb [+],
udp services [+],
tivoli provisioning manager [+],
tiny [+],
tcp wrappers [+],
tcp udp [+],
tcp port [+],
tcp packets [+],
tcp ip protocol [+],
tcp connection [+],
target machine [+],
suricata [+],
sql queries [+],
sql [+],
source address [+],
social engineering [+],
smart way [+],
smallbind [+],
slides [+],
shikata ga nai [+],
scanned [+],
safer use [+],
ruby [+],
rfc 1918 [+],
rand [+],
qos [+],
pwb [+],
proxy squid [+],
protocol stack [+],
protocol [+],
port 4444 [+],
port 31337 [+],
poc [+],
paper [+],
packets [+],
os x x86 [+],
os x [+],
open ssh [+],
open source code [+],
old server [+],
network streams [+],
net [+],
mysql [+],
microcontrollers [+],
microchip [+],
metasploit [+],
manager. authentication [+],
mallory [+],
malaysia [+],
logiciel [+],
lnk [+],
linux windows [+],
java shell [+],
java [+],
ipv [+],
iptools [+],
ip stacks [+],
interactive shell [+],
improving [+],
implementing [+],
http [+],
hack in the box [+],
freebsd [+],
evasion [+],
establishment phase [+],
electronic [+],
directory traversal vulnerability [+],
detection [+],
dependent parameters [+],
db services [+],
csv format [+],
codemeter [+],
code execution [+],
chris [+],
blind tcp [+],
bind [+],
backdoor [+],
automation [+],
audio [+],
apache httpd [+],
alex [+],
advisory [+],
adresse mail [+],
acl [+],
Support [+],
ExploitsVulnerabilities [+],
mysql [+],
linux [+],
kernel [+],
linux kernel [+],
port [+],
nmap [+],
reliability features [+],
ip fragments [+],
fin [+]
-
-
21:00
»
Packet Storm Security Recent Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
21:00
»
Packet Storm Security Tools
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
21:00
»
Packet Storm Security Misc. Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
-
14:19
»
Packet Storm Security Recent Files
trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
-
14:19
»
Packet Storm Security Tools
trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
-
14:19
»
Packet Storm Security Misc. Files
trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
-
-
19:51
»
Packet Storm Security Recent Files
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
-
19:51
»
Packet Storm Security Tools
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
-
19:51
»
Packet Storm Security Misc. Files
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
-
-
18:01
»
Packet Storm Security Recent Files
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
18:01
»
Packet Storm Security Tools
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
18:01
»
Packet Storm Security Tools
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
18:01
»
Packet Storm Security Misc. Files
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
-
7:07
»
Hack a Day
A couple of weeks ago we put up a post titled Addressing Microchip’s open source problem where we talked about some of their shortcomings as far as open source code goes, specifically the TCP/IP stack and the USB stack. The comments were predictably fairly negative. The interesting part here is that Microchip actually listened. If [...]
-
-
6:25
»
Packet Storm Security Recent Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
6:25
»
Packet Storm Security Tools
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
6:25
»
Packet Storm Security Misc. Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
-
12:42
»
Carnal0wnage
So a coulple of cool updates lately to metasploit framework. If you check out db_services you'll see a super handy feature of "-R"
msf auxiliary(http_version) > db_services -h
Usage: db_services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] [-o ]
-a Search for a list of addresses
-c Only show the given columns
-h,--help Show this help information
-n Search for a list of service names
-p Search for a list of ports
-r Only show [tcp|udp] services
-u,--up Only show services which are up
-o Send output to a file in csv format
-R,--rhosts Set RHOSTS from the results of the search
Available columns: created_at, info, name, port, proto, state, updated_at
In the past you could list your hosts by port (db_services -p 80) but I want to be able to USE those hosts and throw modules at them, bring in the -R option
msf auxiliary(http_version) > use auxiliary/scanner/http/options
msf auxiliary(options) > db_services -R -p 80
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.1.245 80 tcp http open Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
192.168.1.246 80 tcp http open Apache/2.2.3 (CentOS)
192.168.1.247 80 tcp http open Apache/2.2.12 (Ubuntu)
192.168.1.248 80 tcp http open lighttpd/1.5.0
192.168.1.249 80 tcp http open Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.11
192.168.1.251 80 tcp http open Apache
192.168.1.254 80 tcp http open Apache/2.2.3 (CentOS)
RHOSTS => file:/tmp/msf-db-rhosts-20110423-27121-10wiuni-0
msf auxiliary(options) > run
[*] Scanned 1 of 7 hosts (014% complete)
[*] Scanned 2 of 7 hosts (028% complete)
[*] 192.168.1.247 allows GET,HEAD,POST,OPTIONS methods
[*] Scanned 3 of 7 hosts (042% complete)
[*]192.168.1.248 allows OPTIONS, GET, HEAD, POST methods
[*] Scanned 4 of 7 hosts (057% complete)
[*] 192.168.1.249 allows GET,HEAD,POST,OPTIONS,TRACE methods
[*] Scanned 5 of 7 hosts (071% complete)
[*] Scanned 6 of 7 hosts (085% complete)
[*] Scanned 7 of 7 hosts (100% complete)
[*] Auxiliary module execution completed
-CG
-
6:53
»
Packet Storm Security Advisories
Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.
-
6:53
»
Packet Storm Security Recent Files
Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.
-
6:53
»
Packet Storm Security Misc. Files
Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.
-
-
5:56
»
Packet Storm Security Exploits
Linux kernel versions prior to 2.6.37-rc2 TCP_MAXSEG kernel panic denial of service exploit that triggers a divide by zero error in net/ipv4/tcp.c.
-
5:56
»
Packet Storm Security Recent Files
Linux kernel versions prior to 2.6.37-rc2 TCP_MAXSEG kernel panic denial of service exploit that triggers a divide by zero error in net/ipv4/tcp.c.
-
5:56
»
Packet Storm Security Misc. Files
Linux kernel versions prior to 2.6.37-rc2 TCP_MAXSEG kernel panic denial of service exploit that triggers a divide by zero error in net/ipv4/tcp.c.
-
-
11:53
»
Packet Storm Security Recent Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
11:53
»
Packet Storm Security Tools
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
11:53
»
Packet Storm Security Misc. Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
-
14:55
»
Packet Storm Security Recent Files
This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).
-
14:55
»
Packet Storm Security Misc. Files
This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).
-
-
3:11
»
Packet Storm Security Recent Files
rdp2tcp is a tunneling tool on top of remote desktop protocol (RDP). It uses RDP virtual channel capabilities to multiplex several TCP ports forwarding over an already established rdesktop session.
-
3:11
»
Packet Storm Security Tools
rdp2tcp is a tunneling tool on top of remote desktop protocol (RDP). It uses RDP virtual channel capabilities to multiplex several TCP ports forwarding over an already established rdesktop session.
-
3:11
»
Packet Storm Security Misc. Files
rdp2tcp is a tunneling tool on top of remote desktop protocol (RDP). It uses RDP virtual channel capabilities to multiplex several TCP ports forwarding over an already established rdesktop session.
-
-
17:40
»
Packet Storm Security Recent Files
Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client does not need to be run with specific privileges.
-
17:40
»
Packet Storm Security Tools
Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client does not need to be run with specific privileges.
-
17:40
»
Packet Storm Security Misc. Files
Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client does not need to be run with specific privileges.
-
-
23:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-194 - This vulnerability allows remote attackers to execute arbitrary SQL queries on vulnerable installations of Tivoli Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP to ODBC gateway component which listens by default on TCP port 2020. Authentication is not required to issue SQL queries to the service. A remote attacker can abuse this to read, modify, or create records within the database.
-
18:37
»
SecuriTeam
Cisco IOS is affected by a denial of service vulnerability during the TCP establishment phase.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:01
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device. No authentication is required to exploit this vulnerability. An attacker does not need to complete a three-way handshake to trigger this vulnerability; therefore, this this vulnerability can be exploited using spoofed packets. This vulnerability may be triggered by normal network traffic.
-
20:00
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device. No authentication is required to exploit this vulnerability. An attacker does not need to complete a three-way handshake to trigger this vulnerability; therefore, this this vulnerability can be exploited using spoofed packets. This vulnerability may be triggered by normal network traffic.
-
-
7:35
»
Carnal0wnage
Nmap will scan IPv6 enabled hosts if you pass it the -6 switch, but only does TCP Connect scans and no OS identification, which makes sense because OS identification uses nuances of ipv4 responses...
carnal0wnage ~: nmap -6 -sV 2002:53e9:a52a::832:3316:5042 -p53,80,222
Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-19 20:42 UTC
Nmap scan report for 2002:53e9:a52a::832:3316:5042
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
53/tcp open domain ISC BIND 9.X
80/tcp open http nginx
222/tcp open ssh OpenSSH 5.1p1 Debian 5 (protocol 2.0)
Service Info: OS: Linux
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.92 seconds
carnal0wnage ~: nmap -6 -sV ::ffff:66.148.86.4
Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-19 21:00 UTC
Nmap scan report for ::ffff:66.148.86.4
Host is up (0.024s latency).
Not shown: 795 closed ports, 203 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 1.3.41 ((Unix) PHP/5.2.9)
8080/tcp open http-proxy Squid webproxy 2.6.STABLE16
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.41 seconds
and metasploit supports ipv6
msf auxiliary(http_version) > run
[*] 2002:53e9:a52a:0000:0000:0832:3316:5042 is running nginx
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
-
-
17:55
»
Packet Storm Security Tools
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
17:54
»
Packet Storm Security Recent Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
-
17:28
»
Packet Storm Security Tools
ctunnel is a program for tunneling and proxying TCP or UDP connections via a cryptographic tunnel. ctunnel can be used to secure any existing TCP or UDP based protocol, such as HTTP, Telnet, FTP, RSH, MySQL, VNC, DNS, XDMCP, NFS, etc. You can also chain or bounce connections to any number of intermediary hosts.
-
17:28
»
Packet Storm Security Recent Files
ctunnel is a program for tunneling and proxying TCP or UDP connections via a cryptographic tunnel. ctunnel can be used to secure any existing TCP or UDP based protocol, such as HTTP, Telnet, FTP, RSH, MySQL, VNC, DNS, XDMCP, NFS, etc. You can also chain or bounce connections to any number of intermediary hosts.
-
-
17:55
»
SecuriTeam
Remote Code Execution and Denial of Service Vulnerabilities were discovered in HP TCP/IP Services.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
22:00
»
Packet Storm Security Tools
ctunnel is a program for tunneling and proxying TCP or UDP connections via a cryptographic tunnel. ctunnel can be used to secure any existing TCP or UDP based protocol, such as HTTP, Telnet, FTP, RSH, MySQL, VNC, DNS, XDMCP, NFS, etc. You can also chain or bounce connections to any number of intermediary hosts.
-
-
19:00
»
Packet Storm Security Tools
Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article TCP Resource Exhaustion and Botched Disclosure . Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.
-
19:00
»
Packet Storm Security Recent Files
Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article TCP Resource Exhaustion and Botched Disclosure . Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.
-
-
17:01
»
Packet Storm Security Misc. Files
This archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ( Java Shell ) payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.
-
-
0:49
»
remote-exploit & backtrack
In a PEnTest Scenario we have found a open port for for "3306/tcp open mysql port unauthorized" service .
How we can try to connect it remotely.What more further information we can gain using this information
-
-
18:06
»
remote-exploit & backtrack
For the last few weeks i've been playing with metasploit ...
Ive had fun hacking an old server using the old net_api overflow on xp sp 2
I just read the metasploit blog about the new adobe_libtiff exploit
i used the payload
windows/meterpreter/reverse_tcp
(is this right ?)
I have the PDF on the target machine it works A ok and connects back to my machine on xxx.xxx.xxx.3:1133 my question is ....
how do i go from a tcp connection to either a meterpreter session or vncinject using the command line in ruby ?
i've tried:
connect xxx.xxx.xxx.4:1133 ... it connects but then does nothing ?
^^^ do i need to run this as a bg session/job ?
any suggestions please
& please dont flame me
-
-
11:51
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
-
11:51
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
-
-
15:54
»
remote-exploit & backtrack
Hello, I posted this in the OffSec PWB forum, but I don't think it's frequented that often hence no response. Apologies for the re-post if you've already come across this.
I've been doing some research into tcp wrappers recently, having noticed that a few services within the pwb lab are wrapped. As I understand it tcpwrappers are a method of applying an ACL to a service, based on IP address.
I've figured that I can only talk to wrapped services if i'm bouncing through another host, but is there a reliable way of determining which hosts are in the ACL? The only ideas i've had on this so far seem to require some cache poisoning, which seems more than likely to mess things up (and poisoning is not allowed in the labs anyway!).
Spoofing my source address could be an option I suppose, but that would mean responses are directed elsewhere I guess...
Can anyone share any insights into this? Even a nudge in the right direction would be appreciated.
Thanks
Chris
-
-
17:00
»
Packet Storm Security Tools
PerJack is a TCP Session Hijack tool written in Perl. It does a man-in-the-middle attack, displays all active sessions and takes over the selected TCP session.
-
17:00
»
Packet Storm Security Recent Files
PerJack is a TCP Session Hijack tool written in Perl. It does a man-in-the-middle attack, displays all active sessions and takes over the selected TCP session.
-
-
13:00
»
Packet Storm Security Tools
Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article TCP Resource Exhaustion and Botched Disclosure . Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.
-
-
2:29
»
remote-exploit & backtrack
salut voila en utilsant set toolkit je ne comprend pas pourquoi il me donne des adresse mail russe espagnole avec leur code je lutilise sur backtrack 4
en fesant cette exemple
1. Automatic E-Mail Attacks (UPDATED)
2. Website Java Applet Attack (UPDATED)
3. Update Metasploit
4. Update SET
5. Create a Payload and Listener
6. Help
7. Exit the Toolkit
Enter your choice: 2 ok
°°°°°°°°°°et
Website Attack Vectors
1. Let SET create a website for you
2. Clone and setup a fake website (NEW)
3. Import your own website (NEW)
4. Return to main menu.
Enter number: 1 ok
°°°°°°°°°°et
What payload do you want to generate:
Name: Description:
1. Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker.
2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker.
4. Windows Bind Shell Execute payload and create an accepting port on remote system.
5. Windows Bind Shell X64 Windows x64 Command Shell, Bind TCP Inline
6. Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
7. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
8. Import your own executable Specify a path for your own executable
Enter choice (example 1-4): 1 7 ok
°°°°°°°°°°et
Select one of the below, Shikata_Ga_Nai is typically the best.
1. avoid_utf8_tolower
2. shikata_ga_nai
3. alpha_mixed
4. alpha_upper
5. call4_dword_xor
6. countdown
7. fnstenv_mov
8. jmp_call_additive
9. nonalpha
10. nonupper
11. unicode_mixed
12. unicode_upper
13. alpha2
14. No Encoding
Enter your choice (enter for default): 2 ok
°°°°°°°°°°et
Usually 1 to 4 does the trick, if you get an
error messsage, some encoders don't like
more than one. Specify 0 if you want.
How many times do you want to encode the payload: 1 ok
°°°°°°°°°°et
Enter the PORT of the listener: 443 ok
and
Enter the PORT of the listener: 443
[-] Encoding the payload 1 times to get around pesky Anti-Virus. [-]
[*] x86/shikata_ga_nai succeeded with size 46 (iteration=1)
[*] ARP Cache Poisoning is set to ON.
What IP Address do you want to poison: 192.168.1.21 ok
and
Filter created...
Compiling Ettercap filter...
etterfilter NG-0.7.3 copyright 2001-2004 ALoR & NaGA
12 protocol tables loaded:
DECODED DATA udp tcp gre icmp ip arp wifi fddi tr eth
11 constants loaded:
VRRP OSPF GRE UDP TCP ICMP6 ICMP PPTP PPPoE IP ARP
Parsing source file 'src/program_junk/ettercap.filter' done.
Unfolding the meta-tree done.
Converting labels to real offsets done.
Writing output to 'src/program_junk/ettercap.ef' done.
-> Script encoded into 16 instructions.
Filter compiled...Running Ettercap and poisoning target...ok
voila donc apres sa je lance ettercap-gtk en visant le pc sur mon reseau et voici se que j obtient je ne comprend pas car l attack que j utilise n ai pas faite pour sa ! je cherche des explication sur se soft mais je trouve toujours la meme video sur le net ne parlant pas trop bien anglais je ne peut pas contacter
kennedyD013@gmail.com
HTTP : 116.122.36.184:80 -> USER:
pwoyaeu@hct.w.com PASS: RAND#a#8 INFO:
PHP¿Í MySQLÀ» È°¿ëÇÑ °Ô½ÃÆÇ
HTTP : 217.69.130.41:80 -> USER: alijahhali096 PASS: Pob7Qrm2Kl INFO: my.mail.ru/cgi-bin/auth
c est quoi le soucie ??????????????????????????????,
-
-
21:00
»
Packet Storm Security Tools
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
-
21:00
»
Packet Storm Security Recent Files
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution