Hack Tools, Utilities and Exploits

Astalavista Tools and Utilities

Packetstorm Last 10 Files

1. fwknop-1.9.6.tar.gz - fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
2. msaccess-activex.txt - Microsoft Access ActiveX related remote exploit that makes use of Snapview.ocx version 10.0.5529.0.
3. wordpressdm-upload.txt - WordPress Download Manager plugin version 0.2 arbitrary file upload exploit.
4. ibase-disclose.txt - ibase versions 2.03 and below suffer from a remote file disclosure vulnerability in download.php.
5. atomphotoblog-sql.txt - Atom PhotoBlog version 1.1.5b1 suffers from a remote SQL injection vulnerability.
6. dsa-1616-1.txt - Debian Security Advisory 1616-1 - Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to fail open, facilitating a follow-on viral attack.
7. bailiwicked_domain.rb.txt - This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.
8. pkd-1.1.tgz - ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
9. bailiwicked_host.rb.txt - This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.
10. SDTCleaner-v1.0.zip - SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table).

Packetstorm Tools

1. fwknop-1.9.6.tar.gz - fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
2. SDTCleaner-v1.0.zip - SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table).
3. sipwitch-0.2.2.tar.gz - GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
4. prelude-manager-0.9.14.tar.gz - Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
5. srm-1.2.9.tar.gz - secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
6. snoop-0.3.1.tar.gz - Snoop is a GNU/Linux file descriptor monitoring tool inspired by FreeBSD's 'watch'. It goes beyond simple TTY snooping by allowing the interception of any file descriptor. You can attach on the fly to regular files, TTYs, named pipes, character devices, and pretty much anything that is represented by a file descriptor and addressable in the standard name space.
7. silk-1.1.0.tar.gz - SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning.
8. wpacrack.py.txt - Python script that cracks a 256-bit WPA-PSK hash (64 char) using wpa_passphrase and a wordlist.
9. clamav-0.93.3.tar.gz - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
10. sara-7.5.7.tgz - Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Packetstorm Exploits

1. msaccess-activex.txt - Microsoft Access ActiveX related remote exploit that makes use of Snapview.ocx version 10.0.5529.0.
2. wordpressdm-upload.txt - WordPress Download Manager plugin version 0.2 arbitrary file upload exploit.
3. ibase-disclose.txt - ibase versions 2.03 and below suffer from a remote file disclosure vulnerability in download.php.
4. atomphotoblog-sql.txt - Atom PhotoBlog version 1.1.5b1 suffers from a remote SQL injection vulnerability.
5. bailiwicked_domain.rb.txt - This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.
6. bailiwicked_host.rb.txt - This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.
7. emc-sql.txt - EMC's Centera Universal Access product version CUA4.0_4735.p4 suffers from a SQL injection vulnerability.
8. joomlamamml-upload.txt - The Joomla Mamml component suffers from a remote file disclosure vulnerability.
9. oss-bypass.txt - Outpost Security Suite Pro version 2009 suffers from multiple bypass vulnerabilities when using special characters.
10. PR08-16.txt - Moodle versions 1.7.4 and below suffer from a cross site request forgery vulnerability.

Securiteam Exploits

1. Novell eDirectory dhost Integer Overflow Code Execution Vulnerability - A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability.
2. Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability - Internet Directory is "Oracle's implementation of the Lightweight Directory Access Protocol (LDAP) v3 service. It is used in conjunction with Oracle Identity Management to implement user administration in the Oracle environment". Remote exploitation of a pre-authentication input validation vulnerability in Oracle Corp.'s Oracle Internet Directory allows an attacker to conduct a denial of service attack on a vulnerable host.
3. Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability - Oracle Database Server is "a family of database products that range from personal databases to enterprise solutions". Remote exploitation of a buffer overflow vulnerability in the DBMS_AQELM package in Oracle Corp.'s Oracle Database product allows attackers to execute arbitrary code with the privileges of the database user.
4. Apple Core Image Fun House BUffer Overflow - "From creating new solutions for print, photography, scientific visualization, and film post-production to enhancing your application's user interface with innovative and effortless visual effects, Apple's Core Image performs the heavy lifting that enables the next generation of imaging applications." It is possible to trigger an exploitable buffer overflow condition in Apple's Core Image by creating a specially crafted .funhouse file.
5. F5 FirePass 1200 SNMP Daemon DoS - A vulnerability in F5's FirePass 1200 allows remote attackers to cause the product to crash by sending it a request to a specific OID which in turns causes it to become unstable.
6. SDT Cleaner
7. Ratproxy - Passive Web Application Security Assessment Tool
8. PktAnon - Packet Trace Anonymization Tool
9. Protowalk: Generic Protocol Fuzzer and Protocol Testing Tool
10. Blind SQL Injection Brute Forcer