Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Wireshark Analyzer 2.2.4 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  2. TOR Virtual Network Tunneling Tool 0.2.9.9 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  3. Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution - This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
  4. RSA Security Analytics Cross Site Scripting - RSA Security Analytics versions prior to 10.6.2 suffers from a cross site scripting vulnerability.
  5. Gentoo Linux Security Advisory 201701-57 - Gentoo Linux Security Advisory 201701-57 - Multiple vulnerabilities have been discovered in T1Lib, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.1.2-r1 are affected.
  6. Ubuntu Security Notice USN-3176-1 - Ubuntu Security Notice 3176-1 - Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges.
  7. Ubuntu Security Notice USN-3177-1 - Ubuntu Security Notice 3177-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
  8. Apple Security Advisory 2017-01-23-6 - Apple Security Advisory 2017-01-23-6 - iCloud for Windows 6.1.1 is now available and addresses multiple code execution issues.
  9. Apple Security Advisory 2017-01-23-5 - Apple Security Advisory 2017-01-23-5 - Safari 10.0.3 is now available and addresses spoofing, data exfiltration, and various other security vulnerabilities.
  10. Apple Security Advisory 2017-01-23-4 - Apple Security Advisory 2017-01-23-4 - tvOS 10.1.1 is now available and addresses buffer overflow, code execution, and various other security vulnerabilities.

Packetstorm Tools

  1. Wireshark Analyzer 2.2.4 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  2. TOR Virtual Network Tunneling Tool 0.2.9.9 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  3. Stegano 0.6.2 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  4. THC-IPv6 Attack Tool 3.2 - THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
  5. Keypatch 2.1 - Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.
  6. Tinc Virtual Private Network Daemon 1.0.31 - tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
  7. FireHOL 3.1.1 - FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  8. PEV 0.80 - pev is a full-featured, open source, multi-platform command line toolkit to work with PE (Portable Executables) binaries.
  9. Truffle Hog - Truffle Hog searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy.
  10. Hashcat Advanced Password Recovery 3.30 Source Code - Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Packetstorm Exploits

  1. Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution - This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
  2. Cisco Magic WebEx URL Remote Command Execution - Cisco's WebEx extension has a URL that allows for arbitrary remote command execution.
  3. CUPS DNS Rebinding Via Incorrect Whitelist - CUPS suffers from an incorrect whitelist that permits DNS rebinding attacks.
  4. Oracle OpenJDK Runtime Environment Build 1.8.0_112-b15 Denial Of Service - Oracle OpenJDK Runtime Environment build 1.8.0_112-b15 suffers from a java serialization denial of service vulnerability.
  5. Oracle PeopleSoft HCM 9.2 Cross Site Scripting - Oracle PeopleSoft HCM version 9.2 suffers from a cross site scripting vulnerability.
  6. Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution - Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
  7. Python 2.x Buffer Overflow - Python version 2.x suffers from a buffer overflow in the DecodeAdpcmImaQT function in the ctypes module.
  8. Oracle E-Business Suite 12.x Unconstrainted File Download - Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 suffer from an unconstrained file download vulnerability.
  9. PageKit 1.0.10 Password Reset - PageKit version 1.0.10 suffers from a password reset vulnerability.
  10. Microsoft Power Point Java Payload Code Execution - Microsoft power point allows users to insert objects of arbitrary file types. At presentation time these objects can be activated by mouse movement or clicking.

Securiteam Exploits