Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Red Hat Security Advisory 2021-3559-01 - Red Hat Security Advisory 2021-3559-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
  2. Microsoft Windows MSHTML Overview - This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.
  3. BSides SF 2022 Call For Papers - BSides SF is soliciting papers and presentations for the 2022 annual BSidesSF conference. It will be located at City View at the Metreon in downtown San Francisco February 5th through the 6th, 2022.
  4. T-Soft E-Commerce 4 Cross Site Request Forgery - T-Soft E-Commerce version 4 suffers from a cross site request forgery vulnerability.
  5. Proxmark 4.14434 - This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.
  6. Church Management System 1.0 SQL Injection - Church Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Murat Demirci in July of 2021.
  7. litefuzz 1.0 - litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.
  8. Budget And Expense Tracker System 1.0 SQL Injection - Budget and Expense Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  9. AMD Chipset Driver Information Disclosure / Memory Leak - ZeroPeril Ltd has discovered two issues inside the amdpsp.sys (v4.13.0.0) kernel driver module that ships with the AMD Chipset Drivers package for multiple AMD chipsets. The first issue is an information disclosure type security vulnerability and the second is a memory leak type bug due to insufficient releasing of all associated allocated resources upon request. The researchers have verified both in the latest Revision Number (2.13.27.501) of the package that was released the 4th of February 2021.
  10. Apple Security Advisory 2021-09-13-5 - Apple Security Advisory 2021-09-13-5 - Safari 14.1.2 addresses code execution and use-after-free vulnerabilities.

Packetstorm Tools

  1. Proxmark 4.14434 - This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.
  2. litefuzz 1.0 - litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.
  3. GNU Privacy Guard 2.2.31 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
  4. OpenDNSSEC 2.1.10 - OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  5. Packet Fence 11.0.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  6. Samhain File Integrity Checker 4.4.6 - Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  7. Clam AntiVirus Toolkit 0.104.0 - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  8. SQLMAP - Automatic SQL Injection Tool 1.5.9 - sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
  9. nfstream 6.3.4 - nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
  10. Hashcat Advanced Password Recovery 6.2.4 Source Code - Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Packetstorm Exploits

  1. Microsoft Windows MSHTML Overview - This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.
  2. T-Soft E-Commerce 4 Cross Site Request Forgery - T-Soft E-Commerce version 4 suffers from a cross site request forgery vulnerability.
  3. Church Management System 1.0 SQL Injection - Church Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Murat Demirci in July of 2021.
  4. Budget And Expense Tracker System 1.0 SQL Injection - Budget and Expense Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  5. Online Food Ordering System 2.0 Shell Upload - Online Food Ordering System version 2.0 remote shell upload exploit.
  6. Church Management System 1.0 Shell Upload - Church Management System version 1.0 remote shell upload exploit.
  7. WordPress 5.7 Media Library XML Injection - WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
  8. Maxpatrol 8 / Xspider Denial Of Service - Positive Technologies Maxpatrol 8 and Xspider appears to suffer from a denial of service vulnerability.
  9. Geutebruck instantrec Remote Command Execution - This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.
  10. WordPress WooCommerce Booster 5.4.3 Authentication Bypass - WordPress WooCommerce Booster plugin version 5.4.3 suffers from an authentication bypass vulnerability.

Securiteam Exploits