Hack Tools, Utilities and Exploits

Astalavista Tools and Utilities

Packetstorm Last 10 Files

1. soulseek157-psexec.txt - Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability.
2. shopcartdx430-sql.txt - Remote SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. This particular vulnerability was priorly discovered but further research has been performed.
3. shopcartdx430-blindsql.txt - Remote blind SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php.
4. cve-2008-3531.c - Local root exploit for FreeBSD nmount(). This affects FreeBSD 7.0-RELEASE and 7.0-STABLE.
5. axesstel-bypass.txt - The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities.
6. opialaid-sql.txt - Opial version 1.0 suffers from a remote SQL injection vulnerability.
7. glsa-200907-02.txt - Gentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected.
8. glsa-200907-01.txt - Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.
9. rentventory-sql.txt - Rentventory PHP suffers from multiple remote SQL injection vulnerabilities.
10. petite-sql.txt - This paper is a small SQL injection tutorial and is written in French.

Packetstorm Tools

1. httpry-0.1.5.tar.gz - httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
2. hex-head.c - This is a simple head utility that outputs in hexadecimal format. Characters that are non-printable are replaced with the . character.
3. picviz-0.6.tar.gz - Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events. This tarball includes the cli, gui, and the library for picviz.
4. tor.uclibc.i686.20090627.iso - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
5. mapdav-1.0p3.tar.gz - MAPDAV, or the More Accurate Password Dictionary Attack Vector, is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user's password. An administrator could run the output through a cracker and see if their user's passwords are anything easy to guess.
6. tor-0.2.0.35.tar.gz - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
7. trafscrambler_0.1.tgz - Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. This initial release implements SYN-decoy, Pre/Post connections SYN, TCP reset, and zero window attacks. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
8. kismet-2009-06-R1.tar.gz - Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible interesting (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
9. analyse_malware.py.txt - This is a python script designed to analyze malware.
10. mobiusft-0.4.6.tar.gz - Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Packetstorm Exploits

1. soulseek157-psexec.txt - Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability.
2. shopcartdx430-sql.txt - Remote SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. This particular vulnerability was priorly discovered but further research has been performed.
3. shopcartdx430-blindsql.txt - Remote blind SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php.
4. cve-2008-3531.c - Local root exploit for FreeBSD nmount(). This affects FreeBSD 7.0-RELEASE and 7.0-STABLE.
5. axesstel-bypass.txt - The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities.
6. opialaid-sql.txt - Opial version 1.0 suffers from a remote SQL injection vulnerability.
7. rentventory-sql.txt - Rentventory PHP suffers from multiple remote SQL injection vulnerabilities.
8. joomla1512-xss.txt - Joomla! versions prior to 1.5.12 suffer from multiple cross site scripting vulnerabilities in relation to HTTP headers.
9. opial-sql.txt - Opial version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
10. sourcefire-escalate.txt - Sourcefire 3D Sensor and Defense Center versions 4.8.1 and below suffer from a privilege escalation vulnerability.

Securiteam Exploits

1. Motorola Timbuktu Pro Stack Based Buffer Overflow - Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary code with SYSTEM privileges.
2. Unisys Business Information Server Stack Buffer Overflow - Remote exploitation of a stack based buffer overflow vulnerability in Unisys's Business Information Server could allow an attacker to execute arbitrary code with the privileges of the affected service.
3. Adobe Shockwave Player Director File Parsing Pointer Overwrite - This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site.
4. Cisco Physical Access Gateway Denial of Service Vulnerability - A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1.
5. Cisco ASA Web VPN Multiple Vulnerabilities - The ASA's DOM wrapper can be rewritten in a manner to allow Cross-Site Scripting (XSS) attacks.