Hack Tools/Exploits

Packetstorm Last 10 Files

  1. Pluck CMS 4.7.3 CSRF / XSS / LFI / Code Execution - Pluck CMS version 4.7.3 suffers from code execution, cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
  2. freeSSHd 1.3.1 Denial Of Service - freeSSHd version 1.3.1 suffers from a denial of service vulnerability.
  3. WordPress Captain Slider 1.0.6 Cross Site Scripting - WordPress Captain Slider plugin version 1.0.6 suffers from a stored cross site scripting vulnerability.
  4. Apple OS X Entitlements Rootpipe Privilege Escalation - This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
  5. QEMU Programmable Interrupt Timer Controller Heap Overflow - The programmable interrupt timer (PIT) controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and a heap overflow within the context of the host.
  6. Photo Transfer 2 1.0 Denial Of Service - Photo Transfer 2 version 1.0 suffers from a denial of service vulnerability.
  7. PayPal Stored Cross Site Scripting - A stored cross site scripting vulnerability existed in the SecurePayment page on PayPal.
  8. WordPress Responsive Thumbnail Slider 1.0 Shell Upload - WordPress Responsive Thumbnail Slider plugin version 1.0 suffers from a remote shell upload vulnerability.
  9. WordPress Navis DocumentCloud 0.1 Cross Site Scripting - WordPress Navis DocumentCloud plugin version 0.1 suffers from a cross site scripting vulnerability.
  10. Red Hat Security Advisory 2015-1693-01 - Red Hat Security Advisory 2015-1693-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source.

Packetstorm Tools

  1. Fwknop Port Knocking Utility 2.6.7 - fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
  2. OpenSSH 7.1p1 - This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  3. Faraday 1.0.13 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  4. oclHashcat For NVidia 1.37 - oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  5. oclHashcat for AMD 1.37 - oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  6. Viproy VoIP Penetration / Exploitation Kit 2.99.1 - Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
  7. Wireshark Analyzer 1.12.7 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  8. NetRipper Smart Traffic Sniffer - NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.
  9. OpenSSH 7.0p1 - This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  10. Mandos Encrypted File System Unattended Reboot Utility 1.7.0 - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Packetstorm Exploits

  1. Pluck CMS 4.7.3 CSRF / XSS / LFI / Code Execution - Pluck CMS version 4.7.3 suffers from code execution, cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
  2. freeSSHd 1.3.1 Denial Of Service - freeSSHd version 1.3.1 suffers from a denial of service vulnerability.
  3. WordPress Captain Slider 1.0.6 Cross Site Scripting - WordPress Captain Slider plugin version 1.0.6 suffers from a stored cross site scripting vulnerability.
  4. Apple OS X Entitlements Rootpipe Privilege Escalation - This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
  5. QEMU Programmable Interrupt Timer Controller Heap Overflow - The programmable interrupt timer (PIT) controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and a heap overflow within the context of the host.
  6. Photo Transfer 2 1.0 Denial Of Service - Photo Transfer 2 version 1.0 suffers from a denial of service vulnerability.
  7. PayPal Stored Cross Site Scripting - A stored cross site scripting vulnerability existed in the SecurePayment page on PayPal.
  8. WordPress Responsive Thumbnail Slider 1.0 Shell Upload - WordPress Responsive Thumbnail Slider plugin version 1.0 suffers from a remote shell upload vulnerability.
  9. WordPress Navis DocumentCloud 0.1 Cross Site Scripting - WordPress Navis DocumentCloud plugin version 0.1 suffers from a cross site scripting vulnerability.
  10. FENIX 0.92 Buffer Overflow - FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.

Securiteam Exploits

  1. Betster Multiple SQL injection vulnerabilities - Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
  2. Cisco TelePresence Server On Virtual Machine Local Privilege Escalation Vulnerabilities - Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges
  3. EMC RSA Certificate Manager Administration Server Denial Of Service Vulnerabilities - EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.
  4. Exchange Forged Meeting Request Spoofing Vulnerabilities - Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."
  5. HP Point Of Sale PC OPOSMSR.ocx For Hybrid POS Printers With MICR Vulnerabilities - The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers