Hack Tools, Utilities and Exploits

Astalavista Tools and Utilities

Packetstorm Last 10 Files

1. HPSBUX02503-SSRT100019.txt - HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
2. MDVSA-2010-034.txt - Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
3. nightdahack2010-cfp.txt - Night Da Hack 2010 Call For Proposals - This conference will take place from 4 PM through 7 AM, June 19th through the 20th, 2010 in Paris, France.
4. CORELAN-10-010.txt - GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability.
5. wsnguestdb-disclose.txt - WSN Guest Database appears to suffer from a database disclosure vulnerability.
6. bluedove-sql.txt - Blue Dove suffers from a remote SQL injection vulnerability.
7. synspam_0.4.0-1.tar.gz - Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
8. as3flexdb-sqldisclose.txt - AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities.
9. HPSBMA02487-SSRT100024.txt - HP Security Bulletin - A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access.
10. jdownloader-exec.txt - JDownloader versions below 2010-01-25 with Click n Load 2 support suffer from a code execution vulnerability. Proof of concept included.

Packetstorm Tools

1. synspam_0.4.0-1.tar.gz - Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
2. sipwitch-0.7.0.tar.gz - GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
3. dradis-v2.5.0.tar.gz - dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
4. netsniff-ng-0.5.4.1.tar.gz - netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls.
5. stunnel-4.31.tar.gz - Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
6. tinc-1.0.12.tar.gz - tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
7. Pound-2.5.tgz - Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
8. nikto-2.1.1.tar.gz - Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
9. Squipy.zip - Squipy is a proxy server that allows you to capture and modify HTTP traffic.
10. zzuf-0.13.tar.gz - zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.

Packetstorm Exploits

1. CORELAN-10-010.txt - GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability.
2. wsnguestdb-disclose.txt - WSN Guest Database appears to suffer from a database disclosure vulnerability.
3. bluedove-sql.txt - Blue Dove suffers from a remote SQL injection vulnerability.
4. as3flexdb-sqldisclose.txt - AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities.
5. jdownloader-exec.txt - JDownloader versions below 2010-01-25 with Click n Load 2 support suffer from a code execution vulnerability. Proof of concept included.
6. DSECRG-09-065.txt - TVUPlayer version 2.4.9beta build 1797 suffers from an Active-X insecure method vulnerability.
7. sapone_fc.tar.bz2 - Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. This version has been updated by FortConsult A/S to use the same byte code as the Nessus plugin.
8. uigabp-sqlxss.txt - Uiga Business Portal suffers from cross site scripting and remote SQL injection vulnerabilities.
9. cve-2010-0453.c - This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris.
10. exponentcms-sql.txt - Exponent CMS version 0.96.3 suffers from a remote SQL injection vulnerability. This really old version has been known vulnerable to various issues since 2005.

Securiteam Exploits

1. LedgerSMB Multiple Vulnerabilities - It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.
2. Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability - Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.
3. Piwik Cookie Unserialize Vulnerability - Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.
4. Invision Power Board SQL PHP File Inclusion and SQL Injection - Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum.
5. U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability - The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department of Defense. Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run.