Hack Tools/Exploits


Packetstorm Last 10 Files

  1. SUSE/Portus 2.2 Cross Site Scripting - SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
  2. DlxSpot Hardcoded Password - DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
  3. DlxSpot Shell Upload - DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.
  4. DlxSpot SQL Injection - DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass. Versions greater than 1.5.10 are affected.
  5. Microsoft Edge Partial Page Loading Memory Corruption - There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.
  6. Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.
  7. Microsoft Windows Kernel win32k!NtGdiHLSurfGetInformation Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiHLSurfGetInformation.
  8. Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.
  9. Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read - There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
  10. Microsoft Windows Kernel win32k!NtGdiEngCreatePalette Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiEngCreatePalette.

Packetstorm Tools

  1. TOR Virtual Network Tunneling Tool 0.3.1.7 - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  2. ifchk 1.0.8 - Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
  3. FireHOL 3.1.5 - FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  4. Ansvif 1.8 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  5. Mobius Forensic Toolkit 0.5.31 - Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
  6. Blue Team Training Toolkit (BT3) 2.5 - Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  7. MIMEDefang Email Scanner 2.82 - MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
  8. tcpdump 4.9.2 - tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
  9. Lynis Auditing Tool 2.5.5 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  10. Brutus FTP Attack Tool 0.3 - Brutus is a small threaded python FTP brute-force and dictionary attack tool. It supports several brute-force parameters such as a custom character sets, password length, minimum password length, prefix, and postfix strings to passwords generated.

Packetstorm Exploits

  1. SUSE/Portus 2.2 Cross Site Scripting - SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
  2. DlxSpot Hardcoded Password - DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
  3. DlxSpot Shell Upload - DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.
  4. DlxSpot SQL Injection - DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass. Versions greater than 1.5.10 are affected.
  5. Microsoft Edge Partial Page Loading Memory Corruption - There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.
  6. Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.
  7. Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.
  8. Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read - There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
  9. Microsoft Windows Kernel win32k!NtGdiEngCreatePalette Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiEngCreatePalette.
  10. Microsoft Windows Kernel win32k!NtGdiGetFontResourceInfoInternalW Memory Disclosure - The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetFontResourceInfoInternalW.

Securiteam Exploits

  1. Jasper 1.900.17 left shift Denial Of Service Vulnerability - libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
  2. Linux Kernel 3.18 compromise reflashing Execute Code Vulnerability - Linux Kernel is prone to a local code-execution vulnerability.This allows a local attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  3. Mybb Merge System 1.8.6 MyBB script Cross Site Scripting Vulnerability - Mybb Merge System is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user
  4. NTP 4.3.89 function Denial Of Service Overflow Vulnerability - The nextvar() function does not properly validate length.
  5. Oneplus Oxygenos 3.2.8 Remote Code Execution Vulnerability - An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.