A shell environment variable that points to your home directory in Unix (typically, /home/hacker , where hacker is your username).

See Also environment variable .

A shell environment variable that stores your username. To see your current username/logname in Unix, type echo $LOGNAME at a shell prompt.

See Also environment variable .

A shell environment variable that stores your path in Unix and Windows (or, the list of directories the shell will examine when searching for files). A typical path might look like this: /bin:/usr/bin:/usr/local/bin:/usr/man:/usr/X11R6/bin. Colons separate directories.

See Also environment variable .

A Web environment variable that stores the IP address of the remote client browser.

A Web environment variable that stores the host name of the remote client.

A Web environment variable that stores the remote user name if supporting RFC 931 identification.

A Web environment variable that stores the user name used to validate authentication from the remote client. Great for use in password-protected sites.

This character matches any series of characters established by the preceding metacharacter’s rule.

This file extension denotes an awk program (Example: count.awk).

See Also awk (gawk) .

This file extension denotes a backup file.

This file extension denotes a C programming language source file (Example: menu.c).

See Also C .

This file extension (denotes a C++ programming language source file (Example: menu.cc).

See Also C++ .

This file extension denotes a CGI program source file (Example: Webcounter.cgi). Such files probably contain Perl programs, which are also sometimes named with a .pl extension.

See Also Perl .

This file extension denotes a configuration file (Example: access.conf).

This file extension denotes C code (for preprocessing).

This file extension denotes a C shell program file (Example: cut.csh).

See Also C shell .

This file extension denotes a data file that could originate from almost any platform.

This file extension denotes a database file (Example: users.db).

This file extension denotes either a plain text file or a Microsoft Word document.

This file extension denotes a compressed file (Example: package.gz).

This file extension denotes a C programming language header file.

The Apache access file.

The Apache htpasswd password database (for password-protecting Web sites).

This file extension denotes a Perl script file.

See Also Perl .

This file extension denotes a postscript file.

See PostScript.

This file extension denotes a Python program file.

See Also Python .

This file extension denotes a bourne shell script.

File extension that denotes that the specified file has within it server-side include (SSI) directives.

This file extension denotes a tar archive file.

See Also Tcc.tar .

This file extension denotes a Tcl program.

See Tcl.

This file extension denotes a compressed tar file (Example: package.tgz).

This file extension denotes a compressed file (Example: package.tgz).

Use ; to separate shell commands you want to execute sequentially (command1;command2). ; is also used in some programming languages (Perl, C, C++) to end a statement. For example: printf("This statement ends with a semicolon )";

Use ? to match any single character, especially when specifying files or directories. Apache treats ? in a traditional regular expression context; for example, ? will match either zero or one instance of any character.

Use | to pipe commands or force one command’s output to become the input of another. For example, suppose you want to look at logs of the last 10 root logins. Try this: last root | head -10. This will grab all recorded logins for root (last root). The resulting output then becomes input for head, which extracts from last’s output the most recent 10 logins (head -10).

|| represents a logical OR between two or more expressions. The statement command1 || command2 tells the shell that if command1 fails, execute command2.

Use < to redirect input to a file or process. In various languages, < is also a comparative operator, the “less-than” symbol.

The <Limit> directive applies access control to the HTTP methods you specify. Methods are ways a client can request a URI (or an operation thereon) from a server.

<VirtualHost> applies the access control rules you specify to one virtual host. It thus enables you to specify different access control rules to different virtual hosts.

Issuing the >& file combination redirects STDOUT and STDERR to a file (and overwrites that file).

See Also standard output (STDOUT) , standard error (STDERR) .

Use > to redirect output to a file. The command dir > dir-listing.txt will redirect your directory-listing request (dir) to a file (dir-listing.txt). Also, in various programming languages, > is a comparative operator, the “greater-than” symbol.

Use >> to redirect and append data to a file. This differs from >. >> appends information, adding text to the end without overwriting it.

3DES is another way of referring to Triple DES, where DES runs through three levels of encryption.

See Also Data Encryption Standard (DES) .

Authentication, Authorization, and Accounting.

The absolute path is the specified resource’s full path, beginning at root. In reference to URLs in scripts, an absolute path is the whole shebang, either on the inside (/var/http/myhost.com/index.html) or the outside (http://www.myhost.com/index.html), as opposed to a relative path such as myhost.com/index.html.

A list wherein you specify what system resources you’re allowing users to access (and which users can obtain such access).

(Apache constant) Access control restrictions inside <Directory> or <Location> directives.

The AccessFileName directive specifies the file that contains Apache’s htpasswd access control rules.

The Account Policies Snap-in lets you set password and account lockout policies.

In many operating systems, you can establish user logon and password policies. For example, how long is a user’s password valid? Should she be allowed to change it?

A statement from some authority that your Web site and business practices are secure or lend to security.

Exploit for the AceDirector half-closed session vulnerability. Released in 2002.

Microsoft’s directory server starting with Windows 2000. It is used for authentication, authorization, and many other purposes.

ActivePerl is Perl for Windows platforms.

The total memory addressable by a machine or program.

A hostname or URL on the World Wide Web.

Lets you add or delete users en masse and works like this: you create a comma-delimited file specifying users, global groups, and local groups (one record per line). Addusers.exe then steps through the file—record-by-record— and adds or deletes the users you specify.

The Administrative Tools applet leads to applets, controls, applications, and snap-ins that control the majority of your security policies. You reach the Administrative Tools applet by clicking on My Computer → Control Panel → Administrative Tools.

Asymmetric Digital Subscriber Line.

Script that exploits the Avirt Gateway 4.2 remote vulnerability. Released in 2002.

A tool for wireless LANs that recovers encryption keys by passively monitoring transmissions, and computing the encryption key when enough packets have been gathered. Works on both 40- and 128-bit encryption. Released in 2002.

Use the AllowOverride directive to specify what global access control directives a local .htaccess file can override. You specify overrides in either incisive or sweeping fashion.

The Anonymous directive, included in mod_auth_anon, grants anonymous users access to password-protected areas. Think of Anonymous as a second cousin to FTP’s anonymous user, where you send your email address (or any arbitrary string) as your password. The difference is that Apache’s Anonymous directive grants anonymous users access without requiring any password.

The Anonymous_Authoritative directive, included in mod_auth_anon, when activated, denies access to all but anonymous users or user IDs. Hence, if a user enters any value but a valid anonymous ID, Apache denies access to the specified resource.

Anonymous_LogEmail, included in mod_auth_anon, when activated, logs passwords that anonymous users provide to error_log. Hence, if users provide their email addresses as passwords, you retain a record of them.

The Anonymous_MustGiveEmail directive, included in mod_auth_anon, when activated, requires anonymous users to supply their email addresses as passwords.

The Anonymous_NoUserID directive, included in module mod_auth_anon, when activated, allows users access without supplying a user ID. Hence, when the username/password window pops up, users can simply strike the Enter key or choose OK. Either action is sufficient to obtain the requested URI.

Anonymous_VerifyEmail, included in module mod_auth_anon, when activated, instructs Apache to verify—or try to verify—that visitors supply a valid email address.

Apache Chunked Transfer vulnerability scanner for Windows. Released in 2002.

Script that exploits the Apache chunked-encoding memory corruption vulnerability. Released in 2002.

Script that exploits the FreeBSD, NetBSD, and OpenBSD Apache chunked-encoding memory corruption vulnerability. Released in 2002.

Script that exploits the Apache chunked-encoding memory corruption vulnerability. Released in 2002.

Denial-of-service exploit for the Apache chunked-encoding memory corruption vulnerability. Released in 2002.

apimon watches processes for API calls and page faults. It’s an especially useful tool for programmers.

Exploit for the QuickTime remote buffer overflow vulnerability. Released in 2002.

A Java program that runs in Web browser environments that contain a Java Virtual Machine. Applets add graphics, animation, and dynamic text to otherwise boring Web pages. Applets can have security implications, however.

The AppleTalk Network Device Analyzer is a discovery and diagnostic tool for AppleTalk networks. Suppose you want to map an AppleTalk network and determine which machines run MacOS and which run W2K. AppleTalk Network Device Analyzer does this and more. For example, you can determine which boxes have attached or shared-out printers.

Application Log reports application alerts and critical, informational, and warning events (such as device failures, conflicts, crashes, and so on). You reach it through Event Viewer (My Computer → Control Panel → Administrative Tools → Event Viewer).

appsec is a strictly Windows 2000 Server tool and it’s a must-have in enterprise environments. It lets you centrally manage which applications users can access. Interestingly, it even whittles this down to the binary’s precise location. For example, suppose you restrict access to W2K’s solitaire game. sol.exe is located in C:WINNTsystem32 by default. If wily users discover that they can’t execute the game from there, they might copy it to another location. Alas, their efforts would be fruitless, because appsec.exe lets you specify the only location from which anyone can execute the file. A pretty nifty tool.

Cipher that employs a public-key/private-key cryptosystem. In such systems, A encrypts a message to B’s public key. From that point on, the message can only be decrypted using B’s private key.

Asynchronous Transfer Mode.

The state of a given file or directory and whether it’s readable, hidden, system, or other.

Your audit policy establishes what security events you log to file. For example, you can log user logons, policy changes, reboots, and so on. These events can be significant in a security context.

Data used to record, track, analyze, and report network activity and the path you take to derive that data from its source. Raw access logs from your Web server are good examples. To polish these, you might use a script that mines the data and formats it cleanly. From there, you can isolate events (for example, requests for a particular file from a particular address) and from this, you can ascertain facts about an attack.

Loosely defined, a systematic analysis of your system or business practices. Its purpose in this context is to ascertain if you maintain best practices. Less loosely defined, a proactive test of your security controls and your server’s ability to survive, record, track, analyze, and report attacks.

auditpol is a command-line utility for viewing and modifying audit policies, which also lets you do so from within automated scripts. For example, you could create a script to check all W2K machines in your domain to ensure that auditing is enabled in the System, Logon, Object, Privilege, Process, Policy, Sam, Directory, and Account categories. If the script finds that a category’s auditing is disabled, it can enable it. By default, auditpol prints the current policy settings.

The AuthAuthoritative directive, included in mod_auth, lets you specify whether Apache can pass authorization procedures to lower-level modules instead of using simple .htaccess authentication. (This only works when Apache cannot find a matching user ID and rule for the specified user. In all other cases, Apache proceeds with normal .htaccess authentication as specified in your configuration files.)

The AuthDBMAuthoritative directive, included in mod_auth, lets you specify whether Apache can pass authorization procedures to lower-level modules instead of using simple DMB-based authentication. (This only works when Apache cannot find a matching user ID and rule for the specified user. In all other cases, Apache proceeds with normal DBM authentication as specified in your configuration files.)

An Apache directive that stores the location of the DBM file containing the list of user groups for user authentication.

An Apache directive that stores the location of the DBM file that contains the list of users for user authentication.

The AuthDBUserFile directive, included in mod_auth, lets you specify the DB file’s name. Such files contain username/password pairs for use in DB-based authentication (with crypt() passwords).

To verify a user’s, host’s, or session’s identity or integrity.

The process of authenticating a user, host, session, or process.

An Apache directive that stores the location of the (text) file that contains the list of user groups for user authentication.

The AuthLDAPAuthoritative directive, included in mod_auth, lets you specify whether Apache can pass authorization procedures to lower-level modules instead of using simple LDAP-based authentication. (This only works when Apache cannot find a matching user ID and rule for the specified user. In all other cases, Apache proceeds with normal LDAP authentication as specified in your configuration files).

An Apache directive that sets the authorization realm’s name for directories.

A user’s right to access resources.

The AuthType directive, included as a core Apache functionality, lets you specify the user authorization type for the specified directory.

An Apache directive that sets the name and location of the (text) file containing the list of users and passwords for user authentication.

A text-processing and scanning language. Also called gawk (gawk is a free GNU awk variant).

A hidden hole left behind by an intruder or programmer that gives him future access to his victim host.

A popular cracker tool that allows remote access to a Windows box.

A tool that bypasses outbound restrictions of personal firewalls by embedding an HTTP client in a dll. Released in 2002.

To preserve a file system or files, usually for disaster recovery. Generally, you back up to tape, floppy disk or other, portable media so you can store something safely for later use.

The Bruteforce Exploit Detector is a Perl script that remotely detects unknown buffer overflow vulnerabilities in FTP, SMTP, and POP daemons. Released in 2002.

Compile-time directive that enables Apache to run as root even after it starts.

Systems that authenticate users by biological characteristics, such as their face, fingerprints, or retinal pattern.

A 64-bit encryption scheme developed by Bruce Schneier. Blowfish is often used for high-volume, high-speed encryption. (Blowfish is reportedly faster than both DES and IDEA.) To learn more, go to http://www.counterpane.com/blowfish.html.

A Unix-based library that attempts to make it easy to write buffer overflow exploits. Released in 2002.

Bi-Phase Shift Keying.

Basic Rate Interface ISDN.

Any network message sent to all network interfaces, or the practice of sending such a message.

browmon, short for Browser Monitor, monitors browsers (applications using the Windows Browsing Service) of a given domain. Browmon.exe is useful chiefly in determining whether all browsers in a given domain are operating correctly. It has an alarm function too, so you can address problems immediately and thus avoid those pesky support calls (“Hello? IT? I don’t see any computers in my list.”)

A Microsoft-centric diagnostic tool for Web developers and system administrators. It enables you to analyze IIS Web client requests and determine a client’s environment variables, the request’s associated privileges, and the relevant security identifiers (SIDs). Also catches the client IP, remote host, remote user, and so on.

A bug is a hole, weakness, or flaw in a computer program, typically related to programmer error or sloppiness.

See Also vulnerability (hole) .

A Unix command interpreter with C-like syntax.

The C programming language.

Object-oriented programming language that resembles C but is, some say, more powerful. C++ relies heavily on inheritable classes.

Command, Control, Communications, Computers, and Intelligence—an information warfare term.

See Certificate authority .

Exploit for the ICQ buffer overflow vulnerability. Released in 2002.

cacls displays or modifies file access control lists (ACLs). Using cacls, you can change view or change file permissions such as read, write, and so on. cacls is great for doing this on the fly, within scripts, such as where you need a quick way to grant or restrict a specific user rights on multiple files in disparate directories (perhaps even, if you have Expect installed, located on different machines).

Carrierless Amplitude Phase Modulation.

Constant Bit Rate.

cconnect (the Con-Current Connection Limiter) is an administrative tool for detecting, assigning, and managing concurrent user connections. Some administrators don’t fret over concurrent user connections and allow their users free reign. However, beyond security concerns, concurrent user connections can sometimes unacceptably tie up system resources. Cconnect.exe simplifies the process of tracking and denying concurrent connections.

Centurion checks any CGI script on a remote server for vulnerabilities such as directory traversal bugs, null byte, and incorrect filtering of metacharacters. Released in 2002.

The Computer Emergency Response Team. CERT assists victims of cracker attacks and provides valuable research to the Internet community at large. Learn more at http://www.cert.org.

Trusted third party that issues security certificates and verifies their authenticity. The most renowned commercial certificate authority is VeriSign.

Either the end result of a successful security evaluation of a product or system, or an academic honor bestowed on one who successfully completes courses (such as MCSE/A+ certification).

A numeric value composed of the sum (or a finite number) of a file’s bits. Checksums can verify file integrity. For example, many network programs use checksums to verify that transmitted data arrives at its destination intact. Typically, network applications generate the checksum at the data’s origin and transmit this value to the receiving application. Receiving applications then recalculate the data’s checksum. If there’s a match, everything went smoothly. If not, the data was damaged in transit, and the applications attempt a resend.

chkdsk, an old favorite, reports a disk’s current status, including size, utilization, errors, and so on. On NTFS volumes, it also verifies files, indexes, and security settings.

A restricted environment in which processes run “in prison” so to speak; these cannot access the filesystem at large (outside of the environment you specify).

Perl script that exploits the Cisco 677/678 Telnet overflow denial of service vulnerability. Released in 2002.

Script that exploits Cisco 2600 routers the spoofed snmpv1 get request vulnerability. Released in 2002.

The path to your Java classes.

Software that interacts with a specific server application. WWW browsers (Netscape Communicator, Internet Explorer, Opera, Mozilla) are WWW clients. Developers design them specifically to interact with Web servers.

A networking model wherein one server can distribute data to many clients. The relationship your Web server has to Web clients or browsers is a client-server relationship (Apache being the server, browsers being the clients). In this model, the server generally performs computational services and returns results to the client. Most network applications and protocols are client-server oriented.

Script that exploits the CMailServer buffer overflow vulnerability. Released in 2002.

A standard that specifies programming techniques to pass data from Web servers to Web clients. CGI is language-neutral. CGI programs can therefore be written in Perl, C, C++, Python, Visual Basic, BASIC, and shell languages. CGI programs can raise security issues.

comp compares two files’ contents (similar to Unix’s diff).

Script that exploits the Windows remote command execution vulnerability. Released in 2002.

The principle or policy by which data is sensitive or privileged, and therefore not for general consumption or viewing.

An ARP cache poisoner that allows you to see traffic in a switched environment such as a cable modem network. Released in 2002.

Procedure or procedures you undertake when an emergency or disaster arises. Example: What if your Web server goes down? What if this occurs on a weekend? Can you get someone to fix it? You must have a contingency plan to handle unforeseen circumstances.

Apache server source file that contains server core functionalities, including options and commands that control other modules, NCSA backward compatibility, URL handling, and so on.

Commercial-off-the-shelf.

Any action or technique that minimizes or eliminates a threat.

Any software, procedure, or technique that circumvents security. Less loosely defined, a crack is a Unix-based password cracker called Crack. Also: to breach system security or commercial software registration schemes.

Someone who unlawfully and with malice breaches system security.

When a system fatally fails and requires a restart.

Exploit for the Sun JRE denial of service vulnerability. Released in 2002.

CRC is Cyclic Redundancy Check, an operation to verify data integrity.

The science of secret writings. In cryptography, you scramble your writings so they remain unreadable to unauthorized personnel. Theoretically, only authorized users can unravel an encrypted message. However, your encrypted message’s ability to evade unauthorized eyes depends on the type and strength of encryption you use.

The CustomLog directive, included in mod_log_config, lets you set a log filename, a log format, and a conditional environment variable for logging.

Common Vulnerabilities and Exposures is a standardized list of vulnerabilities names available at http://www.cve.mitre.org/.

Script that exploits the Informix SE buffer overflow vulnerability. Released in 2002.

DAC provides the means for a central authority to either permit or deny access to all users, and to do so incisively based on time, date, file, directory, or host.

IBM Encryption standard originating in 1974 and published in 1977. DES was the U.S. government standard for encrypting nonclassified data.

Data integrity refers to the state of files. If files are unchanged and no one has tampered with them, they have integrity. If someone has tampered with them, their integrity is breached or degraded.

An attack that deploys hidden or encapsulated data designed to flow through a firewall undetected.

Script that exploits the Microsoft ASP.NET buffer overflow vulnerability. Includes targets for IIS5 Chinese SP0, SP1, and SP2 and English SP2. Released in 2002.

A condition wherein your server becomes inoperable after an attack. When an attacker undertakes a denial-of-service attack, he seeks to disable your server and thereby deny service to legitimate users.

Tool that tries to guess Lotus Domino HTTP passwords. Released in 2002.

Dictionary or wordlist attacks work like this: Crackers obtain your encrypted passwords and, using the same password algorithm as your system, encrypt many thousands of words. They generally derive the words from dictionaries, hence the name. Their software then compares each newly encrypted word to your encrypted passwords. When a match occurs, that password is deemed cracked.

A security extension for HTTP that provides only basic, nonencrypted user authentication over the Web. To learn more, please see RFC 2069.

Digital certificates are typically numeric values derived from cryptographic processes, and you or Apache can use these to verify users or hosts.

A libnet/libpcap-based packet sniffer and DNS spoofer tool that supports tcpdump style filters that allow you to specifically target victims. Released in 2002.

See denial-of-service attack .

Script that exploits the Linux Kernel d_path() Path Truncation vulnerability. Released in 2002.

A program that displays detailed statistics on all currently loaded drivers.

The Digital Signature Algorithm. DSS makes use of the Digital Signature Algorithm, and lets you or Apache identify a message’s sender and authenticity. Find DSS specifications in the National Institute of Standards and Technology’s (NIST) Federal Information Processing Standard (FIPS) 186: http://www.itl.nist.gov/div897/pubs/fip186.htm.

dumpel dumps event log data into tab-separated output, which makes it easier to write a program to process the log.

dureg reports on registry space taken and provides a registry tree.

efsinfo reports various statistics and status on files encrypted using the Encrypted File System (EFS). For example, efsinfo displays certificate thumbnails, whether files are encrypted, and so on.

Script that exploits the Mozilla malformed email denial of service vulnerability. Released in 2002.

An automated reverse engineering tool for the ELF format that has a sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many others with an integrated hexdump. Released in 2002.

The process of scrambling data so that it’s unreadable by unauthorized parties. In most encryption schemes, you must have a password to reassemble the data into readable form. Encryption enhances privacy and can protect sensitive, confidential, privileged, proprietary, classified, secret, or top secret information.

enumprop dumps directory service object properties including GUIDs and SIDs.

Environment variables are values that denote your default shell, home directory, mail directory, path, username, time zone, and so on. Shells use these variables to determine where to send mail, store your files, find commands, and so on. Many environment variables exist, and generally your operating system sets them automatically when you login.

Evaluated Products List.

Exploit for the WiredRed e/pop v2.0.3 vulnerability. Released in 2002.

A GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. Released in 2002.

A network sniffer/interceptor/logger for switched LANs that uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Released in 2002.

Local root exploit for the Suid application execution vulnerability. Released in 2002.

Event Viewer is a logging utility that reports significant system events, application events, and security events. You reach Event Viewer through the Administrative Tools applet (My Computer → Control Panel → Administrative Tools).

exctrlst is the Extensible Counter List, which displays all currently loaded services and applications that report performance statistics. To run exctrlst, run it in from a command prompt.

execute permissions grant users, groups, or others the right to execute the specified file.

See Also read access , write access .

exetype is a virtual clone of Unix’s file utility and reports the specified file’s type, its build platform, and where it runs.

Script that exploits the UnixWare library function vulnerability. Released in 2002.

Perl script that exploits the Ezboard 2000 remote buffer overflow vulnerability. Released in 2002.

Script that exploits the OpenBSD exec C Library Standard I/O File Descriptor Race Condition vulnerability. Released in 2002.

Fiber Data Distribution Interface.

filespy lets you watch I/O requests and processes.

Loosely defined, the process of checking network packets for integrity and security. Filtering is typically an automated process performed by either routers or software. In Apache terms, a system whereby you can specify and send files to or through a filter or program that handles them in a special way.

findgrp finds group memberships for the specified user.

findstr searches for your specified text string in files or standard output. findstr is similar to Unix’ grep and supports regular expressions (and is thus a tad more flexible than find.exe).

A device (hardware or software) that refuses unauthorized users access to a host or examines each packet’s source address or content and performs some predefined operation based on what it finds therein.

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but also on the values of the parameters of the function. Released in 2002.

Script that exploits the UnixWare library function vulnerability. Released in 2002.

Exploit for the KTH eBones Kerberos4 FTP client passive mode heap overflow vulnerability. Released in 2002.

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the “Secure Networks Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection” paper of January 1998. Released in 2002.

Script that exploits the sendmail denial of service vulnerability. Released in 2002.

GNU’s awk interpreter (Unix, MSDOS).

getmac gets the localhost’s Ethernet layer address.

Script that exploits the UnixWare library function vulnerability. Released in 2002.

Compares SIDs between primary and backup domain controllers and notifies you of discrepancies. Such discrepancies indicate either foul play, database corruption, or both.

Returns your operating system installation type (Windows 2000 Professional, Windows 2000 Server, NT Workstation, and so on).

Displays members of global groups on remote servers or domains.

Script that exploits the IRCIT remote buffer overflow vulnerability. Released in 2002.

Script that exploits the MSN666 remote buffer overflow vulnerability. Released in 2002.

An advanced port scanner and a firewall rule disclosure tool that uses IP & ARP spoofing, sniffing, stealth scanning, ARP poisoning, IP fragmentation, and other techniques to perform stealthy and untrackable information collection. Released in 2002.

Degree to which you can incisively apply access controls. The more granularity, the more incisive you can get.

A collection of users represented by a value, typically a name, alias, or label. Such values let you specify file or network permissions to many individuals at once. Users belonging to the same group share similar or identical access privileges.

Copies usernames from one group on one system to another group on another (or the same) system.

Someone interested in operating systems, software, security, and networking. Misused by many people to mean cracker.

Script that exploits the Hanterm buffer overflow vulnerability. Released in 2002.

High bit-rate digital subscriber line.

Displays heap information or how data is currently paged into memory. Using Heap Manager (a component service of ntdll.dll), you can alter how such data is paged and slice it into chunks smaller than the default page size.

Exploit for the Half-Life server new player flood denial of service vulnerability. Released in 2002.

The directory your operating system drops you into when you login. In Unix, it’s typically /home/hacker , where hacker is your username. In Windows, it varies.

See Also $HOME .

A record of hostname-network address pairs. Host tables identify the name and location of each host on your network. Your operating system consults this before it begins a data transmission. Think of a host table as an address book.

A computer with a network address.

The trusted remote hosts and users database on some Unix platforms; a file that contains host names and addresses that localhost trusts.

A configuration file for tcpd, the TCP Wrapper daemon, that controls what users can access your server.

A tcpd configuration file that provides optional extensions for controlling access to your server (an extension to hosts_access).

Perl script that exploits the FreeBSD Process Information Bypass vulnerability. Released in 2002.

A language that tells Web clients how to display data. Hypertext is different than plain text because it’s interactive. In a hypertext document, you click or choose any highlighted text or link and the system retrieves the data associated with it.

A program for creating and manipulating Apache HTTP-server password files.

Denotes HTTP Forbidden status. Indicates that Apache refused to return the requested resource (typically because the client doesn’t have authorization).

Denotes HTTP Non-Authoritative response status. The content came from a third-party source, not its original home server.

Denotes HTTP Proxy Authentication Required status. (Go authenticate yourself at the proxy and come back.)

Environment variable that stores the referring document’s URL.

An executable file that starts and stops your Apache Web server.

HTTP over SSL is an encrypted version of HTTP for secure communications. Also, an Apache variable that specifies whether the server is using HTTPS.

The HTTPS_CIPHER environment variable specifies which cipher is being used.

The HTTPS_KEYSIZE environment variable specifies the session key size.

The HTTPS_SECRETKEYSIZE environment variable specifies what secret key size is being used.

Defines the largest static string buffer Apache supports (same as MAX_STRING_LEN).

A parallized login hacker that understands FTP, POP3, IMAP, Telnet, HTTP Auth, NNTP, VNC, ICQ, Socks5, PCNFS, samba, Cisco enable, LDAP, and more. Released in 2002.

The protocol used to traffic hypertext across the Internet, and the underlying protocol of the WWW.

Script that exploits the Informix SE buffer overflow vulnerability. Available in both C and Perl forms. Released in 2002.

Script that exploits the Icecast buffer overflow vulnerability. Released in 2002.

Script that exploits the Icecast v1.3.11 and below remote root vulnerability for Linux/x86. Released in 2002.

The IdentityCheck directive, included as a core feature, enables RFC 1413-style logging of remote user names. This comprises Apache’s support of the identification or ident protocol.

Perl script that exploits the Iimage display system directory disclosure vulnerability. Released in 2002.

Online demonstration exploit for the IE showModalDialog and showModelessDialog vulnerabilities. Released in 2002.

Exploit for the Internet Explorer history list vulnerability. Released in 2002.

The Institute of Electronic and Electrical Engineering.

Internet Engineering Task Force.

A Unix tool that diagnoses and configures network interfaces.

Internet Group Management Protocol.

Perl script that checks for the Microsoft IIS .HTR heap overflow vulnerability to determine whether the MS02-018 patch has been applied. Released in 2002.

Internet servers database, a file that lists what services (FTP, TFTP, and so on) your server makes available, and how your server will launch such services when other hosts request them.

Exploit URLs for the InJoin directory server vulnerability. Released in 2002.

Script that exploits the multiple InterNetNews vulnerabilities. Released in 2002.

Exploit that exploits the Interbase GDS_Lock_MGR and GDS_Drop buffer overflow vulnerabilities. Released in 2002.

Exploit that exploits the Interbase GDS_Lock_MGR and GDS_Drop buffer overflow vulnerabilities. Released in 2002.

IDEA is a powerful block-cipher encryption algorithm that operates with a 128-bit key. IDEA encrypts data faster than DES, and is far more secure.

IP security option used to protect IP datagrams. See RFC 1038 (ftp://ftp.isi.edu/in-notes/rfc1038.txt) and RFC 1108 (ftp://ftp.isi.edu/in-notes/rfc1108.txt).

Generally a command interpreter, a shell, or a program that passes your instructions to the operating system and reports the results. Less generally, a program that reads in and executes special data. Examples: a PostScript interpreter reads postscript data and displays it in documents; a BASIC interpreter runs BASIC code.

The practice of using automated systems to detect intrusion attempts.

Script that exploits the BSD exec C Library Standard I/O File Descriptor Closure vulnerability. Released in 2002.

Inter-Process Communication.

A Linux-based firewall administration tool.

An older Linux-based firewall and accounting administration tool.

ipsecpol views or modifies IPSEC policies, either on a local or remote system, and in this respect, provides the same services as the IPSEC Policy snap-in in the Microsoft Management Console. The key difference is that ipsecpol lets you perform policy changes from inside scripts. This allows you substantial lattitude in automating IPSEC policy establishment and disestablishment. (You’ll find that many W2K command-line tools exist expressly for this purpose.)

A Linux-based firewall administration tool.

Script that exploits the IRIX rpc.xfsmd remote command execution vulnerability. Released in 2002.

International Standards Organization.

A popular Sun Microsystems programming language. Learn more at http://java.sun.com/.

Registers Java classes as COM (Component Object Model) components (COM components are interoperable components that work despite being developed on different operating systems or with different programming languages).

Netscape Communications Corporation programming language that runs in Web browser environments. JavaScript has extended functionality, and under certain conditions, can affect local client systems, even reaching beyond a browser environment to the underlying system itself. It therefore can pose security risks in some cases.

Feature that lets you start and stop jobs interactively.

See Also job .

A number assigned to a particular job.

See Also job .

A running process.

Massachusetts Institute of Technology encryption and authentication system that incorporates into network applications, relies on trusted third-party servers for authentication, and armors data against electronic eavesdropping. See RFC 1510.

Kerberos Tray reports the tickets you’ve obtained during the current logon session.

Paper that describes the basic concepts and techniques used for recording keystroke activity under Linux. Also includes proof of concept. Released in 2002.

kernprof is the Kernel Profiler, a tool for watching system kernel calls and drawing statistics from the report.

A key pair consists of two elements—a private key and its corresponding public key in an asymmetric cryptographic system.

See Also key .

Loosely defined, a unique value derived from an algorithmic process that identifies a process, host, or user. In public key-private-key encryption, users have both public and private keys. They distribute their public key so others can encrypt messages with it. Such a message can only be decrypted with a user’s private key. Not even the author of that message can unravel it. Users, therefore, store their private keys securely.

Enumeration of how Apache kills processes. Choices are kill_never, kill_always, kill_after_timeout, just_wait, and kill_only_once, or never, with a SIGKILL on pool cleanup, SIGKILL after three seconds, wait forever, or send a SIGTERM and wait, respectively.

klist lists the current sessions Kerberos tickets and lets you delete them.

Exploit for the GRSecurity Linux Kernel Memory Protection vulnerability. Released in 2002.

A toolbox for network administrators and network malicious users that contains over 200 functionalities using network library lcrzo. For example, one can use it to sniff, spoof, create clients/servers, create decode and display packets, and so on. Released in 2002.

leakyapp lets you run tests to determine how the specified application performs under limited memory constraints. Chiefly, leakyapp is useful in determining whether a particular application (or application set) will fail given a specific memory allocation.

A library that contains lots of functions for easily exploiting local and remote format string vulnerabilities. Released in 2002.

A Perl module for performing whisker CGI vulnerability checks. Released in 2002.

Keystroke logger for Linux kernels v2.2 and 2.4 that records TTY activity. Released in 2002.

An open source Unix flavor that runs on widely disparate hardware architectures.

A powerful and documented kernel function-hooking library running on Linux 2.4/x86 that has been explained and had its API described in Phrack #58. Released in 2002.

The Local Policies Snap-in provides an interface for manipulating audit policies, user rights assignment, and security options. You reach it through My Computer → Control Panel → Administrative Tools → Local Security Settings.

The Local Security settings utility provides an interface to many security policy tools and settings, including Account Policies, Local Policies, Public Key Policies, and IP Security Policies. You reach it through My Computer → Control Panel → Administrative Tools → Local Security Settings.

Provides a quick, easy means of identifying users in local groups that have rights on remote domains. Using Perl (or another suitable scripting language), you can use local—in combination with other tools—to build a graphical map of users (and their group memberships) within a cluster of domains.

logevent is one of W2K’s cooler utilities. It lets you write directly to the event log from your own scripts (kind of a syslog.h situation expressly for scripts and batch files). For example, you could write a daemon that monitors user directories for specific source files or executables (perhaps a hacking utilities list). When one such file appears, your script could record that to the event log. This would give you evidence of a particular day, hour, and minute that such a tool first appeared on your system. logevent thus provides a means to extend W2K’s logging capabilities.

The LogFormat directive, available in mod_log_config, lets you specify what data Apache should log and how to format it.

logoff performs a logoff from within a command-line environment. This is useful in automating scripts that perform limited actions and then die. They can log on, perform their assigned tasks, and call logoff, thus eliminating the need for human involvement.

Logs the start and/or finish time of the called program. This is useful from a diagnostic viewpoint, as it tracks the time that a particular process took to complete.

Script that exploits the LogWatch root compromise vulnerability. Released in 2002.

Layer of the OSI Reference Model.

Perl script that exploits the Matu FTP client buffer overflow vulnerability. Released in 2002.

Perl script that exploits the Matu FTP server buffer overflow vulnerability. Released in 2002.

Defines the largest static string buffer Apache supports (same as HUGE_STRING_LEN).

Script that exploits the SHOUTCast remote buffer overflow vulnerability. Released in 2002.

A message digest algorithm that produces a digital fingerprint of specified input. Because such a fingerprint is unique, and it’s mathematically difficult to create a duplicate, developers use MD5 to authenticate file and session integrity.

A symbol common to configuration files, shell scripts, Perl scripts, and C source code. Typical metacharacters and metacharacter combinations are ., !, @, #, $, %, ^, &, &&, *, >, >>, <, <<, !=, ==, +=, ?, =, |, ||, and ~.

A flexible MIME email scanner designed to protect Windows clients from viruses and other harmful executables that work with sendmail 8.11/8.12’s milter API and will alter or delete various parts of a MIME message according to a flexible configuration file. Released in 2002.

Script that exploits the MIRC Nickname Buffer Overflow vulnerability. Released in 2002.

Mirroring is the practice of duplicating disk volumes for the purpose of redundancy. Typically you do this across separate drives, or even across separate hosts.

Perl script that exploits the MNews remote FreeBSD buffer overflow vulnerability. Released in 2002.

mod_access provides access control based on client hostname or IP address. mod_access provides this access control through .htaccess files and within <Directory>, <Files>, and <Location> directive blocks.

An Apache access control module that provides user authentication using plain text files.

mod_auth_anon provides anonymous user management, and lets you specify if, how, and where anonymous users gain entry to password-protected directories.

mod_auth_db provides user authorization through Berkeley DB (instead of DBM) files.

mod_auth_dbm provides user authorization through DBM files.

mod_auth_digest provides authentication through use of message digest algorithms. Currently, above and beyond Basic-type authentication, Apache supports digest-based cryptographic authentication using MD5. MD5 belongs to a family of one-way hash functions called message digest algorithms, and was originally defined in RFC 1321.

mod_auth_ldap authenticates clients via user entries in a Lightweight Directory Access Protocol (LDAP) directory.

mod_cgi provides Common Gateway Interface program execution. The Common Gateway Interface (CGI) is a standard that specifies how Web servers use external applications to pass dynamic information to Web clients.

A dynamic content Apache module that provides support for invoking CGI scripts using an external daemon.

A dynamic content Apache module that provides support for Windows ISAPI Extension support.

Apache module that offers an LDAP connection pool and shared memory cache.

A logging-related Apache module that is a user-configurable logging replacement for mod_log_common.

Apache module that offers Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol support.

mod_suexec provides support for running CGI scripts as a specified User and Group. This eliminates many CGI security issues, for it enables you to more incisively control script permissions.

A logging-related Apache module that offers user tracking with cookies.

Exploit for the FastTrack P2P Technology Identity Spoofing and Denial of Service vulnerability. Released in 2002.

Moves a profile’s security from one user to another.

Mscep.dll (the Certificate Enrollment Module for Routers) provides an interface through which W2K can easily enroll Cisco routers for IPSec authentication certificates.

Script that exploits 3Com 3CDaemon buffer overflow vulnerability. Released in 2002.

Verifies that backup tapes are Microsoft Tape Format-compliant, and can determine whether their data is corrupted. This lets you verify— from an automated script—that your backup was successful.

A utility for Windows which can be used to enumerate one single host or an entire class C subnet. This utility can run in two modes: query and attack. Released in 2002.

Displays current TCP/IP connections via NetBIOS, local NetBIOS names, sessions, and so on.

An up-to-date and full featured remote security scanner for Linux, BSD, Solaris, and some other systems that currently performs over 900 remote security checks. Released in 2002.

Lets you view or change network user login and password information over a network connection.

Lets you add or delete computers from the specified domain.

Lets you view and change your system’s configurable services and view statistics.

Lets you view the names of files currently open (and unlock files still locked by defunct but persistent processes).

Lets you add or modify groups on the local system.

Displays the local system’s aliases.

Temporarily suspends the specified service. Available services are File Server For Macintosh, LPDSVC, Net Logon, Network DDE, Network DDE DSDM, NTLM Security Support Provider, Remote Access Server, Schedule, Server, Simple TCP/IP Services, and Workstation.

Sends messages to other users and computers. This is especially useful to invoke from scripts that warn of a specific condition. To try it, open a command window and type net send computername Hello World .

A W2K command that lets you view or kill current client sessions.

Lets you view or kill current shares.

A W2K command that lets you view or start services.

A W2K command that lets you stop running services.

netclip is the networked clipboard viewer. Using it, you can view clipboard data residing on a remote machine.

A nifty little GUI tool that displays your current network connections.

Perl script that exploits the NetGear RO318 HTTP filter vulnerability. Released in 2002.

The W2K network shell utility, a tool that lets you configure local and remote workstations and servers via script files.

Command that shows the current TCP/IP connections, and their source addresses.

Lets you view, display, start, stop, or query network services. A simple query, for example, will list all services, their handles, and their display names.

A popular network operating system from Novell.

A popular Unix authentication system originally created by Sun Microsystems. Formerly called the Yellow Pages system.

An Ethernet card.

A utility for port scanning large networks. Released in 2002.

Network Security Analysis Tool is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers, the machine, and much more. Released in 2002.

Exploit for the Microsoft Windows NTFS file hiding vulnerability. Released in 2002.

Lets you grant or revoke user and group rights from a command-line environment. Most commonly, administrators use this to automate the establishment of their preferred rights schemes on new installations. However, you could also use ntrights in IDS scripts (if a user does x, revoke his rights).

Script that exploits the OpenBSD root compromise vulnerability. Released in 2002.

Exploits the Interbase GDS_Lock_MGR and GDS_Drop buffer overflow vulnerabilities. Released in 2002.

Reports all the current open windows’ handles and therefore bears a vague resemblance to Unix’s ps, which shows the numbers and names of current processes.

A password generated dynamically during a challenge-response exchange. OTP-enabled systems generate such passwords using a predefined algorithm, but are highly secure, because they’re good for the current session only.

Database system for large enterprises.

Script that exploits the OpenSSH channel_lookup() off by one vulnerability. Released in 2002.

Script that exploits the ICQ for MacOS X denial of service vulnerability. Released in 2002.

User, host, or process with authorization to read, write, or otherwise access a given process, file, directory, user, or host. Generally, you as system administrator assign ownership, although your system may sometimes automatically assign it during an automated task.

Script that exploits the GNU screen braille module buffer overflow vulnerability. Released in 2002.

Data sent over networks is fragmented into manageable chunks called packets, or frames. The protocol used determines their size.

Measures system performance in various areas, including CPU time, interrupt time, user time, and so forth. It graphically and dynamically displays this information in real time.

Displays system performance in various areas, including CPU time, interrupt time, user time, and so forth, all in a command-line environment.

Practical Extraction and Report Language, a programming language suited to network programming, text processing, and CGI.

Copies share and file permissions from one share to another.

Reports the specified users permissions on the specified files.

Pretty Good Privacy, a public key-private key encryption system that offers high-grade encryption and privacy. Learn more about PGP at http://web.mit.edu/network/pgp.html.

Exploit for the multiple QNX RTOS vulnerabilities. Released in 2002.

Exploit for the multiple QNX RTOS vulnerabilities. Released in 2002.

Script that exploits the multiple QNX RTOS vulnerabilities. Released in 2002.

Exploit for the multiple Phusion Webserver vulnerabilities. Released in 2002.

Exploit for the multiple Phusion Webserver vulnerabilities. Released in 2002.

Exploit for the multiple Phusion Webserver vulnerabilities. Released in 2002.

Exploit for the multiple Phusion Webserver vulnerabilities. Released in 2002.

Exploit information for the multiple Phusion Webserver vulnerabilities. Released in 2002.

Tests checks remote hosts to see whether they’re alive or reachable, and reports packet loss and other network statistics.

Script that exploits the QNX RTOS PKG-Installer buffer overflow vulnerability. Released in 2002.

Script that exploits the Posadis m5pre2 local format string vulnerability. Released in 2002.

A patch that adds PPP authentication brute force password guessing support to Linux pppd. Released in 2002.

A program or job that is currently running.

PromiscDetect for Windows NT 4.0/2000/XP checks whether your network adapter(s) is in promiscuous mode. Released in 2002.

Hardware or software that can monitor or intercept network traffic.

A Unix command that lists current processes.

pstat lists all running processes.

Public Switched Telephone Network.

Perl script that exploits the PsyBNC oversized passwords denial of service vulnerability. Released in 2002.

Builds and displays the process inheritance tree and lets you kill processes locally or remotely.

Lists all running processes, their PID, and the associated user. In this respect, pulist is very similar to Unix’s ps utility, and is useful for monitoring what users are up to.

Perl script that exploits the SLRNPull spool directory command line parameter buffer overflow vulnerability. Released in 2002.

An object-oriented scripting language that can be used for CGI development.

Exploit for the multiple QNX RTOS vulnerabilities. Released in 2002.

A quick-and-dirty process CPU utilization monitor. It graphically demonstrates the CPU usage of each running application.

Tests a given network connection’s quality of service.

A large amount of connected hard drives that together act as one drive. Helps with data redundancy, backups, performance, and disaster recovery.

A security auditing utility for C, C++, Python, Perl, and PHP code. Released in 2002.

The client for the rcmdsvc server, this provides a convenient way to execute commands on remote machines, and functions similarly to Unix’s rsh.

The server for the rcmd client, this is a service that provides a convenient way to execute commands on remote machines, and functions similarly to Unix’s rshd.

Copies the specified file to or from a machine running the rcp server.

When a user, group, or extenal users have read access only, they can read a particular file.

When a file is read-only, users can read it but not write to it.

Reduces tracelog output to a report on per-thread processes.

Lets you back up registry data without backing up to traditional backup media; it instead redirects the data to a file or files. This offers a quick-and-dirty way to perform registry restore (a wise move, because sometimes, registry corruption can block your ability to perform a traditional restore). Also, you can perform registry backups from scripts on the fly.

Dumps your registry information, such as username and domain membership, local and roam profile settings, group membership, group policies, and so forth, to STDOUT. The report is extensive and lets you view (and perhaps act on) registry information from within scripts (or pipe such information to other programs).

Lets you search the registry from a command-line environment for strings, keys, and such.

Restores registry backup files you created with regback, a tool that writes registry backups to files rather than traditional backup media such as tapes.

How to Remotely Exploit Format String Bugs tutorial that includes information on guessing the offset, guessing the address of the shell-code in the stack, using format string bugs as debuggers, examples, and so on. Released in 2002.

Requests for Comments (RFCs) are the working notes and standards of the Internet community. Learn more at http://www.ietf.org/.

The superuser, or all-powerful administrative account in Unix.

A Remote Procedure Call endpoint diagnostic tool that determines whether RPC endpoints are healthy.

RSA is the Rivest-Shamir-Adleman public key cryptographic algorithm and system.

Any directive with this bit set can appear in global or server-wide config files.

Resource Reservation Protocol.

Real-Time Transport Protocol.

Lets you add a Run option for files you right-click in Explorer (and an options input box to pass parameters). For example, suppose you want to run a script from within Explorer. If the script takes parameters or arguments (and you don’t use runext(), you have no way of passing those parameters to the script; Explorer will simply execute it. runext solves this problem.

One-time password system that secures connections. In S/Key, passwords never travel over the network, and therefore attackers cannot sniff them. See RFC 1760 for details (ftp://ftp.isi.edu/in-notes/rfc1760.txt).

Exploit for the PHP MySQL Safe_Mode filesystem circumvention vulnerability. Released in 2002.

Script that exploits the SalesCart customer database disclosure vulnerability. Released in 2002.

Sample URLs for the Sambar server script source Disclosure vulnerability. Released in 2002.

A diagnostic tool that lets you start and stop NT Service Controller-driven services from within scripts. Using sc, you can control these services thorough a wide range of commands, including query, start, stop, pause, config, failures, and so forth.

Lets you scan the registry for arbitrary text strings to find names, keys, and so on.

Apache server source file that contains scoreboard functions, including those dealing with IPC. Includes apr.h, apr_strings.h, apr_portable.h, apr_lib.h, apr_want.h, sys/types.h, ap_config.h, httpd.h, http_log.h, http_main.h, http_core.h, http_config.h, ap_mpm.h, mpm.h, scoreboard.h, and apr_shmem.h.

Exploit for the GNU screen braille module buffer overflow vulnerability. Released in 2002.

A security protocol that enables client/server applications to communicate free of eavesdropping, tampering, or message forgery. SSL is now used for secure electronic Web commerce, and has been renamed TLS.

Reports security-auditing events (such as object access, logons, and so on). You reach it through Event Viewer (My Computer → Control Panel → Administrative Tools → Event Viewer).

Passes not just username but password in authentication.

Local exploit for the sendmail denial of service vulnerability. Released in 2002.

Script that exploits the NewAtlanta ServletExec ISAPI 4.1 remote denial of service vulnerability. Released in 2002.

Secured Electronic Transaction. A standard of secure protocols associated with online commerce and credit card transactions. Visa and MasterCard are the chief players in development of the SET protocol. Its ostensible purpose is to make electronic commerce more secure.

The practice of isolating encrypted password values so that they’re beyond an attacker’s reach. The passwords are still usable, but hidden from prying eyes. These often reside in /etc/shadow on Unix.

The Shared Folders utility, available through Microsoft Management Console, offers a centralized interface to manage shares, sessions, and open files. You reach it through My Computer → Control Panel → Administrative Tools → Shared Folders.

Perl script that exploits the CGIScript.net information Disclosure vulnerability. Released in 2002.

A command-line tool that lets you dump acls for files, folders, and trees to STDOUT, thus offering a means to query and identify user permissions via automated scripts.

Prints user group memberships to STDOUT.

A Unix program that displays exported file systems.

Lets you examine (from STDOUT) a specific group’s or user’s privileges. For example, you can use it to discover who has backup privileges, who can increase quotas, who can access and manage security logs, and so forth.

A keystroke logging tool that runs under several Windows versions. Released in 2002.

Script that exploits the SimpleInit inherit file descriptor vulnerability. Released in 2002.

Perl script that exploits the SLRNPull spool directory command line parameter buffer overflow vulnerability. Released in 2002.

Exploit for a buffer overflow vulnerability in the snes9x Nintendo emulator. Released in 2002.

Hardware or software that captures datagrams on a network. Users can deploy sniffers legitimately (to diagnose network problems), or illegitimately (to crack network passwords and subvert security and privacy).

A Windows GUI SNMP detection utility that can quickly and accurately identify SNMP-enabled devices on a network. This utility can effectively indicate devices that are potentially vulnerable to SNMP-related security threats. Released in 2002.

Raw uncompiled program code that when compiled (or simply run) will constitute an application or program.

Procedure in which a user or host impersonates another user or host to gain unauthorized access to a trusting target.

Exploit for the SquirrelMail theme remote command execution vulnerability. Released in 2002.

Relational database query language.

Document that describes SQL injection attack Web applications by submitting raw SQL queries as input. Released in 2002.

Script that exploits the Progress sqlcpp local buffer overflow vulnerability. Released in 2002.

A paper on a technique for exploiting Web applications that uses client-supplied data in SQL queries without stripping illegal characters first. Released in 2002.

Reports all server shares and which users have access to them.

A GUI tool for managing domains and computers from a central location.

Secure Shell, a program that encrypts Telnet-like remote sessions.

Error output from programs. STDERR typically prints directly to your terminal screen in real time. However, you can redirect this output elsewhere.

Your commands are standard input. Your operating system reads commands (which you express in text) from your terminal and/or keyboard.

Output from computer programs. STDOUT usually prints to your terminal in real time, but you can redirect this elsewhere.

A W2K clone of Unix’s classic su. su lets you execute a process under a user ID other than your own. The new process inherits both the environment variables and privileges of the specified user (which could be any valid user in a workgroup or domain).

Lets administrators transfer user information on files, registry keys, and services from one domain (or workgroup) to another.

A Unix program that enables system administrators to assign users the power to execute select commands as the superuser.

The Service ACL Editor lets you use Access Control Lists from a command-line environment (or in scripts) to control user access to services.

Watches services and emails you when they start or stop.

Script that exploits the BRU insecure temporary file vulnerability. Released in 2002.

A system logging server in Unix that logs system and kernel messages.

Prepares systems for cloning. You generate one solid W2K installation and then use sysprep to perform automated disk duplication.

Reports system alerts and critical, informational, and warning events (such as service failures, conflicts, and so on). You reach it through Event Viewer (My Computer → Control Panel → Administrative Tools → Event Viewer).

This will obliterate a W2K installation, including system security files that are otherwise undeletable.

Exploit for the multiple vendor TalkD user validation vulnerability. Released in 2002.

TCP Congestion paper and proof-of-concept code for a vulnerability in the TCP protocol that affects several operating systems, allowing remote denial-of-service attacks. Released in 2002.

The daemon for TCP Wrapper, which logs (and can allow or deny) Telnet, finger, ftp, and other connections on Unix platforms, and also controls access based on configuration files, such as hosts.allow.

A network-monitoring tool that logs IP packets.

The Telnet Server Administration console application, included in the Microsoft Management Console, offers a central management system for setting your Telnet server options: starting the service, stopping the service, and querying for user sessions. You reach it from My Computer → Control Panel → Administrative Tools → Telnet Server → Administration.

Script that exploits the Telindus router 10xx and 11xx vulnerability. Released in 2002.

Transient Electromagnetic Pulse Surveillance Technology. The practice and study of capturing/eavesdropping on electromagnetic signals that emanate from electronic devices. TEMPEST shielding is where a computer system is armored to prevent emissions, and is thus designed to defeat such eavesdropping.

Script that exploits the OpenSSH Kerberos 4 TGT/AFS token buffer overflow vulnerability. Released in 2002.

Another exploit for the OpenSSH Kerberos 4 TGT/AFS token buffer overflow vulnerability. Released in 2002.

Script that exploits the Oracle 8i TNS listener local buffer overflow vulnerability. Released in 2002.

A command-line tool to crack the secret passwords on Cisco routers. Released in 2002.

Perl script that exploits the TrACESroute terminator function format string vulnerability. Released in 2002.

Traffic analysis is the study of patterns in communication, rather than the communication’s actual content. For example, studying when, where, and to whom particular messages are being sent, instead of studying the content of those messages.

An add-on file integrity checker.

A code or application that, unbeknownst to the user, performs surreptitious and unauthorized tasks that can compromise system security.

A secure operating system for use in environments where classified information is warehoused.

Script that exploits the UCD-snmp trap handling vulnerability. Released in 2002.

User ID.

A backup power supply for when your primary power source fails.

The User directive sets Apache’s user ID (UID), or the user under which Apache will answer client requests. Never set this to root. In default installations this value is user nobody.

Generally, any value by which a user is identified, including their user name. Specifically in relation to multi-user environments, any process ID—typically a numeric value—that identifies a process’s owner.

The Users and Passwords tool lets you manage user passwords, names, and certificates. You reach it via My Computer → Control Panel → Users and Passwords.

Usrtogrp.exe is for adding users to groups on a wholesale basis. It works like this: You first place your desired users in a text file, one per line. Usrtogrp.exe then steps through the file user-by-user and adds the specified users to the domain and group you specify. Usrtogrp.exe is a great solution when you’re faced with en masse user migration.

Script that exploits the Imap4 remote Linux vulnerability. Released in 2002.

Very high bit-rate digital subscriber line.

vfi (Visual File Information) displays file characteristics in sufficient detail to constitute a low-grade file integrity assessment tool. You can use it to write scripts that detect subtle changes in your file system (and subsequently warn you of the same, or perhaps take some specified action).

A closed, private network and secure circuit over intranet or Internet lines where transitory data is encrypted and passed only between trusted points.

A library that makes heap overflow exploitation much easier by providing the user with valuable internal data from Doug Lea’s malloc implementation. Released in 2002.

Script that exploits the VPN client buffer overflow vulnerability. Released in 2002.

A system weakness (in either hardware or software) that allows intruders to gain unauthorized access or deny service.

Perl script that exploits the WarFTPd remote buffer overflow vulnerability. Released in 2002.

Perl script that exploits the WebBBS remote command execution vulnerability. Released in 2002.

A GTK/Perl program that makes the discovery and auditing of 802.11b wireless networks much easier. Released in 2002.

A tool that attempts to find SQL-injection vulnerabilities on a remote Web document. Released in 2002.

When a user, group, or public users have write access, it means that they have permission and privileges to write to a particular file or directory.

Script that exploits the SSH restricted shell escaping command execution vulnerability. Released in 2002.

Exploit for the Excel 2002 XML stylesheet arbitrary code execution vulnerability. Released in 2002.

Document that describes information regarding the Yahoo! Instant Messenger buffer overflow vulnerability and a how-to explaining the technique used to hijack another IM client. Released in 2002.

Exploit for the Yahoo! Messenger buffer overflow vulnerability for Windows XP Pro. Released in 2002.