Hack Tools/Exploits

Astalavista Tools and Utilities

  1. Packet Fence 3.0.3 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans. Changes: A minor release focused on important fixes but with some enhancements. There are performance improvements, Cisco 6500 switch support, better support for the HP Procurve 5400, translation improvements, new add-on tools, and better documentation. There are cosmetic changes in the Web Admin, fixes for some network device problems, several inline enforcement improvements, and handling of some captive portal corner cases.
  2. Traceroute-Like HTTP Scanner - This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality.
  3. rtspFUZZ 0.1 - rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset.
  4. OpenDNSSEC 1.3.2 - OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security. Changes: This release adds bugfixes in the Enforcer, the Auditor, and the Signer.
  5. PHP Vulnerability Hunter 1.1.4.6 - PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. Changes: Added code coverage report. Updated GUI validation. Several instrumentation fixes. Fixed lingering connection issue. Fixed GUI and report viewer crashes related to working directory.
  6. Another File Integrity Checker 2.19 - afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided. Changes: A new option (--csv) is added to allow export of the database in CSV format. A new macro (MAILAUTH), permits mail authentication on Windows. A new directive (allow_relativepath) is added that makes internal controls use relative path instead absolute path. A new syntax for file/directories and use of the AFICK_CHROOT environment variable allow 'chrooted directories'.
  7. TCP Scanners Package Using SCAPY - A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
  8. Linux IPTables Firewall 1.4.12.1 - iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling. Changes: Assorted bug fixes.
  9. Firewall Log Watch 1.3 - fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface. Changes: This release adds IPv6 support for netfilter, dns cache initialization, and ASA parser extensions.
  10. Hook Analyser Malware Tool 1.3 - Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: Various updates.

Packetstorm Last 10 Files

  1. Zero Day Initiative Advisory 12-031 - Zero Day Initiative Advisory 12-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the mod_ipp apache module component of the iprint-server, which listens by default on 631/tcp. During the handling of get-printer-attributes requests containing a attributes-natural-language attribute cause a validation routine to be hit. When validating this parameter the contents of the attribute are copied, without validation, to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
  2. Zero Day Initiative Advisory 12-030 - Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
  3. TORCS 1.3.2 Buffer Overflow - TORCS versions 1.3.2 and below XML buffer overflow /SAFESEH evasion exploit.
  4. Haveged 1.4 - haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
  5. Zero Day Initiative Advisory 12-029 - Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
  6. Red Hat Security Advisory 2012-0104-01 - Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
  7. Red Hat Security Advisory 2012-0105-01 - Red Hat Security Advisory 2012-0105-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
  8. Red Hat Security Advisory 2012-0103-01 - Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.
  9. trixd00r 0.0.1 - trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
  10. Viper FakeUpdate Script - This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.

Packetstorm Tools

  1. Haveged 1.4 - haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
  2. trixd00r 0.0.1 - trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
  3. Viper FakeUpdate Script - This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
  4. Fake POP3 Daemon - This is a compact fake pop3 daemon that logs password attacks.
  5. Another File Integrity Checker 2.20 - afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
  6. Whitewash 2.0 - The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
  7. IP-Link 0.2 - The goal of IP-Link is to show the relationships between different IP addresses from network traffic capture, thus quickly determining for a given address the IP address with which it communicates the most.
  8. Viper Network Sniffer Script - This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
  9. Port Tester 0.1 - This is a simple little port scanning script written in python.
  10. Dradis Information Sharing Tool 2.9.0 - dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Packetstorm Exploits

  1. TORCS 1.3.2 Buffer Overflow - TORCS versions 1.3.2 and below XML buffer overflow /SAFESEH evasion exploit.
  2. CLiki Cross Site Scripting - CLiki suffers from a cross site scripting vulnerability.
  3. ZENphoto 1.4.2 Code Execution / XSS / SQL Injection - ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities.
  4. Android Webkit XSS / Cross Domain Issues - Android suffers from multiple cross site scripting, cross domain, auto file download and cross protocol vulnerabilities.
  5. D-Link ShareCenter Remote Code Execution - This advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands.
  6. SciTools Understand 2.6 DLL Loading Code Execution - A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.
  7. Tibetsystem OwnServer 1.0 Directory Traversal - Tibetsystem DVRs use the OwnServer 1.0 webserver that suffers from a directory traversal vulnerability.
  8. AUTON Otomotiv Sanayi SQL Injection - AUTON Otomotiv Sanayi suffers from a remote SQL injection vulnerability.
  9. SeedWiki Cross Site Scripting - SeedWiki suffers from a cross site scripting vulnerability.
  10. Snipsnap Cross Site Scripting - Snipsnap suffers from a cross site scripting vulnerability.

Securiteam Exploits

  1. RealNetworks RealPlayer RV10 Sample Height Parsing Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
  2. RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
  3. RealNetworks RealPlayer RV30 Uninitialized Index Value Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
  4. RealNetworks RealPlayer Invalid Codec Name Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
  5. RealNetwork RealPlayer MPG Width Integer Underflow Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer.