Empty stares…from each corner of a shared prison cell

Hack Tools, Utilities and Exploits


Hack Tools, Utilities and Exploits

Astalavista Tools and Utilities

Packetstorm Last 10 Files

  1. cmsfaethon-sql.txt – CmsFaethon version 2.2.0 SQL injection and command execution exploit using info.php.
  2. blogwrite-sql.txt – BlogWrite version 0.91 remote file disclosure and remote SQL injection exploit.
  3. eagbook-exec.txt – ea-gBook version 0.1 remote command execution with remote file inclusion exploit.
  4. rainbowcrack-1.3-win.zip – RainbowCrack is an instant Microsoft Windows password cracker based on Philippe Oechslin’s faster time-memory trade-off technique. Windows binary release.
  5. dsa-1724-1.txt – Debian Security Advisory DSA 1724-1 – Several vulnerabilities have been discovered in Moodle, an online course management system.
  6. nokian958-dos.txt – Nokia N95-8 proof of concept denial of service exploit code.
  7. facebook-reconpwn.txt – Netragard’s account of using Facebook to earn the trust of a company’s employees and turning the tables on them.
  8. samizdat-xss.txt – Samizdat versions 0.6.1 and below suffer from a persistent cross site scripting vulnerability.
  9. barracuda-xss.pdf – The Barracuda Load Balancer suffers from a cross site scripting vulnerability in the administrative login page.
  10. cryptsetup-fail.txt – cryptsetup on Debian fails to destroy a keyslot when it has been used to unlock the master key.

Packetstorm Tools

  1. rainbowcrack-1.3-win.zip – RainbowCrack is an instant Microsoft Windows password cracker based on Philippe Oechslin’s faster time-memory trade-off technique. Windows binary release.
  2. sipwitch-0.4.0.tar.gz – GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
  3. tor-0.2.0.34.tar.gz – Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  4. sql-fuzzer.py.txt – SQL Fuzzer version 1.0 that is written in Python. Yes, another one.
  5. Hybrid.V.0.2.tar.gz – The Hybrid Botnet Remote Administration System version 0.2 contains a perl bot, console application and HTTP administration panel using PHP and MySQL. Written for Linux.
  6. SFX-SQLi-Source.zip – Proof of concept tool called SFX-SQLi that implements an extremely fast method of extracting MS-SQL server information.
  7. scannedonly-0.12.tar.gz – Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren’t marked clean.
  8. sqlmap-0.6.4.tar.gz – sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
  9. tor.uclibc.i686.20090131.iso – Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
  10. RFIDIOt-0.1w.tgz – RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).

Packetstorm Exploits

  1. cmsfaethon-sql.txt – CmsFaethon version 2.2.0 SQL injection and command execution exploit using info.php.
  2. blogwrite-sql.txt – BlogWrite version 0.91 remote file disclosure and remote SQL injection exploit.
  3. eagbook-exec.txt – ea-gBook version 0.1 remote command execution with remote file inclusion exploit.
  4. nokian958-dos.txt – Nokia N95-8 proof of concept denial of service exploit code.
  5. samizdat-xss.txt – Samizdat versions 0.6.1 and below suffer from a persistent cross site scripting vulnerability.
  6. barracuda-xss.pdf – The Barracuda Load Balancer suffers from a cross site scripting vulnerability in the administrative login page.
  7. vlinks-sql.txt – Vlinks version 1.1.6 suffers from a remote SQL injection vulnerability.
  8. ntvspor-xsrf.txt – NtvSpor Online Game password changing cross site request forgery exploit.
  9. ideacart-lfisql.txt – IdeaCart version 0.02 suffers from local file inclusion and remote SQL injection vulnerabilities.
  10. barancms-sqlxssupload.txt – Baran CMS version 1.0 suffers from file upload, cross site scripting, SQL injection, cookie manipulation, and database disclosure vulnerabilities.

Securiteam Exploits

  1. VNC Multiple Integer Overflows – Multiple integer overflow vulnerabilities have been discovered in UltraVNC [1] and TightVNC [2], two (open source) remote control applications derived from the popular VNC [3] software.
  2. Novell GroupWise WebAccess Cross-Site Request Forgery (CSRF) – A vulnerability in Novell’s GroupWise WebAccess product has been found to allow attackers to forge responses that are returned by the server, this in turn can be used to trick the legitimate users …
  3. OpenSG Radiance RGBE Buffer Overflow Vulnerability – “OpenSG is a portable scenegraph system to create realtime graphics programs, e.g. for virtual reality applications”. Secunia Research has discovered a vulnerability in OpenSG, which can be exploit…
  4. Cisco Security Manager Vulnerability – Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthe…
  5. Cisco Unified Communications Manager CAPF Denial of Service Vulnerability – Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this v…
  6. Browser Fuzzer –Make your website safer. Use external penetration testing service. First report ready in one hour!
  7. FSpy – Linux Filesystem Activity Monitoring –Make your website safer. Use external penetration testing service. First report ready in one hour!
  8. telnetrecon – Telnet Recon –Make your website safer. Use external penetration testing service. First report ready in one hour!
  9. Zerowine Sandbox –Make your website safer. Use external penetration testing service. First report ready in one hour!
  10. JPEG Fuzzer –Make your website safer. Use external penetration testing service. First report ready in one hour!

Leave a Reply