Latest Exploits / Tools

Latest Exploits

  • Wed, 28 Sep 2016 23:32:22 +0000: Symantec Messaging Gateway 10.6.1 Directory Traversal - Exploit Files ≈ Packet Storm
    Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability.
  • Wed, 28 Sep 2016 22:22:22 +0000: D-Link DWR-932B Backdoors / Default WPS PIN - Exploit Files ≈ Packet Storm
    D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.
  • Wed, 28 Sep 2016 20:32:22 +0000: Exponent CMS 2.3.9 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability.
  • Wed, 28 Sep 2016 20:32:22 +0000: VLC Media Player 2.2.1 Buffer Overflow - Exploit Files ≈ Packet Storm
    VLC Media Player version 2.2.1 suffers from a buffer overflow vulnerability.
  • Wed, 28 Sep 2016 04:02:08 +0000: TP-Link Archer CR-700 Cross Site Scripting - Exploit Files ≈ Packet Storm
    TP-Link Archer CR-700 suffers from a cross site scripting vulnerability.
  • Wed, 28 Sep 2016 04:00:06 +0000: NetMan 204 Backdoor Account - Exploit Files ≈ Packet Storm
    NetMan 204 suffers from having a backdoor account being installed by default.
  • Wed, 28 Sep 2016 01:11:11 +0000: FreePBX Remote Command Execution - Exploit Files ≈ Packet Storm
    FreePBX versions prior to 13.0.188 remote root exploit.
  • Tue, 27 Sep 2016 18:32:32 +0000: Adobe Flash 23 Sandbox Bypass - Exploit Files ≈ Packet Storm
    Adobe Flash versions 23 and below local-with-filesystem sandbox bypass via navigateToURL() and UI redressing. Proof of concept included.
  • Tue, 27 Sep 2016 16:32:22 +0000: AVer Information EH6108H+ Authentication Bypass / Inforation Exposure - Exploit Files ≈ Packet Storm
    AVer Information EH6108H+ hybrid DVR suffers from authentication bypass, hard-coded credential, and information exposure vulnerabilities.
  • Tue, 27 Sep 2016 14:44:44 +0000: Skype DLL Hijacking - Exploit Files ≈ Packet Storm
    The Skype installer suffers from a dll hijacking vulnerability.
  • Tue, 27 Sep 2016 14:02:22 +0000: Ipod Video Converter DLL Hijacking - Exploit Files ≈ Packet Storm
    Ipod Video Converter suffers from a dll hijacking vulnerability.
  • Tue, 27 Sep 2016 01:31:16 +0000: Linux Kernel 4.6.3 Netfilter Privilege Escalation - Exploit Files ≈ Packet Storm
    This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686
  • Tue, 27 Sep 2016 01:30:50 +0000: Android Stagefright MP4 tx3g Integer Overflow - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browser. Exploitation is done by supplying a specially crafted MP4 file with two tx3g atoms that, when their sizes are summed, cause an integer overflow when processing the second atom. As a result, a temporary buffer is allocated with insufficient size and a memcpy call leads to a heap overflow. This version of the exploit uses a two-stage information leak based on corrupting the MetaData that the browser reads from mediaserver. This method is based on a technique published in NorthBit's Metaphor paper. First, we use a variant of their technique to read the address of a heap buffer located adjacent to a SampleIterator object as the video HTML element's videoHeight. Next, we read the vtable pointer from an empty Vector within the SampleIterator object using the video element's duration. This gives us a code address that we can use to determine the base address of libstagefright and construct a ROP chain dynamically. NOTE: the mediaserver process on many Android devices (Nexus, for example) is constrained by SELinux and thus cannot use the execve system call. To avoid this problem, the original exploit uses a kernel exploit payload that disables SELinux and spawns a shell as root. Work is underway to make the framework more amenable to these types of situations. Until that work is complete, this exploit will only yield a shell on devices without SELinux or with SELinux in permissive mode.
  • Mon, 26 Sep 2016 14:02:22 +0000: NetDrive 2.6.12 Privilege Escalation - Exploit Files ≈ Packet Storm
    NetDrive version 2.6.12 suffers from an unquoted service path privilege escalation vulnerability.
  • Mon, 26 Sep 2016 13:02:22 +0000: Elantech-Smart Pad 11.9.0.0 Privilege Escalation - Exploit Files ≈ Packet Storm
    Elantech-Smart Pad version 11.9.0.0 suffers from an unquoted service path privilege escalation vulnerability.
  • Mon, 26 Sep 2016 12:01:11 +0000: MSI NTIOLib.sys / WinIO.sys Local Privilege Escalation - Exploit Files ≈ Packet Storm
    MSI NTIOLib.sys and WinIO.sys suffers from a local privilege escalation vulnerability.
  • Mon, 26 Sep 2016 11:11:11 +0000: Iperius Remote 1.7.0 Privilege Escalation - Exploit Files ≈ Packet Storm
    Iperius Remote version 1.7.0 suffers from an unquoted service path privilege escalation vulnerability.
  • Mon, 26 Sep 2016 10:01:11 +0000: Macro Expert 4.0 Privilege Escalation - Exploit Files ≈ Packet Storm
    Macro Expert version 4.0 suffers from multiple privilege escalation vulnerabilities.
  • Mon, 26 Sep 2016 09:22:22 +0000: Epson WorkForce Lack Of Firmware Signing / CSRF - Exploit Files ≈ Packet Storm
    Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates. Additionally, they suffer from a cross site request forgery vulnerability that allows an attacker to commit such a firmware update.
  • Sun, 25 Sep 2016 13:22:22 +0000: u5 CMS 5.1.4 Open Redirect - Exploit Files ≈ Packet Storm
    u5 CMS version 5.1.4 suffers from an open redirection vulnerability.

Latest Tools

  • Wed, 28 Sep 2016 04:04:49 +0000: Lynis Auditing Tool 2.3.4 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Mon, 26 Sep 2016 23:32:32 +0000: OpenSSL Toolkit 1.0.2j - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Mon, 26 Sep 2016 23:04:44 +0000: MIMEDefang Email Scanner 2.79 - Security Tool Files ≈ Packet Storm
    MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
  • Mon, 26 Sep 2016 22:22:22 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.6.0 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Sat, 24 Sep 2016 02:54:11 +0000: TOR Virtual Network Tunneling Tool 0.2.8.8 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Thu, 22 Sep 2016 16:33:30 +0000: Faraday 2.1.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Thu, 22 Sep 2016 16:31:17 +0000: OpenSSL Toolkit 1.0.2i - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Thu, 15 Sep 2016 15:55:55 +0000: Keypatch 2.0 - Security Tool Files ≈ Packet Storm
    Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.
  • Tue, 13 Sep 2016 03:33:33 +0000: CodeWarrior 0.3 - Security Tool Files ≈ Packet Storm
    CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.
  • Fri, 09 Sep 2016 02:01:48 +0000: Tinycrypt.asm Training Ransomware Virus - Security Tool Files ≈ Packet Storm
    Tinycrypt.asm is a training ransomware virus that is fully configurable to your needs but it is designed to be very controllable. It was designed to be used with the PoShFoTo incident response toolkit.
  • Thu, 08 Sep 2016 13:27:34 +0000: Wireshark Analyzer 2.2.0 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Wed, 07 Sep 2016 18:32:22 +0000: Suricata IDPE 3.1.2 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Fri, 02 Sep 2016 23:05:40 +0000: Nmap Port Scanner 7.25BETA2 - Security Tool Files ≈ Packet Storm
    Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
  • Thu, 01 Sep 2016 13:26:31 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.5.8 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Sun, 28 Aug 2016 15:18:10 +0000: Stegano 0.6.1 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Sun, 28 Aug 2016 04:12:35 +0000: OATH Toolkit 2.6.2 - Security Tool Files ≈ Packet Storm
    OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
  • Sat, 27 Aug 2016 09:32:22 +0000: Blue Team Training Toolkit (BT3) 2.0 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Fri, 26 Aug 2016 13:33:33 +0000: Htcap Analysis Tool 1.0.1 - Security Tool Files ≈ Packet Storm
    Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
  • Wed, 24 Aug 2016 23:33:26 +0000: TOR Virtual Network Tunneling Tool 0.2.8.7 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Tue, 23 Aug 2016 14:23:11 +0000: Lynis Auditing Tool 2.3.3 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

@Risk Exploits

ExploitDB