Hack Tools/Exploits part 1

Hack Tools/Exploits

Astalavista Tools and Utilities

1. Data Loss Prevention - Whitepaper called Data Loss Prevention
2. The Risks of Client-Side Data Storage - Whitepaper called The Risks of Client-Side Data Storage
3. BadAss 0.5 Beta - BadAss is a Ruby script that makes it very easy to perform cracking attacks, port scanning, and more.
   Changes: Interface re-written from scratch. New ruby scripts added. Various other additions.
4. QuickRecon 0.3 - QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
   Changes: Qt4 based GUI. Improved Code.
5. Bluelog Bluetooth Scanner/Logger 0.9.9 - Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
   Changes: This is a major rewrite. Completely revamped device cache code is faster and more accurate while preventing redundant scans. New features such as Amnesia mode and preliminary OpenWRT support. Numerous bugfixes and optimizations. A recommended update for all users.
6. Web Application Security Part 1 - Brief whitepaper called Web Application Security - Part 1. It discusses using SQL injection for login bypass.
7. Linux Exploit Development Part 4 - Whitepaper called Linux exploit development part 4 - ASCII armor bypass + return-to-plt.
8. Covert Data Storage Channel Using IP Packet Headers - A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost undetectable fashion. Otherwise said, a covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. (Bingham, 2006)
9. Covert communications: subverting Windows applications - Whitepaper called Covert communications: subverting Windows applications
10. Inside-Out Vulnerabilities, Reverse Shells - Keeping data from leaking out of protected networks is becoming increasingly difficult due to the increase of malicious code that sends data from infected systems.

Packetstorm Last 10 Files

1. OpenSC Tools And Libraries For Smart Cards 0.12.2 - OpenSC consists of tools and libraries and a PKCS#11 module to use smart cards and initialize blank smart cards. It supports many commercial smart cards with filesystems, many national ID cards (read only), and some Java Card cards with specific Java Card applets. OpenSC implements the PKCS#15 standard. Cards initialized with OpenSC can be used (read-only) with other software implementing PKCS#15 standard and vice versa.
2. HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow - This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.
3. HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow - This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0 and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an attacker may be able to execute arbitrary code. Please note that this module only works against a specific build (ie. NNM 7.53_01195)
4. Java RMI Server Insecure Default Configuration Java Code Execution - This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
5. Ubuntu Security Notice USN-1150-1 - Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
6. Ubuntu Security Notice USN-1170-1 - Ubuntu Security Notice 1170-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. It was discovered that Xen did not correctly handle certain block requests. A local attacker in a Xen guest could cause the Xen host to use all available CPU resources, leading to a denial of service. Various other issues were also addressed.
7. MyST BlogSite URL Redirect / Information Leakage - MyST BlogSite suffers from arbitrary URL redirection and information leakage vulnerabilities.
8. Debian Security Advisory 2254-2 - Debian Linux Security Advisory 2254-2 - Jamie Strandboge noticed that the patch proposed to fix CVE-2011-1760 in OProfile has been incomplete. OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.
9. Using Metasploit With Nessus Bridge On Ubuntu - Whitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
10. Malware Analyser 3.2 - Malware Analyser is freeware tool to perform static and dynamic analysis on malwares.

Packetstorm Tools

1. Malware Analyser 3.2 - Malware Analyser is freeware tool to perform static and dynamic analysis on malwares.
2. Arachni Web Application Security Scanner Framework 0.2.4 - Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
3. ROP Gadget Tool 2.3 - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation.
4. SyRiAn Sh3ll 7 - SyRiAn Sh3ll is a PHP backdoor that allows for database access, local exploitation of the host, and more.
5. LFI Scanner 4.0 - This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target.
6. WiRouter KeyRec 1.0.8 - WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).
7. Nmap Port Scanner 5.59BETA1 - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
8. Yakamoz phpMyAdmin Finder - This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.
9. Haveged 1.2 - haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
10. NIELD (Network Interface Events Logging Daemon) 0.11 - Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.

nb : darknet