Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Debian Security Advisory 3795-1 - Debian Linux Security Advisory 3795-1 - It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice.
  2. Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Crash - Linux kernel version 4.4.0 (Ubuntu) DCCP double-free crash denial of service proof of concept exploit.
  3. RSA Asymmetric Polymorphic Shellcode - Whitepaper called RSA Asymmetric Polymorphic Shellcode. It discusses how to encrypt and decrypt the opcodes of the shellcode, how the program that decrypts the shellcode was built and how to get the opcodes, and much more.
  4. Joomla OneVote! 1.0 SQL Injection - Joomla OneVote! component version 1.0 suffers from a remote SQL injection vulnerability.
  5. Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation - Linux Kernel version 4.4.0 (Ubuntu) DCCP double-free privilege escalation exploit that includes a semi-reliable SMAP/SMEP bypass.
  6. Netgear DGN2201 v1/v2/v3/v4 dnslookup.cgi Remote Command Execution - Netgear DGN2200 versions 1, 2, 3, and 4 suffer from a non-administrative authenticated remote command execution vulnerability via dnslookup.cgi.
  7. Windows x86 Executable Directory Search Shellcode - 130 bytes small Windows x86 executable directory search shellcode.
  8. Linux x86_64 Random Listener Shellcode - 54 bytes small Linux x86_64 random listener shellcode.
  9. Joomla Gnosis 1.1.2 SQL Injection - Joomla Gnosis component version 1.1.2 suffers from a remote SQL injection vulnerability.
  10. Joomla My MSG 3.2.1 SQL Injection - Joomla My MSG component version 3.2.1 suffers from a remote SQL injection vulnerability.

Packetstorm Tools

  1. Packet Fence 6.5.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  2. Ansvif 1.6.2 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  3. Mandos Encrypted File System Unattended Reboot Utility 1.7.15 - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  4. Lynis Auditing Tool 2.4.3 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  5. Stegano 0.6.7 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  6. Suricata IDPE 3.2.1 - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  7. Stegano 0.6.5 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  8. Lynis Auditing Tool 2.4.2 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  9. FireHOL 3.1.3 - FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  10. AIEngine 1.7.0 - AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Packetstorm Exploits

  1. Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Crash - Linux kernel version 4.4.0 (Ubuntu) DCCP double-free crash denial of service proof of concept exploit.
  2. Joomla OneVote! 1.0 SQL Injection - Joomla OneVote! component version 1.0 suffers from a remote SQL injection vulnerability.
  3. Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation - Linux Kernel version 4.4.0 (Ubuntu) DCCP double-free privilege escalation exploit that includes a semi-reliable SMAP/SMEP bypass.
  4. Netgear DGN2201 v1/v2/v3/v4 dnslookup.cgi Remote Command Execution - Netgear DGN2200 versions 1, 2, 3, and 4 suffer from a non-administrative authenticated remote command execution vulnerability via dnslookup.cgi.
  5. Joomla Gnosis 1.1.2 SQL Injection - Joomla Gnosis component version 1.1.2 suffers from a remote SQL injection vulnerability.
  6. Joomla My MSG 3.2.1 SQL Injection - Joomla My MSG component version 3.2.1 suffers from a remote SQL injection vulnerability.
  7. Joomla K2 2.1 SQL Injection - Joomla K2 component version 2.1 suffers from a remote SQL injection vulnerability.
  8. Joomla Spinner 360 1.3.0 SQL Injection - Joomla Spinner 360 component version 1.3.0 suffers from a remote SQL injection vulnerability.
  9. Joomla Appointments For JomSocial 3.8.1 SQL Injection - Joomla Appointments for JomSocial component version 3.8.1 suffers from a remote SQL injection vulnerability.
  10. Joomla JomSocial SQL Injection - Joomla JomSocial component suffers from a remote SQL injection vulnerability.

Securiteam Exploits

  1. Microsoft Sql Server 2016 Gain privileges Vulnerability - Microsoft Sql Server is prone to a gain privilege vulnerability. This allow local or remote attackers to gain privileges via a crafted application.
  2. Nvidia Gpu Driver 354.74 Denial Of Service Vulnerability - Nvidia Gpu Driver is prone to a denial of service (DoS) vulnerability.This allow a remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources via certain vulnerable vectors.
  3. Oracle Applications Dba Remote Code Execution Vulnerability - Oracle Applications Dba is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  4. Oracle Flexcube Enterprise Limits And Collateral Management 12.0.0 Remote Code Execution Vulnerability - Oracle Flexcube Enterprise Limits And Collateral Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  5. Oracle Hospitality Opera 5 Property Services 5.4.3.0 Remote Code Execution Vulnerability - Oracle Hospitality Opera 5 Property Services is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.