Hack Tools/Exploits

Hack Tools/Exploits

Astalavista Tools and Utilities

1. Exploits for November, 2010 - This archive contains all of the 352 exploits in November, 2010.
2. Xplico Network Forensic Analysis Tool 0.6.1 - Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
   
   Changes: Paltalk dissector, MSN basic dissector, various bug fixes.
3. Hyenae Packet Generator 0.36 - Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
   
   Changes: This release contains several bugfixes, documentation updates, and the long awaited support for HyenaeFE (a Qt based frontend).
4. Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks - It is essential that significant risk management resources be devoted to the ongoing evolution of any mission-critical system.
5. Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage - This paper describes the MERIT insider threat model and simulation results.
6. Specifications for Managed Strings - The managed string library provides mechanisms to eliminate or mitigate problems with manipulating strings and to improve system security via secure coding practices.
7. Applying OCTAVE: Practitioners Report - OCTAVE® is sufficiently flexible for organizations to address unique and highly contextual needs through tailoring.
8. More Netflow Tools: For Performance and Security - This paper presents a suite of tools for network traffic collection and analysis based on Cisco NetFlow.
9. Sets, Bags, and Rock and Roll: Analyzing Large Data Sets of Network Data - This paper introduces a new conceptual framework, based on sets of IP addresses, to monitor and analyze traffic on high-speed networks.
10. CERT Research Annual Report 2005 - The CERT Research group works to identify and eliminate shortcomings in security and survivability engineering methods. This report is on the period ending September 30, 2005.

Packetstorm Last 10 Files

1. LEET 11 Call For Papers - The 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) Call For Papers has been announced. Paper submissions are due Tuesday, January 25, 2011, 11:59 p.m. PST. This workshop will take place March 29, 2011 in Boston, MA.
2. MODx Revolution CMS Cross Site Scripting - MODx Revolution CMS version 2.0.4-pl2 suffers from a cross site scripting vulnerability.
3. phpMyAdmin Client Side Code Injection - phpMyAdmin suffers from client side code injection and redirect link falsification vulnerabilities.
4. Freefloat FTP Server 1.00 Directory Traversal - Freefloat FTP Server version 1.00 suffers from a directory traversal vulnerability.
5. Alguest 1.1c-patched SQL Injection - Alguest version 1.1c-patched suffers from a remote SQL injection vulnerability.
6. Xplico Network Forensic Analysis Tool 0.6.1 - Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
7. DIMVA 2011 Call For Workshops Proposals - Call For Workshops Proposals for the Eighth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 7th through the 8th, 2011 in Amsterdam, The Netherlands.
8. Zed Attack Proxy (ZAP) 1.1.0 - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
9. Alice 2.2 Arbitrary Code Execution - Alice version 2.2 suffers from an arbitrary code execution vulnerability.
10. AVG Internet Security 2011 Safe Search For IE Denial Of Service - AVG Internet Security 2011 Safe Search for Internet Explorer suffers from a denial of service vulnerability.

Packetstorm Tools

1. Xplico Network Forensic Analysis Tool 0.6.1 - Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
2. Hyenae Packet Generator 0.36 - Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
3. Dns2Tcp 0.5.2 - Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client does not need to be run with specific privileges.
4. Anonip IP Address Anonymizer 0.1 - Anonip replaces all IP addresses in a text file with a seemingly random one in a intelligent way. It is intended to anonymize the sensitive IP data in a file so that this file can be distributed without exposing one to security or privacy risks.
5. Bluelog Bluetooth Scanner/Logger 0.9.8 - Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
6. Nightwing 0.7.6 - Nightwing allows the creation of quickly deployed wireless networks without the need to make complicated configurations. With the implementation of a Mesh technology called B.A.T.M.A.N, Nightwing allows the extension of wireless networks with a simple way of adding devices that works with minimal human intervention. It has public and private connection interfaces, and the ability to filter content using OpenDNS. It is designed with security in mind, and has low hardware requirements.
7. LFI Map 1.3 - LFImap is a python script that tests leverages local file inclusion vulnerabilities to figure out the root of a file system, looks inside of some files and more.
8. Sydbox Sandbox 0.7.2 - Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
9. Hyenae Packet Generator 0.35-3 - Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
10. WiRouter KeyRec 1.0.1 - WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Packetstorm Exploits

1. MODx Revolution CMS Cross Site Scripting - MODx Revolution CMS version 2.0.4-pl2 suffers from a cross site scripting vulnerability.
2. phpMyAdmin Client Side Code Injection - phpMyAdmin suffers from client side code injection and redirect link falsification vulnerabilities.
3. Freefloat FTP Server 1.00 Directory Traversal - Freefloat FTP Server version 1.00 suffers from a directory traversal vulnerability.
4. Alguest 1.1c-patched SQL Injection - Alguest version 1.1c-patched suffers from a remote SQL injection vulnerability.
5. Alice 2.2 Arbitrary Code Execution - Alice version 2.2 suffers from an arbitrary code execution vulnerability.
6. AVG Internet Security 2011 Safe Search For IE Denial Of Service - AVG Internet Security 2011 Safe Search for Internet Explorer suffers from a denial of service vulnerability.
7. Winzip 15.0 WZFLDVW.OCX IconIndex Property Denial Of Service - Winzip suffers from a WZFLDVW.OCX IconIndex property access violation vulnerability.
8. Winzip 15.0 WZFLDVW.OCX Text Property Denial Of Service - Winzip suffers from a WZFLDVW.OCX text property access violation vulnerability.
9. Viscom VideoEdit Gold 8.0 Code Execution - Viscom VideoEdit Gold version 8.0 active-x remote code execution exploit.
10. Video Charge Studio 2.9.5.643 Buffer Overflow - Video Charge Studio versions 2.9.5.643 and below buffer overflow exploit that creates a malicious .vsc file.

Securiteam Exploits

1. HP LoadRunner Web Tours 9.10 Denial of Service Vulnerability - A potential vulnerability has been identified with HP LoadRunner Web Tours 9.10.
2. HP Storage Essentials Using LDAP Unauthenticated Access Vulnerability - A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication.
3. Palm webOS Camera Application Unauthorized Write Access Vulnerability - A potential security vulnerability has been identified with the webOS camera application.
4. Palm webOS Doc Viewer Execution of Arbitrary Code Vulnerability - A potential security vulnerability has been identified with Palm webOS Doc Viewer.
5. Adobe Shockwave Player Director File SetVertexArray Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.