(Page 1 of 3) 1 2 3 Next > Category: Auditing » Backdoors BobCat Added 2006-02-04 BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB. Iwar Added 2005-11-13 A Unix Based (Linux/OpenBSD/Etc) full featured "war dialer". MySQL/ASCII Flat file logging, tone/silence location, banner detection, "curses" front end. Rkdscan Added 2004-11-19 Rkdscan is able to remotely detect if NT based Computers are compromised With "Hacker Defender" Rootkit IDA Pro - Freeware Edition Added 2003-12-15 The freeware version of the Interactive Disassembler Pro. Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis. StMichael LKM Added 2003-09-23 StMichael, is a LKM that detect sand divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes key kernel areas. chkrootkit Added 2003-06-24 chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made: aliens, asp, bindshell, lkm, rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, traceroute, and write. ifpromisc.c checks whether the interface is in promiscuous mode, chklastlog.c checks for lastlog deletions, chkwtmp.c checks for wtmp deletions, check_wtmpx.c checks for wtmpx deletions (Solaris only), and chkproc.c checks for signs of LKM trojans. Vision Added 2002-02-26 Vision, Foundstone's newest forensic product, is an essential part of a computer security professional's tool-kit. Vision maps all of a host's executables to corresponding ports, allowing you to identify and investigate suspicious services. Vision enables you to interrogate suspect services to identify backdoors and Trojan applications. If a malicious service is identified, Vision allows you to immediately kill it. BlackList Scanner Added 2001-10-22 The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm) PassDump Added 2001-10-22 Dump the logging user's crypted password from memory to a file Code Red v3 (aka Code Red II) Fix Added 2001-10-22 CD3FIX.EXE Code Red v3 Trojan Removal & Script Mapping Remediation Utility rpuckett@cisco.com 1. Looks for active EXPLORER.EXE processes and deletes those that have an execution path from the root of C:\ or D:\ 2. Unhides and deletes EXPLORER.EXE files in root of C:\ & D:\, deletes ROOT.EXE in /scripts and /MSADC directories 3. Removes SFCDisable from the Winlogon subkey of HKLM 4. Repairs the "...,,217" extensions from any of the values in the Virtual Root subkey of /W3SVC 5. Checks for static mappings in the ScriptMap subkey 6. Iterates the IIS 5.0 Metabase for .IDC, .IDA & .IDQ extension mappings and removes them 7. Creates a log file on C:\ (C:\cd3fix.log) 8. Reboots the box. Browse by category |
|
Privacy Statement |