Hack Tools/Exploits

Packetstorm Last 10 Files

  1. Red Hat Security Advisory 2014-1084-01 - Red Hat Security Advisory 2014-1084-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected.
  2. Ubuntu Security Notice USN-2320-1 - Ubuntu Security Notice 2320-1 - A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. An issue was discovered in the Public Key Pinning implementation in Chromium. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
  3. Delphi And C++ Builder VCL Library Buffer Overflow - Core Security Technologies Advisory - Applications developed with Delphi and C++ Builder that use the specific integrated graphic library detailed below are prone to a security vulnerability when processing malformed BMP files. The aforementioned vulnerability has been found in the VCL (Visual Component Library) allowing an attacker to use a specially crafted BMP file that produces a buffer overflow and potentially allows him to execute arbitrary code by performing a "client side" attack.
  4. WordPress Mobile Pack 2.0.1 Information Disclosure - WordPress Mobile Pack version 2.0.1 suffers from an information disclosure vulnerability that allows anybody the ability to read password protected posts.
  5. Panda Security 2014 Privilege Escalation - Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.
  6. ESET Windows Products 7.0 Privilege Escalation - ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.
  7. RiseCON 2014 Call For Papers - RiseCON 2014 has announced its call for papers. It will take place in Rosario, Santa Fe, Argentina November 6th through the 7th, 2014.
  8. WordPress All In One SEO Pack 2.2.2 Cross Site Scripting - WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.
  9. ArticleFR 3.0.4 SQL Injection - ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
  10. ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection - ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included.

Packetstorm Tools

  1. Maligno 1.2 - Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  2. Melkor ELF Fuzzer 1.0 - Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.
  3. Viproy VoIP Penetration / Exploitation Kit 2.0 - Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
  4. GnuPG 2.0.26 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  5. I2P - I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  6. Suricata IDPE 2.0.3 - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  7. Samhain File Integrity Checker 3.1.2 - Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  8. Mandos Encrypted File System Unattended Reboot Utility 1.6.8 - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  9. OpenSSL Toolkit 1.0.1i - OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  10. Adobe ColdFusion MX6 Password Decryptor - This tool enables you to retrieve the plain text password for ColdFusion MX6.

Packetstorm Exploits

  1. WordPress All In One SEO Pack 2.2.2 Cross Site Scripting - WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.
  2. ArticleFR 3.0.4 SQL Injection - ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
  3. ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection - ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included.
  4. HybridAuth install.php PHP Code Execution - This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.
  5. BlazeDVD Pro 7.0 Buffer Overflow - BlazeDVD Pro version 7.0 SEH buffer overflow exploit written in python.
  6. Bulletproof FTP Client 2010 Buffer Overflow - Bulletproof FTP Client 2010 SEH buffer overflow exploit written in python.
  7. Gitlab-shell Code Execution - This Metasploit module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account valid credentials are required to exploit this vulnerability.
  8. Firefox toString console.time Privileged Javascript Injection - This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.
  9. Senkas Kolibri WebServer 2.0 Buffer Overflow - Senkas Kolibri WebServer version 2.0 is vulnerable to remote code execution via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the application's binary itself, which once executed, will allow the attacker to execute his/her payload located in the HOST field.
  10. Tenda A5s Router Authentication Bypass - Tenda A5s router suffers from an authentication bypass vulnerability due to improperly trusting cookies.

Securiteam Exploits

  1. Drupal Invitation Access Bypass Vulnerability - The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views.
  2. GNOME Display Manager Locally Denial Of Service Vulnerability - GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
  3. Linux Kernel Denial Of Service Or Unauthorized Privilege Gain Vulnerability - Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.
  4. PHP-Fusion Unauthorized Backup Access Vulnerabilities - PHP-Fusion version 7.02.05 suffers from parameter traversal local file inclusion(LFI), attacker can include and execute desired file on the server.
  5. RSA BSAFE SSL-J SSLSocket Malformed Handshake Remote DoS Vulnerability - RSA BSAFE SSL-J SSLsocket malformed handshake remote suffers from denial of service vulnerability