Hack Tools, Utilities and Exploits

Astalavista Tools and Utilities

Packetstorm Last 10 Files

1. joomla1510-xss.txt - Joomla! version 1.5.10 suffers from multiple persistent cross site scripting vulnerabilities in the JA_Purity template.
2. kjtechforce-blindsql.txt - Kjtechforce Mailman Beta-1 suffers from a remote blind SQL injection vulnerability.
3. kjtechforce-sqldelete.txt - Kjtechforce Mailman Beta-1 suffers from a remote SQL injection delete row vulnerability.
4. pixelactivo-sqlbypass.txt - Pixelactivo version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5. pixelactivo-sql.txt - Pixelactivo version 3.0 suffers from a remote SQL injection vulnerability.
6. peazip-inject.txt - PeaZIP versions 2.6.1 and below compressed filename command injection proof of concept exploit.
7. MDVSA-2009-129.txt - Mandriva Linux Security Advisory 2009-129 - Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a.msi,.doc, or.mpp file. NOTE: some of these details are obtained from third party information. This update provides file-5.03, which is not vulnerable to this, and other unspecified issues.
8. dsa-1812-1.txt - Debian Security Advisory 1812-1 - Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util.
9. astalavista-pwned.txt - The Astalavista.com web site has been completely compromised and all user details have been exposed.
10. MDVSA-2009-128.txt - Mandriva Linux Security Advisory 2009-128 - Multiple security vulnerabilities have been identified and fixed in libmodplug. These range from integer to buffer overflows. The updated packages have been patched to prevent this.

Packetstorm Tools

1. iodine-0.5.2.tar.gz - iodine is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be useful in situations where Internet access is firewalled, but DNS queries are allowed. It needs a TUN/TAP device to operate. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.
2. wpadcheck_en.zip - Simple Freeware Network Checker to detect potentially dangerous entries in Microsoft DNS and WINS name servers (MS09-008).
3. kismet-2009-05-RC2.tar.gz - Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible interesting (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
4. advchk-3.00.tar.bz2 - Advchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.
5. pkd-1.4.tgz - ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent. This version adds support for libxtables, iptables 1.4.3.2, and Linux kernel 2.6.29. A port config option was added on the Python knock, so you don't have to have a bunch of UDP ports open on a firewall to pass a knock through to an internal client.
6. pdfresurrect-v0_6.tar.gz - PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also scrub or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
7. ProxyHarvest.txt - Proxy Harvesting tool that uses google and evaluates the sites.
8. mandos_1.0.10.orig.tar.gz - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
9. darkTouch.txt - darkTouch is a fuzzer that attempts to fingerprint the structure of a website.Written in Python.
10. rsbac-common-2.6-1.4.2.tar.bz2 - Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. This version is for the 2.6 kernel. This release is for Linux kernel 2.6.29.2. A significant speedup and even better SMP scalability are expected from the new RCU based list locking. The most important changes since 1.3.5 are the addition of VUM (Virtual User Management) support, OTP support for UM, support of ANY for NETLINK control, checking of CLOSE requests in RC, the addition of SCD target videomem and kernel attribute pagenr, ext4 secure delete support, and many small bugfixes too. Generic lists were changed to use RCU instead of rw spinlocks.

Packetstorm Exploits

1. joomla1510-xss.txt - Joomla! version 1.5.10 suffers from multiple persistent cross site scripting vulnerabilities in the JA_Purity template.
2. kjtechforce-blindsql.txt - Kjtechforce Mailman Beta-1 suffers from a remote blind SQL injection vulnerability.
3. kjtechforce-sqldelete.txt - Kjtechforce Mailman Beta-1 suffers from a remote SQL injection delete row vulnerability.
4. pixelactivo-sqlbypass.txt - Pixelactivo version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5. pixelactivo-sql.txt - Pixelactivo version 3.0 suffers from a remote SQL injection vulnerability.
6. peazip-inject.txt - PeaZIP versions 2.6.1 and below compressed filename command injection proof of concept exploit.
7. hostdirpro-passwd.txt - Host Directory PRO version 2.1.0 remote administrative password changing exploit.
8. webdirpro-backup.txt - Web Directory PRO suffers from a remote database backup vulnerability.
9. hostdirpro-backup.txt - Host Directory PRO version 2.1.0 suffers from a remote database backup vulnerability.
10. webdirpro-passwd.txt - Web Directory PRO remote administrative password changing exploit.

Securiteam Exploits

1. Nortel Contact Center Manager Server Password Disclosure Vulnerability - The Nortel Contact Center Manager Server web application provides a SOAP interface. This interface does not need authorisation and responds to certain requests with sensitive information.
2. ATEN IP KVM Switch Multiple Vulnerabilities - ATEN produces several IP KVM Switches. These devices can be used like normal kvm switches with an attached keyboard, mouse and monitor. However, it is also possible to access the hosts connected to them via a network using an ordinary PC as a client. As this function can be used via an insecure network, it is very important that this connection is cryptographically protected against sniffing of confidential data (e.g. keystrokes, monitor signals) and man in the middle attacks. The affected products provide an SSL encrypted web interface. After authenticating to the web interface the user can download a client program (java or windows). The ATEN client program contains temporary authentication data so that it can connect to the kvm switch without asking the user for username/password again.
3. HP Printers and HP Digital Senders Unauthorized Access to Files - A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files.
4. Android Improper Package Verification - Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission.
5. Sun Communications Express Multiple XSS - Several cross-site scripting vulnerabilities were found in two files/urls of the Sun Java System Communications Express.