Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Debian Security Advisory 4370-1 - Debian Linux Security Advisory 4370-1 - Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution.
  2. Kentix MultiSensor-LAN 5.63.00 Authentication Bypass - Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.
  3. Joomla! 3.9.1 Cross Site Scripting - Joomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.
  4. phpTransformer 2016.9 Directory Traversal - phpTransformer version 2016.9 suffers from a directory traversal vulnerability.
  5. phpTransformer 2016.9 SQL Injection - phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.
  6. SeoToaster Ecommerce 3.0.0 Local File Inclusion - SeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.
  7. DotNetNuke Events Calendar 1.x File Download - DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.
  8. Webmin 1.900 Remote Command Execution - This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.
  9. SSHtranger Things SCP Client File Issue - SCP clients have an issue where additional files can be copied over without your knowledge.
  10. FastTube 1.0.1.0 Denial Of Service - FastTube version 1.0.1.0 suffers from a denial of service vulnerability.

Packetstorm Tools

  1. Falco 0.13.1 - Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  2. Scapy Packet Manipulation Tool 2.4.2 - Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
  3. Capstone 4.0.1 - Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  4. Hodorsec Linux Binary Encryption Utility - This archive contains a Linux x86/x64 payload AES-128 CBC encrypter and payload decrypter/runner.
  5. Packet Fence 8.3.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  6. Wireshark Analyzer 2.6.6 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  7. TOR Virtual Network Tunneling Tool 0.3.5.7 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  8. UFONet 1.2 - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
  9. Clam AntiVirus Toolkit 0.101.1 - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  10. SQLMAP - Automatic SQL Injection Tool 1.3 - sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Packetstorm Exploits

  1. Kentix MultiSensor-LAN 5.63.00 Authentication Bypass - Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.
  2. Joomla! 3.9.1 Cross Site Scripting - Joomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.
  3. phpTransformer 2016.9 Directory Traversal - phpTransformer version 2016.9 suffers from a directory traversal vulnerability.
  4. phpTransformer 2016.9 SQL Injection - phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.
  5. SeoToaster Ecommerce 3.0.0 Local File Inclusion - SeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.
  6. DotNetNuke Events Calendar 1.x File Download - DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.
  7. Webmin 1.900 Remote Command Execution - This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.
  8. SSHtranger Things SCP Client File Issue - SCP clients have an issue where additional files can be copied over without your knowledge.
  9. FastTube 1.0.1.0 Denial Of Service - FastTube version 1.0.1.0 suffers from a denial of service vulnerability.
  10. Eco Search 1.0.2.0 Denial Of Service - Eco Search version 1.0.2.0 suffers from a denial of service vulnerability.

Securiteam Exploits

  1. Zziplib 0.13.62 discovered Denial Of Service Vulnerability - The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
  2. Oracle Advanced Outbound Telephony component unauthorized Remote Code Execution Vulnerability - Oracle Advanced Outbound Telephony is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  3. Oracle Flexcube Universal Banking 11.3.0 update Remote Code Execution Vulnerability - A local user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Core component to partially access and partially modify data
  4. Oracle Knowledge Management 12.1.3 critical Remote Code Execution Vulnerability - Oracle Knowledge Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  5. Oracle Marketing 12.1.1 critical Remote Code Execution Vulnerability - Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.