Title : Toolz Armory
Author : Packet Storm
==Phrack Inc.==
Volume 0x0b, Issue 0x3c, Phile #0x04 of 0x10
|=--------------------=[ T O O L Z A R M O R Y ]=----------------------=|
|=-----------------------------------------------------------------------=|
|=---------=[ packetstorm <http://www.packetstormsecurity.org> ]=-------=|
This new section, Phrack Toolz Armory, is dedicated to tool annoucements.
We will showcast selected tools of relevance to the computer underground
which have been released recently. The tools for #60 have been selected
in teamwork by the Packet Storm staff and Phrack staff.
Drop us a mail if you develop something that you think is worth of being
mentioned here.
1 - nmap 3.1 Statistics Patch
2 - thc-rut
3 - Openwall GNU/*/Linux (Owl) 1.0
4 - Stealth Kernel Patch
5 - Memfetch
6 - Lcrzoex
----[ 1 - NMAP 3.1 Statistics Patch
URL : http://packetstormsecurity.org/UNIX/nmap/nmap-3.10ALPHA4_statistics-1.diff
Author : vitek[at]ixsecurity.com
Comment : The Nmap 3.10ALFA Statistics Patch adds the -c switch which
guesses how much longer the scan will take, shows how many ports
have been tested, resent, and the ports per second rate. Useful
for scanning firewalled hosts.
----[ 2 - thc-rut
URL : http://www.thehackerschoice.com/thc-rut
Author : anonymous[at]segfault.net
Comment : RUT (aRe yoU There, pronouced as 'root') is your first knife on
foreign network. It gathers informations from local and remote
networks.
It offers a wide range of network discovery utilities
like arp lookup on an IP range, spoofed DHCP request, RARP,
BOOTP, ICMP-ping, ICMP address mask request, OS fingerprinting,
high-speed host discovery, ...
THC-RUT comes with a OS host Fingerprinter which determines the
remote OS by open/closed port characteristics, banner matching
and nmap fingerprinting techniques (T1, tcpoptions).
The fingerprinter has been developerd to quickly (10mins)
categorize hosts on a Class B network. Information sources are
(amoung others) SNMP replies, telnetd (NVT) negotiation options,
generic Banner Matching, HTTP-Server version, DCE request and
tcp options. It is compatible to the nmap-os-fingerprints
database and comes in addition to this with his own perl regex
capable fingerprinting database (thcrut-os-fingerprints).
----[ 3 - Openwall GNU/*/Linux (Owl) 1.0 (Released 2002-10-13)
URL : http://www.openwall.com/Owl
Author : Solar Designer and other hackers.
Comment : Openwall Linux is the Hacker's choice platform. The security
has been defined by people who know what they are doing. Owl
comes without any useless services running by default, no RPM
dependencies headache, full featured environment for
developers, a large number of usefull tools and a BSD-port-like
update mechanism. It's for people who prefer vi over
click/drag-and-drop sickness to configure the system.
Openwall GNU/*/Linux (Owl) includes a pre-built copy of John
the Ripper password cracker ready for use without requiring
another OS (life system!) and without having to install on a
hard disk (although that is supported). The CD-booted system
is fully functional, you may even let it go multi-user with
virtual consoles and remote shell access.
John the Ripper is a fast password cracker, currently
available for many flavors of Unix (11 are officially
supported, not counting different architectures), DOS, Win32,
and BeOS. Its primary purpose is to detect weak Unix
passwords, but a number of other hash types are supported
aswell.
This is probably the most secure linux distribution out there.
----[ 4 - Stealth Kernel Patch
URL : http://packetstormsecurity.org/UNIX/patches/linux-2.2.22-stealth.diff.gz
Author : Sean Trifero <sean[at]innu.org>
Comment : The Stealth Kernel Patch for Linux v2.2.22 makes the linux kernel
discard the packets that many OS detection tools use to query the
TCP/IP stack. Includes logging of the dropped query packets and
packets with bogus flags. Does a very good job of confusing nmap
and queso.
----[ 5 - Memfetch
URL : http://packetstormsecurity.org/linux/security/memfetch.tgz
Author : Michal Zalewski <lcamtuf[at]ghettot.net>
Comment : Memfetch dumps the memory of a program without disrupting its
operation, either immediately or on the nearest fault condition
(such as SIGSEGV). It can be used to examine suspicious or
misbehaving processes on your system, verify that processes are
what they claim to be, and examine faulty applications using your
favorite data viewer so that you are not tied to the inferior
data inspection capabilities in your debugger.
----[ 6 - Lcrzoex
URL : http://www.laurentconstantin.com/en/lcrzoex/
http://www.laurentconstantin.com/en/rzobox/ (front end)
Author : Laurent Constantin <laurent.constantin@aql.fr>
Comment : Lcrzoex contains over 400 tools to test an Ethernet/IP
network. It runs under Linux, Windows, FreeBSD, OpenBSD and
Solaris. Features:
- sniff/spoof/replay
- syslog/ftp/dns/http/telnet clients
- ping/traceroute
- web spider
- tcp/web backdoor
- data conversion
|=[ EOF ]=---------------------------------------------------------------=|