3.2.88 - This Changelog file added to the /var/lib/operator directory - Added tclx-dev - Added Tools/misc directory that contains miscellaneous customized scripts - cleaned up /usr/src/linux directory by removing 2.4.20 kernel data and replaced with the new 2.4.21 kernel data including the .config file. - Added libgtk2.0-dev - updated ettercap from 0.6.a to 0.6.b - Added new Exploits: - L0cK's shadowcode cisco exploit ( Cisco DOS ) - ciscodos.sh by zerash@evicted.org ( Cisco DOS ) - assortment/bind/linx86_sendmail (sendmail 8.11.6 exploit) - crashers/bubonic ( Windows DOS ) - crashers/targa3 ( Windows DOS ) - Added new Tools: - disco 1.2 (passive IP discovery ) 3.2.89 - Distribution Upgrade. 119 apps upgraded to the most current version. - Added ability to make Reiser Filesystems 3.2.90 - Fixed mozilla ssl access. mozilla-psm was missing. - Modified knx-hdinstall to allow for New filesystem install or to upgrade existing partition. - Added /usr/local/bin/lockit which is a basic iptables firewall script that will block all inbound traffic except for port 22. - Added new Tools: - fake_mac.pl 0.1 - Generates & Changes your MAC Address Uses ethereal's manuf file for the 3-byte vendor prefix. 3.2.91 - Added new Tools: - smbtool-v1.0.tar.gz Netbios Tools consisting of nbview and nbreg - ADM-nbtscan - Simple script that uses ADM-smb and nbtscan to produce a summary listing of accessible smb shares. - zappa 0.1beta - backdoor using icmp and udp - cd00r - non-listening mode backdoor - vncrack_1.17 - Cracks VNC passwords - aresetter - a simple program to reset network connections - Added more descriptions for progs in Tools/rootkits - Added new Exploits: - sambal - a remote root exploit for samba 2.2.x and prior - sambash-release - 2.2.7a reply_nttrans() linux x86 remote root exploit - msqlex - Exploits a format string hole in mSQL - cisco-bug-44020 - another cisco router killer - win2kdcom.pl - Microsoft Windows 2000 RPC DCOM Interface DOS - dcom - Another Microsoft Windows 2000 RPC DCOM Interface DOS - hlbof_client & hlbof_server - Half-life exploits - hlfill - Half-life fake players bug - Distribution Upgrade. 35 apps upgraded to the most current version. - Added /etc/samba/smb.conf to allow mounting of tools using samba - Create Notes directory with some notes on how to do Shtuff - Fixed wireless detection in /etc/init.d/kismet_config 3.2.92 - Added new Exploits: - 0x82-wu262 - wu-ftpd v2.6.2 off-by-one remote exploit. - 0x82-Remote.54AAb4.xpl - Samba v2.2.x call_trans2open() Remote Overrun exploit for XxxxBSD - c2900xl-crash - Crashing Catalyst WS-C2924C-XL-EN with NULL packet when SNMP is disabled. - oc192-dcom - Windows 2003 <= remote RPC DCOM exploit. Does NOT crash RPC - smbnuke - Windows SMB Nuker (DoS) - Proof of concept - CVE CAN-2002-0724 - Added new Tools: - dcom-isvuln - DCOM/RPC Vulnerability Checker - dcom_scanner - DCOM/RPC Vulnerability network scanner - welchia_scan This utility scans a network range looking for an open port 707/tcp which is the port welchia listens on after infecting a machine. - Distribution Upgrade. 60 apps upgraded to the most current version as of 08/08/03. - Modified websniff/sniffer.pl to accept interface from command line - Added xprobe2-0.2rc1 3.2.93 - Added new Exploits: - THCsql - MSSQL Server exploit for Server < SP3 - n-mysql - MYSQL -VERSION 11.13 - 11.18 Local Linux Root Exploit - RFParalyze - Microsoft Windows 9x NetBIOS NULL Name Vulnerability. This utility will attempt to crash the machine. - Added new Tools: - ftpsrvr_scan - ftp server scanner w/ banner display - nmbping.pl - Quick scanner for locating Netbios/Samba servers - Opened up tftpd to allow gets from /opt/Operator_Extras/Windows/ Tools/NTReskit/ - Added /opt/Operator_Extras/bin to your path which contains all of the executables from the Exploits and Tools directories. 3.3.1 - MAJOR Rewrite Started from scratch to better understand how Knoppix works and to select only what I want in this compilation of apps. Base Debian v3.0.r1 - Added new Exploits: - XPloit - Windows XP UPNP remote shell exploit - Added new Tools: - lcrack - Lepton's Crack is a generic password cracker. Can be used to crack hashed passwords. - juggernaut 1.2 - sniffer/hijacking tool - removed setting DISPLAY in /etc/profile. Setting this broke the setting up of X11 port forwarding via SSH - Updated Nessus plugins 3.3.2 - Added new Exploits: - rootdown.pl - Remote command executiong via sadmind - mounty - remote rpc.mountd exploit - 09.16.MS03-039-exp - Windows RPC DCOM long filename heap overflow Exploit (MS03-039) - pst-netirsex - Netris v0.5 server remote buffer overflow - netris-shash - Netris v 0.5 Remote exploit for Red Hat 8.0 - 09.14.mysql - Mysql 3.23.x/4.0.x remote exploit - Added new Tools: - CDPsniffer - Cisco discovery protocol (CDP) decoding sniffer. - p0f v2.0.1 - passive OS fingerprinting tool - netprobe-1.0b1 - network traffic monitor and analyzer - amap-4.3 - Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. - Removed p0f v1.8.3 updated with v2.0.1 - Removed cdpr-1.0.8 updated with v2.0 - Removed netprobe-0.4 updated with v1.0b1 - Removed amap-2.7 updated with v4.3 - Added grub to the collection of installed apps - Added package libmysqlclient-dev - Added package libdb4.1-dev 3.3.3 - Added new Exploits: - DSR-cfengine.pl - Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow. - Added new Tools: - netchk.bat and netchk.lnk - These files were added to the Windows/Tools/NTReskit directory. They are files that run netcat in the background listening for a connection and spawns a cmd.exe shell prompt. 3.3.4 - Added libevent0 - Distribution Upgrade. 119 apps upgraded to the most current version as of 09/29/03 - Added new Exploits: - hlclientfs - "Unknown command" format string bug test - Added new Tools: - stegtunnel 0.4 - Stegtunnel provides a covert channel in the IPID and sequence number fields of any desired TCP connection. - httptunnel-3.0.5 - httptunnel creates a bidirectional virtual data connection tunnelled in HTTP requests. - mailtunnel 0.2 - mailtunnel creates a bidirectional virtual data path tunnelled in E-Mail messages. - lsrscan 0.5.1 - lsrscan checks the behaviour of remote hosts to loose source routed packets. - lsrtunnel 0.2.1 - lsrtunnel spoofs connections using source routed packets. - arpmim-0.2 - ARP MITM attack tool - nemesis 1.4b3 - TCP/IP Packet Injection Suite - this is beta so I left 1.32 on - Airsnarf 0.2 - A rogue AP setup utility - icmpush 2.2 - ICMP packet builder - sing 1.1.5 - A fully programmable ping replacement - packit upgrade from 0.6.0c to 0.7 to 1.3b3 - Added missing libnet102 files - Added missing libpcap-dev package - Added bitchx - Advanced Internet Relay Chat client 3.3.5 - Added paketto 1.10 - contains paratrace, minewt, phentropy, scanrand. - Distribution Upgrade. 112 apps upgraded to the most current version as of 10/08/03 - fixed nessus - plugins did not show up. - fixed rebuilding of /etc/fstab during boot - fixed hosts file missing entry for operator - fixed hostname was hardcoded as laptop, changed to Operator - Added new Tools: - stunnel - Universal SSL tunnel for network daemons - Added minicom and lrzsz - Added eject 3.3.6 - Added new Tools: - Vtun - Virtual Tunnel over TCP/IP network. - cryptcat - twofish encryption enabled version of nc - Ncrypt - NMRC file encryptor/decryptor/wiper - Added new Exploits: - proftpdr00t - Remote root exploit for ProFTPd versions 1.2.7 - 1.2.9rc2 - Added package liblzo-dev - Added libdnet 1.7 - Added perl packages: libnet-pcap-perl libdbi-perl libmime-base64-perl libnet-telnet-perl libcompress-zlib-perl libgtk-perl libdbd-mysql-perl NetPacket-0.04 Proc-Daemon-0.03 Proc-Simple-1.18 Unicode-String-2.07 Unix-Syslog-0.99 - Removed package libstdc++2.10-dev - Removed package gcc-2.95 - Removed package gcc-3.2 3.3.7 - Added package tclx8.3 - Added package xpdf - Added package unzip - Added package mailutils - Added package mkisofs - Added package cloop-utils - Distribution Upgrade. Apps upgraded to the most current version as of 11/11/03 3.3.8 - Upgraded Linux Kernel from 2.4.21 to 2.4.24 - Distribution Upgrade. Apps upgraded to the most current version as of 01/11/04 - Added new Exploits: - fp30reg - Frontpage fp30reg.dll Overflow Exploit (MS03-051) - 85mod-gzip - Remote exploit for mod_gzip - 0x333hate - samba 2.2 remote exploit - Added new Tools: - brian - tool to effectively convert a switched network into a shared network - Added package traceroute - Added package hexedit - Added package ftpd - Added package unrar - Added package libnids-dev - libnet.h was missing, added - Modified whats_on to allow for IP resolution via -r option - Updated knx-hdinstall to remove installed files during an upgrade - Removed Games 3.3.9 - Distribution Upgrade. Apps upgraded to the most current version as of 03/09/04 - Added source code for genraid3r - Added new Exploits: - serv-ME - Serv-U "SITE CHMOD" exploit by SkyLined - servu - Serv-U "SITE CHMOD" exploit by lion - ex_servu - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit - MS04-007-dos - LSASS.EXE Win2k Pro Remote Denial-of-Service Exploit - php_weblinks.php - The_First_Cut_Is_The_Deepest, PHPNuke versions 6.x and greater remote php-based exploit that extracts the administrator hash using a SQL injection attack. - lftp - Remote exploit for lftp < 2.6.10 - PSOProxy - PSOProxy v0.91 remote sploit by kralor - ldaped - iMail v8.05 LDAP service remote sploit by kralor - wts_bo - Windows Telnet Service 1.2 Remote buffer owerflow - shoutcast - SHOUTcast v1.9.2 remote exploit - Added new Tools: - Ldapminer - tool to collect information from different LDAP Servers - seringe v0.2 - arp injector and redirector - tcpick 0.1.20 - tcpick is a textmode sniffer libpcap-based that can track tcp streams - 4g8 0.9b - Packet Sniffer Over Switched Network - Sambascan2 v0.3.4 - searches a network for SMB-Shares and list them. - cutter 1.02 - TCP/IP connection terminator - nast 0.2.0 - a packet sniffer and a LAN analyzer - Windows syskey tools - Includes Bkreg.exe, Bkhive.exe, Samdump2.exe and source code. Steps to remove encryption from the password hashes. - psycho_bd - PsychoPhobia Backdoor Shell - hxdef100.zip - Hacker Defender Windows RootKit - rk_044.zip - The original and first public NT ROOTKIT - FU_Rootkit.zip - The FU rootkit can hide processes, elevate process privileges - vanquish-0.2.0.zip - Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords. - Added hdparm package - Added NVIDIA nForce Network and Sound Support - Added Apache/2.0.48 - Added package php4 - Added package php4-cgi - Added package php4-curl - Added package libcurses-ruby - Added package libncurses5-dev - Added package udptunnel - Modified whats_on to send CR after connecting, version 1.01 - upgraded to kismet-feb.04.01 - upgraded to KDE 3.1.5 - changed sources.list to NOT use testing updates - modified knoppix-autoconfig - removed changing hostname to Operator after HD install. Added insmod ieee1394 for firewire support. - Added hostapd version 0.1.3 suite - Hacked hwdata config files. hwdata-0.107 did not dectect some hardware that version 0.101 did. Hmmmm - Removed /usr/share/doc from the CD to save download time. Will put on web site as seperate download. - Modified /etc/samba/smb.conf so that the NTReskit directory is shared by default when samba is started. 3.3.10 - Distribution Upgrade. Apps upgraded to the most current version as of 04/05/04 - upgraded to KDE 3.2.1-1 - Added new Exploits: - anubisexp - Remote root exploit for GNU Anubis 3.6.2 - upgraded to kismet 2004.03 devel build 20040323111108 - fixed kismet_config file. Auto configures kismet.conf file for cisco, prism, and orinoco cards. - fixed broken KDE menu links for: saveconfig, soundcardconfig - /usr/bin/ksim missing in 3.2 upgrade. Added the binary from 3.1.5 - Added package ntpdate - Added new Tools: - ttt - TCP Testing Tool (ttt) - bgpcrack v2.1 - libpcap-based RFC 2385 password cracker - tcphijack v1.1 - simple proof of concept tool for injecting spoofed UPDATEs using BGP - reset-tcp - Resets TCP connections by Slipping in the Window - phoenix2 - Tool that resets every connection you specify - naptha v1.1 - Tool to test DoS attacks. Consists of 3 tools: bogusarp, synsend and srvr - asleap v1.0 - demonstrates a weakness in the LEAP protocol - Upgraded aimSniff to version 0.9d - Upgraded packit to version 0.7.1j. This version includes the ability for the sequence number to increase by the window size. - After Operator install, ice was the default windows manager, changed to use kde3 be default. - Added hard drive install script, knx-hdinstall, to the OPERATOR Config menu - Recompiled kernel with -Os instead of -O2. This reduced the size of the kernel. - Recompiled kernel with built-in reiserfs support. - Added ability to install grub instead of lilo during HD installation - Fixed nessusd so that the plugins show up when running from the CD. 3.3.11 - Distribution Upgrade. Apps upgraded to the most current version as of 05/09/04 - New Additions to NTResKit mount point: shutdown.exe, samdump.exe, pwdump3e - Modified whats_on. Added option -s - Added new Tools: - ncovert - A file transfer system transminiting data via the sequence number. - fragrouter - network intrusion detection evasion toolkit - void11 - 802.11b attacks - airjack v0.6.6bj-alpha - includes tools from v0.6.2 - fata_jack by loud-fat-bloke - wlan_jack rip - aphopper v0.3 - automatically hops between AP's - wepattack v0.1.3 - guesses WEP Keys based on a active dictionary attack. - some tools that use nemesis - hijack_rst.sh, shroud.sh and shroud2.sh - RainbowCrack v1.2 - hash cracker - ssldump - dump SSL traffic on a network - middle2 - SMB Man-in-the-Middle attack - smbproxy - "Passing The Hash" tool that works as a proxy - tcpdump-smb v3.4-5 - tcpdump modifed to show smb data - hydra 4.0 - A very fast network logon cracker - Kreset.pl - Another tool to test TCP resets - smbrelay2.exe - NetBIOS level SMB man-in-the-middle relay attack - ffp v0.0.8 - Fuzzy Fingerprinting - Added new Exploits: - THCimail v0.1 - Imail LDAP exploit - THCIISSLame 0.1 - IIS 5 SSL remote root exploit - THCIISSLame 0.3 - IIS 5 SSL remote root exploit w/connect back - sslbomb - MS04-011 SSL Remote Denial of Service - HOD-ms04011-lsasrv-expl - Remote exploit for the Lsasrv.dll RPC buffer overflow - roseattackv2 - demonstrates eating up CPU processing time on a Windows 2000 box - JetRoot.pl - Linux root and Windows NT/2000 Administrator remote exploit for HP Web JetAdmin 6.5 - Changed /lib/modules/2.4.25/build link to point to /usr/src/linux - Included kernel includes files. /usr/src/linux/includes.tar.gz - Applied kernel patch linux-2.4.25-ntfs-2.1.6a. - Added lufs-0.9.7 - LUFS is enabling you to mount into your file hierarchy a remote computer's file system, which is accessible by various means (ftp, ssh, etc.) - Added Captive v1.1.5 - The first free NTFS read/write filesystem for GNU/Linux - upgraded chntpw to 0.99.2 040105 - this tool allows you to the change password of a user in a NT SAM file, or invoke registry editor. - Fixed firefox configuration for running from CD - Removed from the CD /etc/rc?.d/S20pcmcia script. This was due to users booting with the nopcmcia option and the script still ran. - Fixed kde menu links: netwatch, GQ - Modified KDE look and feel to use icewm theme. - Changed font size and schema for konsole terminal - modified lilo2grub.sh and knx-hdinstall to handle hard disk partitioning when using 2 disks. - Added package xvncviewer - Added missing package wine-utils - Added package libsmbclient-dev - Added package libnet-rawip-perl - Added package libnet1-dev - Added character set files for John the Ripper - modified knoppix-autoconfig to automatically set ip_forwarding. - Upgraded john the ripper to john v1.6.37 3.3.12 - Distribution Upgrade. Apps upgraded to the most current version as of 06/14/04 - Added missing monkey_jack to the airjack toolset - Added new Tools: - dos2unix.pl - simple DOS to Unix file converter - Hotspotter v0.3 - will act as an access point. Somewhat of a MITM attack. - thc-leapcrack - tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP - domtools v1.6.0 - high-level name server query tools - USS-reset-tcp v1.3 - rewrite of Paul Watson's reset-tcp w/ ability to reset connections via SYN packets - Added new Exploits: - HOD-symantec-firewall-DoS-expl - Symantec Multiple Firewall DNS Response Denial-of-Service - linksys-dhcp-exploit - Linksys dhcp memory disclosure exploit - sasserftpd - Remote exploit for the Sasser worm ftpd server - sslsniff v0.3 - Internet Explorer's implementation of SSL is vulnerable to a Man In The Middle attack. - Modified fakeap.pl - Added setting interface to master mode - Upgraded hostap(d) project from 0.1.3 to 0.2.1 - Removed hostapd config setup from init.d/kismet_config and put into init.d/setup_hostapd. Fixed problem with not copying template files to /var/lib/hostap. - Added hostap README to the $OP/Notes directory - Added package dhcp3-server - Added package libpam0g-dev - Added package uw-imapd-ssl - Added perl modules LDAPS, NIS, PAM, Radius, IMAP, Smb - Modified Airsnarf to run from CD - Added ip_forward=yes to /etc/network/options to allow ip forwarding. - Re-Added libnet-pcap-perl - Upgraded hlbof_server to verion 0.2.2 - Added package mysql-client - Added start_sprint_pcs script that works with the Novatel Wireless Merlin c201. 3.3.13 - Distribution Upgrade. Apps upgraded to the most current version as of 06/24/04 - Added new Exploits: - hlfreeze - old half-life server crasher - Added new Tools: - jad - Java decompiler - burp proxy v1.22 - Burp proxy is an interactive HTTP/S proxy server for attacking and debugging web-enabled applications. - burp spider v1.1 - Burp spider is a tool for enumerating web-enabled applications. - sock v1.01 - Sock is a simple tool for manually attacking web-enabled applications. - rrs v1.70 - a reverse (connecting) remote shell - weplab v0.0.2-alpha - Weplab is a tool to review the security of WEP encryption in wireless networks. - sbd v1.27 - sbd is a Netcat-clone, designed to be portable and offer strong encryption. - replaced /usr/bin/startkde with Operator version from /etc/kde3/debian - Re-Added package samba - Added Java(TM) 2 Runtime Environment, Standard Edition Version 1.4.2 3.3.14 - Distribution Upgrade. Apps upgraded to the most current version as of 07/19/04 - Upgraded weplab from 0.0.2 to 0.0.7-beta - Added package hotplug and hotplug-utils - Added package usbutils - Added Prism54 support - Added new Tools: - deceit - Use PPTP protocol to steal user passwd hashes by masquerading as MS-CHAP passwd change prompt - anger v1.33 - PPTP Challenge/Response Sniffer & Active Attack Addon for L0phtCrack. - aphunter - Access Point Hunter - apradar 0.52 - graphical netstumbler and wireless profile manager - proxychains v2.1 - redirect connections through proxy servers - wepwedgie v0.1.0 - EPWedgie is a toolkit for determining 802.11 WEP keystreams - wep_tools - wep_crack and wep_decrypt - lyceum v2.46 - stealth client/server backdoor that uses spoofed udp packets - VLAN testing apps - Programs from Steve A. Rouiller GIAC paper, Virtual LAN Security: weaknesses and countermeasures. Files include pvlan vlan-DE-1-2 vlan-SE-1 vtp-down vtp-up - Added new Exploits: - imap4 - Redhat 7.0 remote buffer overflow exploit for IMAP4rev1 prior to v10.234 - unsecure - Unreal secure server crasher - hlboom - Half-life server/client crasher - Added package slapd (OpenLDAP server) - Added package ldap-utils - Added package perl-curses - Added package libgtk2.0-dev - Added package libgtkmm2.0-dev - Added package perl-doc - Added package libiw-dev - Added package gpsdrive - Updated passifist from 1.0.6 to 1.0.8 w/Mysql plugin - Removed p0f v2.0.1 updated with v2.0.4 - Added /etc/pcmcia/airjack_cs.conf - Added hostap entries to /etc/pcmcia/config - Removed /var/cache/apt/*.bin - Removed /var/lib/apt/lists/* - Removed /usr/src/nvidia-kernel-source.tar.gz - Fixed java plugin for mozilla-firefox - Added lufs.o module that was removed after kernel upgrade - Upgrade Tool amap-4.3 to amap-4.6 3.3.15 - Distribution Upgrade. Apps upgraded to the most current version as of 08/27/04 - Added perl module MIME-Base32-1.01 - Added new Exploits: - HOD-ms04022-task-expl - (MS04-022) Microsoft Windows XP Task Scheduler (.job) Universal Exploit - Added new Tools: - Framework v2.2 - open-source platform for developing, testing, and using exploit code - Update NTReskit- winat.exe regini.exe regdir.exe scanreg.exe - aircrack v1.3 - an 802.11 WEP key cracker - Wifiscanner 0.9.5 - WifiScanner is a tool that has been designed to discover wireless node - Added package libterm-readline-gnu-perl - removed packages nvidia-glx nvidia-kernel-2.4.26-1-386 - removed packages nvidia-kernel-2.4.24-1-386 nvidia-kernel-common - Modified kernel Removed Blue Tooth Added HP CCISS driver Set CONFIG_VFAT_FS from y to m Unset CONFIG_JFS_STATISTICS,CONFIG_PARIDE_EPATC8,CONFIG_MCA Unset CONFIG_IEEE1394_OUI_DB,CONFIG_CYCLOMX_X25,CONFIG_SBNI_MULTILINE Unset CONFIG_ECONET_AUNUDP,CONFIG_DECNET_SIOCGIFCONF Unset CONFIG_DECNET_ROUTER,CONFIG_PARPORT_OTHER,CONFIG_APM_DO_ENABLE - Fixed pwdump3e.exe - Added functionality for cciss driver in knx-hdinstall script - Modified lilo2grub.sh script - little more acuracy in detecing partitions - Added package libglib1.2-dev - Added package cloop-utils - Modified knx-hdinstall: Added functionality for cciss driver Modified save_off to save a selected set of files from /etc when doing an upgrade instead of a full install. Backup file created will be /upgrade/backup/etc_files.tar. Reboot then extract what you need from this file. Modified progressbar routine 3.3.16 - Distribution Upgrade. Apps upgraded to the most current version as of 09/20/04 - Upgraded aircrack 1.3 to 2.0 - Added new Tools: - tcptraceroute v1.4 - A traceroute implementation using TCP packets - gwee v1.36 - Generic Web Exploitation Engine - webprobe v1.00 - Web server header probe - netwox v5.24 - Network toolbox that contains 195 tools - as_arping - The ArpSucker is a patch to iputils that allows for Global arp cache poisoning. - Added Foundstone's fport.exe to the NTReskit directory. Fport identifies unknown open ports and their associated applications. - pads v1.1.2 - passively detect networks via arp - AIR v1.2.5 - Automated Image and Restore A graphical front-end for dd and dcfldd designed to make creating forensic images of magnetic media easier for investigators and incident response personnel. - coreography v1a - Ability to view segments of memory in their entirety or limited to selected parts. - memfetch v0.05b - utility to dump memory of a running process - rda v.0.2.1c - A tool to remotely acquire data like disks, partitions, etc. - testdisk v5.4 - Helps recover lost partitions and/or make non-booting disks bootable - CmosPwd v4.3 - decrypts BIOS password stored in cmos - Upgraded sleuthkit-1.62 to sleuthkit-1.72 - Upgraded Autopsy from v1.72 to v2.0 - Upgraded tcpick v0.1.20 to 0.1.24 - Updated whats_on to v1.03 - Upgraded sara-4.1.4c ro sara-5.1.1a - Added package libncurses4 - Added package sysutils - Upgraded sbd v1.27 to v1.33 - Upgraded p0f-2.0.4 to 2.0.5 - Removed packages: koffice doc-linux-text docbook docbook-dsssl kivio-data kweather manpages-dev metacity nano xnest - Modified lilo2grub.sh script - little more acuracy in detecing partitions 3.3.17 - Distribution Upgrade. Apps upgraded to the most current version as of 12/22/04 - Added new Tools: - Upgraded from Hydra 4.0 to 4.4 - Madwifi Beta tools - ciscocrack - cracks cisco type 7 passwords - isic - a suite of utilities to exercise the stability of an IP Stack and its component stacks - Added new exploits: - CiscoCasumEst - Cisco IOS 12.x/11.x remote exploit for the HTTP integer overflow - ios-w3-vul - Cisco IOS HTTP Server Vulnerability Scanner - proz_ex - prozilla-1.3.6 format string/buffer overflow - Now updating nikto database on every new build - Added missing cloop module - Added package libldap2-dev - Added package libnet-ldap-perl - Fixed air-1.2.5 to use /var/lib/air for it's files when run from CD. - Added madwifi drivers: net/ath_hal.o net/ath_rate_onoe.o net/wlan.o net/wlan_wep.o net/wlan_tkip.o net/wlan_ccmp.o net/wlan_acl.o net/wlan_xauth.o net/ath_pci.o - Changed nessusd.conf plugins directory from /usr/lib/nessus/plugins to /var/lib/nessus/plugins - Updated weplab-0.0.7-beta to weblap-0.1.2-beta - Added package openvpn Note: Also added OpenVPN 2.0_beta15. The compiled version is installed as /usr/sbin/openvpn2 - Updated Nikto from 1.32 to 1.34 manually 3.3.18 - Distribution Upgrade. Apps upgraded to the most current version as of 4/12/05 - Added new exploits: - raptor_passwd - Solaris 8 and 9 rooter via passwd - raptor_ldpreload - Solaris 2.6 - 2.9 rooter via ld.so.1 - raptor_libdthelp - Solaris 2.7 - 2.9 rooter via libDtHelp - raptor_libdthelp2 - Solaris 2.7 - 2.9 rooter via libDtHelp - raptor_rlogin - Solaris 2.5.1 - 2.8 rooter via rlogin - binfmt_elf - Linux binary format loaders' uselib() allows local users root privilege - scanner_ndde - NetDDE Scanner - wins_exp - Wins 2000 remote root exploit - apache-squ1rt - Apache Denial of Service PoC - 0x666-ftpd - mtftpd <= 0.0.3 remote root exploit - pwned - linux 2.4 and 2.6 sys_uselib local root exploit - phpbb.pl - phpBB <= 2.0.13 'downloads.php' mod Remote Exploit - unrealmagic - Cyrus imapd 2.2.4 - 2.2.8 remote exploit by crash-x / unl0ck - Added new Tools: - VoIPong v1.1 - VOIP Call Detecter - nmbscan v1.2.4 - scans the shares of a SMB/NetBIOS network - PSTArpsniffer - Arp Sniffer - vlan v1.8 - 802.1Q VLAN implementation for Linux - yersinia v0.5.3 - Framework for performing layer 2 attacks - aireplay v2.2 - WEP decryption attack tools aircrack 2.1 package still installed that contains older version of aireplay. - hydan v0.13 - steganographically conceals a message into an application - Added honeyd-config - directory of sample configs - Added honeyd-scripts - directory of various scripts - Upgraded kernel from 2.4.25 to 2.4.30 - Pachted rainbowcrack v1.2 - additional hash algorithms: CiscoPIX, MySQL v.3.23, MySQL SHA1, NTLM, MD2, MD4 and RIPEMD160. Custom Patch: I made changes to flush output to stdout so that you can redirect to a file while running in background. - Upgraded hydra-4.4 to hydra-4.6 - Upgraded Sara-5.1.1a to Sara-5.4 - Added package nis - Updated Metasploit Framework from 2.2 to 2.3 - Added package libnet-ssh-perl - Upgrade Tool amap-4.6 to amap-4.8 - Added package ftp-ssl - removed libpcap-dev - Updated libpcap0.7-dev to libpcap0.8-dev - upgraded to kismet-2005-04-R1 - upgraded cloop-2.00 to cloop-2.01 - Upgrade to pcmcia-cs-3.2.8 - Upgraded to hostap-driver-0.3.7 - Upgraded to hostap-utils-0.3.7 - Upgraded to hostapd-0.3.7 - Added wpa_supplicant-0.3.8 - Upgraded to cdpr-2.2.0 - Added package honeyd v1.0 - Added package farpd - ARP reply daemon - Added package iisemulator - IIS emulator for honeyd - Added wlan-ng module version 0.2.1pre25 - Fixed font problem with knx-hdinstall. 3.3.19 - Distribution Upgrade. Apps upgraded to the most current version as of 5/09/05 - Added new Tools: - ophcrack v2.0 - A windows password cracker based on the faster time-memory trade-off using rainbow tables. - Added new Exploits: - ecl-winipdos - TCP/IP vulnerabilites all remote code execution and DoS, MS05-019 - openssl-too-open - a remote exploit for the KEY_ARG overflow in OpenSSL 0.9.6d and older. - HOD-icmp-attacks-poc - TCP connection reset - 101_3com - 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow - 101_calic - Computer-Associates, License Service Stack Overflow - 101_BEXEC - VERITAS Backup Exec v8.x/9.x Remote Universal Exploit - 101_ncat - NetCat v1.10, Remote Critical Buffer Overflow Exploit - 101_mEna - MailEnable , IMAP Service, Remote Buffer Overflow Exploit v0.4 - 101_slim - SlimFTPd <= v3.15, Remote Buffer Overflow - 7330ecart.pl - E-Cart remote command execution exploit. - Recompiled bad orinoco drivers. System would panic when card was removed and would not enter monitor mode. - Upgrade Tool amap-4.8 to amap-5.0 - upgraded AIR v1.2.5 to v1.2.7 - cleanup operator-templates file. Version change to 33-03 - minor change to knx-hdinstall to use new etc templates file. - Upgraded Apache 2.0.48 to 2.0.54 - Added simple homepage for when starting apache. - Added wifi documentation that contains some good info regarding wifi tools from http://www.geekspeed.net/~beetle/download/wifi_dog.html - Added package librecode0 - Startup talking sound bites heard while running X11 from the CD are now hear for all users after doing an HD install. - Fixed "Modem Dialer" shortcut under Operator/Network Configuration. This shortcut uses the kppp program which needs to run as root so an sudo entry was added. - Stripped down locales to use en_, de_, gl_ only - updated /etc/rcS.d/S00knoppix-autoconfig 3.3.20 - Distribution Upgrade. Apps upgraded to the most current version as of 10/01/05 - Modified wireless_select to use /proc/net/dev instead of /proc/net/wireless. Some cards were not showing up after they were reinserted like orinoco. - Added package aim_1.5.286 AOL Instant Messenger - Stripped down locales to use en_, de_, es_ only - upgraded hydra-4.6 to hydra-4.7 - Added BusLogic driver to the kernel so that vmware would not panic when booting after an HD install. - Updated Metasploit framework from 2.3 to 2.4 - reinstalled libnet1-dev - fixed captive-ntfs - Added new Exploits: - HOD-ms05039-pnp-expl - (MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow - HOD-kerio-firewall-DoS-expl - Kerio Personal Firewall Multiple IP Options Denial of Service - HOD-ms04031-netdde-expl - Microsoft Windows NetDDE Remote Buffer Overflow Exploit - HOD-ms04032-emf-expl - Microsoft Windows Metafile (.emf) Heap Overflow Exploit - HOD-ms05002-ani-expl - Internet Explorer .ANI files handling Universal Exploit - HOD-ms05017-msmq-expl - Message Queuing Buffer Overflow Universal Exploit - DSR-cpanel - POC for Cpanel 5 and below - cpanel-9x_RCE - POC for Cpanel 9 and below - DSR-nethack - local exploit for Nethack 3.4.0 - phpLDAPadmin - phpLDAPadmin 0.9.6 - 0.9.7 Remote command Execution - phpbb.php - phpBB 2.0.10 Remote command Execution - HP_OV_NNM_RCE - HP OpenView Network Node Manager 6.2, 6.4, 7.01, 7.50 Remote Command Execution - Added new Tools: - zebra 0.94 - Tool that manages TCP/IP based routing protocols - voipong 1.2 dev - VoIP call detector and voice dumper VoIPong is a utility which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to seperate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. - Upgraded yersinia v0.5.3 to v0.5.6 - Framework for performing layer 2 attacks - ike-scan v1.2 - Discover and fingerprint IKE hosts (IPsec VPN Servers)