Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Packet Storm New Exploits For August, 2016 - This archive contains all of the 235 exploits added to Packet Storm in August, 2016.
  2. PHP 7.0 Denial Of Service - PHP version 7.0 suffers from AppendIterator::append and JsonSerializable::jsonSerialize denial of service vulnerabilities.
  3. PHP 5.0.0 Denial Of Service - PHP version 5.0.0 suffers from imap_mail(), hw_docbyanchor(), html_doc_file(), snmpset(), snmprealwalk(), snmpwalk(), fbird_[p]connect(), and snmpwalkoid() denial of service vulnerabilities.
  4. Red Hat Security Advisory 2016-1785-01 - Red Hat Security Advisory 2016-1785-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.7 release serves as a replacement for JBoss Operations Network 3.3.6, and includes several bug fixes.
  5. Cisco Security Advisory 20160831-sps3 - Cisco Security Advisory - A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.
  6. Cisco Security Advisory 20160831-spa - Cisco Security Advisory - A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
  7. Cisco Security Advisory 20160831-meetings-player - Cisco Security Advisory - A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
  8. CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation - CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.
  9. ZKTeco ZKBioSecurity 3.0 User Enumeration - ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.
  10. ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting - ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.

Packetstorm Tools

  1. Stegano 0.6.1 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  2. OATH Toolkit 2.6.2 - OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
  3. Blue Team Training Toolkit (BT3) 2.0 - Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  4. Htcap Analysis Tool 1.0.1 - Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
  5. TOR Virtual Network Tunneling Tool 0.2.8.7 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  6. Lynis Auditing Tool 2.3.3 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  7. UFONet 0.7 - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
  8. Hashcat Advanced Password Recovery 3.10 Source Code - hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  9. Hashcat Advanced Password Recovery 3.10 Binary Release - hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  10. ifchk 1.0.5 - Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Packetstorm Exploits

  1. Packet Storm New Exploits For August, 2016 - This archive contains all of the 235 exploits added to Packet Storm in August, 2016.
  2. PHP 7.0 Denial Of Service - PHP version 7.0 suffers from AppendIterator::append and JsonSerializable::jsonSerialize denial of service vulnerabilities.
  3. PHP 5.0.0 Denial Of Service - PHP version 5.0.0 suffers from imap_mail(), hw_docbyanchor(), html_doc_file(), snmpset(), snmprealwalk(), snmpwalk(), fbird_[p]connect(), and snmpwalkoid() denial of service vulnerabilities.
  4. CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation - CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.
  5. ZKTeco ZKBioSecurity 3.0 User Enumeration - ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.
  6. ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting - ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.
  7. ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass - ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.
  8. ZKTeco ZKBioSecurity 3.0 File Path Manipulation - ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.
  9. ZKTeco ZKBioSecurity 3.0 Add Superadmin Cross Site Request Forgery - ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.
  10. ZKTeco ZKBioSecurity 3.0 Cross Site Scripting - ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.

Securiteam Exploits