(Page 4 of 8)   < Prev  1 2 3 4 5 6 7 8  Next >

Category: System Security Management » Windows NT

BlackList Scanner
Added 2001-10-22
by James B. Nickson
The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm)

athena-2k.pl
Added 2001-10-22
by Jacob Shaw
This tool is a ~600 line PERL script that utilizes the Net::SNMP module. It's purpose is to retrieve A LOT of information out of a remote Windows 2000 machine running the SNMP Service with a known community string. I may or may not get around to making it work alright with Windows NT 4, currently it does not. It queries/walks a predefined set of SNMP OIDs, and displays the return values in a nice, formatted ASCII output. I find it to be quite speedy. It's a snapshot of my work so far, most of it being sheer research (trying to find exciting, new OIDs, and THEN finding out what exactly, they're returning that can be useful ;-) ) I think many people will be suprised at the amount of information the SNMP Service shares with the world on a misconfigured (read: default) setup. Among the items one can retrieve from such a server is: - Server Name & Primary Domain/Workgroup - OS version, CPU type (& if it's Multiprocessor or not) - SNMP Contact & Location information (If defined) - System uptime - System date/time - List of all user accounts - Total RAM - Storage devices, volume label, device type, & partition type - Running processes & process id's - Installed applications & the date they were each installed - List of services - List of network interfaces (Description, HW Address, Int Speed, IP address, netmask, Bytes In/Out, Status) - List of all share names, file system location, & comments - Routing table - TCP connections & listening ports - UDP listening ports

WPTerm
Added 2001-10-22
by ULTiMaTuM
WPTerm is a simple console-driven program that allows a user to list processes and terminate a process, no questions asked. It was designed as a replacement for the Windows 2000 Task Manager, as the Windows 2000 Task Manager has a design error in it that disallows a process to end if it has the same name as a critical OS file. This allows for malicious programs to run without easily having them shut down. (See bugtraq ID 3033) WPTerm fixes this problem.

SecureIIS
Added 2001-10-22
by eEye Digital Security
SecureIIS is an application firewall for Microsoft Internet Information Services. It stops known and unknown vulnerabilities within IIS.

Code Red II Removal Utility
Added 2001-10-22
by Felipe Moniz, stealthdev@yahoo.com
Code Red II Detection and Removal Utility for IIS 5.0.

Code Red II Cleaner
Added 2001-10-22
by Microsoft
Microsoft has developed a tool that eliminates the obvious damage that is caused by the Code Red II worm. Before running it, ensure that you have read the cautions discussed in the "More Information" page.

Regsec
Added 2001-10-22
by Richard Puckett, rpuckett@snl.com
Regsec.kix is a 32-bit Kixtart script designed to run at logon that resets (currently) 46 security-related Registry edits on NT workstations and servers, grouped into 3 increasingly-secure levels (called DEFCONS). The script allows for messagebox prompting ( through the $QUERYUSR variable) prior to the installation of each edit, or an administrator can opt to automate the entire installation process. It also possesses a debug property, which allows the admin to simply review the proposed changes for each level. Each grouping of edits can be tailored by modifying the $DEFCON value. All notes regarding this script's use are in the source code of the script.

Chown
Added 2001-10-22
by Richard Puckett, rpuckett@snl.com
CHOWN.ZIP is a GUI NT equivalent to the UNIX tool. Microsoft claims that the ownership process of NTFS file objects in NT is a two-part process, requiring that the user possess the right to take ownership (granted by the original object's owner/admin), then forcing them to execute the ownership right. This is to protect object ownership from "Rogue Administrators". This two-part ownership process is undesirable for administrators, who would prefer to just "give" ownership of file/directory objects to a particular user or group. This tool was written to show that the Owner ACL of a file/directory object can be overwritten with a modified replica Securirty Descriptor and elevated use of the SeRestorePrivilege (Tested to NT SP6). Source Code included with EXE.

Logout
Added 2001-10-22
by Richard Puckett, rpuckett@snl.com
Logout.zip is a project that runs on 95/NT workstations that monitors for idle activity on the station and, at a modifiable timeout variable, logs off, reboots or shuts down the NT/95 workstation. Source Code included with EXE.

lsadump2
Added 2001-10-22
by Todd Sabin, tsabin@bos.bindview.com
This is an application to dump the contents of the LSA secrets on a machine, provided you are an Administrator. It uses the same technique as pwdump2 to bypass restrictions that Microsoft added to LsaRetrievePrivateData(), which cause the original lsadump, by Paul Ashton, to fail.

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus