Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Antidote 9.5.1 Code Execution - Antidote versions 9.5.1 and below suffer from an update related code execution vulnerability.
  2. Staubli Jacquard Industrial System JC6 Shellshock - Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.
  3. WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting - WordPress FV Flowplayer plugin version 7.2.0.727 suffers from a cross site scripting vulnerability.
  4. RSA Authentication Manager Cross Site Scripting - RSA Authentication Manager versions prior to 8.3 Patch 3 suffer from multiple cross site scripting vulnerabilities.
  5. Debian Security Advisory 4298-1 - Debian Linux Security Advisory 4298-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message.
  6. Faraday 3.1 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  7. mgetty 1.2.0 Buffer Overflow / Privilege Escalation - mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.
  8. HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write - Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.
  9. HITBSecConf2018PEK Call For CTF - JD-HITB2018 Beijing CTF plus Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and 2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win cash prizes worth up to USD 2000.
  10. Asterisk Project Security Advisory - AST-2018-009 - Asterisk Project Security Advisory - There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash.

Packetstorm Tools

  1. Faraday 3.1 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  2. Falco 0.12.1 - Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  3. VBScan Vulnerability Scanner 0.1.8 - VBScan is a black box vBulletin vulnerability scanner written in perl.
  4. DAVOSET 1.3.6 - DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  5. OpenSSL Toolkit 1.1.1 - OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  6. TOR Virtual Network Tunneling Tool 0.3.4.8 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  7. Samhain File Integrity Checker 4.3.0 - Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  8. TestSSL 2.9.5-7 - testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
  9. SQLMAP - Automatic SQL Injection Tool 1.2.9 - sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
  10. Blue Team Training Toolkit (BT3) 2.8 - Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Packetstorm Exploits

  1. Antidote 9.5.1 Code Execution - Antidote versions 9.5.1 and below suffer from an update related code execution vulnerability.
  2. Staubli Jacquard Industrial System JC6 Shellshock - Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.
  3. WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting - WordPress FV Flowplayer plugin version 7.2.0.727 suffers from a cross site scripting vulnerability.
  4. WebRTC VP9 Processing Use-After-Free - There is a use-after-free vulnerability in VP9 processing in WebRTC.
  5. WebRTC FEC Out-Of-Bounds Read - There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.
  6. NICO-FTP 3.0.1.19 Buffer Overflow - NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.
  7. Microsoft Windows NtEnumerateKey Privilege Escalation - Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.
  8. Microsoft Windows CiSetFileCache TOCTOU Security Feature Bypass - Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.
  9. RICOH MP 2001 Printer Cross Site Scripting - The RICOH MP 2001 printer suffers from cross site scripting and html injection vulnerabilities.
  10. RICOH SP 4510SF Printer Cross Site Scripting - The RICOH SP 4510SF printer suffers from cross site scripting and html injection vulnerabilities.

Securiteam Exploits

  1. Zziplib 0.13.62 discovered Denial Of Service Vulnerability - The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
  2. Oracle Advanced Outbound Telephony component unauthorized Remote Code Execution Vulnerability - Oracle Advanced Outbound Telephony is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  3. Oracle Flexcube Universal Banking 11.3.0 update Remote Code Execution Vulnerability - A local user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Core component to partially access and partially modify data
  4. Oracle Knowledge Management 12.1.3 critical Remote Code Execution Vulnerability - Oracle Knowledge Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  5. Oracle Marketing 12.1.1 critical Remote Code Execution Vulnerability - Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.