Hack Tools/Exploits


Packetstorm Last 10 Files

  1. macOS / iOS Kernel IOSurfaceRootUserClient Double-Free - macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
  2. macOS getrusage Stack Leak - macOS suffers from a getrusage stack leak through struct padding.
  3. macOS necp_get_socket_attributes so_pcb Type Confusion - macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.
  4. XNU Kernel Memory Corruption - The XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.
  5. macOS / iOS IOTimeSyncClockManagerUserClient Use-After-Free - macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
  6. macOS AppleIntelCapriController::GetLinkConfig Kernel Code Execution - The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.
  7. macOS / iOS Kernel Double Free - macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
  8. XNU Kernel API Memory Disclosure - There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.
  9. LibTIFF pal2rgb 4.0.9 Heap Overflow - LibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.
  10. Vanguard 1.4 SQL Injection - Vanguard version 1.4 suffers from a remote SQL injection vulnerability.

Packetstorm Tools

  1. Suricata IDPE 4.0.3 - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  2. OpenSSL Toolkit 1.0.2n - OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  3. 0d1n 2.5 - 0d1n is a web security tool for fuzzing various HTTP/S payloads. It's written in C and uses libcurl.
  4. TOR Virtual Network Tunneling Tool 0.3.1.9 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  5. Wireshark Analyzer 2.4.3 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  6. Zed Attack Proxy 2.7.0 Cross Platform Package - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
  7. JTempest Windows ExtIO 32-Bit - TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.
  8. TempestSDR RTL-SDR Fork - This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.
  9. Chameleon Mini Smartcard Emulator Iceman Fork - This is the Iceman fork of the Chameleon Mini source code for the firmware. The Chameleon Mini is a versatile contactless smartcard emulator compliant to NFC. A popular hardware revision is the Chameleon Mini rev E - rebooted.
  10. IPTables Bash Completion 1.7 - iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.

Packetstorm Exploits

  1. macOS / iOS Kernel IOSurfaceRootUserClient Double-Free - macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
  2. macOS getrusage Stack Leak - macOS suffers from a getrusage stack leak through struct padding.
  3. macOS necp_get_socket_attributes so_pcb Type Confusion - macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.
  4. XNU Kernel Memory Corruption - The XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.
  5. macOS / iOS IOTimeSyncClockManagerUserClient Use-After-Free - macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
  6. macOS AppleIntelCapriController::GetLinkConfig Kernel Code Execution - The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.
  7. macOS / iOS Kernel Double Free - macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
  8. XNU Kernel API Memory Disclosure - There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.
  9. LibTIFF pal2rgb 4.0.9 Heap Overflow - LibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.
  10. Vanguard 1.4 SQL Injection - Vanguard version 1.4 suffers from a remote SQL injection vulnerability.

Securiteam Exploits