- Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
- Phrack Magazine: Digital hacking magazine.
- SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
- SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
- HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
- Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
- KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
- NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
- The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
- Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
- Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
- Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
india is a huge country of hundreds of castes dividing india badly . Due to casteism india is a weak and soft state . To make india strong and integrated our topmost priority should be to abolish casteim. for this an organisation ' INDIA FIGHTS CASTEISM ' is created. Let us join it and make INDIA A WORLD POWER.
Total Pageviews
Tuesday, 30 June 2020
Top 12 Websites For Hackers
Thursday, 11 June 2020
Spykey - FUD Win32 Keylogger And Reverse Shell
Related articles
- Pentest Standard
- Hacker Tools
- Pentest Example Report
- Hacking Jailbreak
- Hacking Attack
- Pentest Services
- Hacker
- Pentest Standard
- Pentesting And Ethical Hacking
- Pentest Plus
- Pentest Hardware
- Pentest Open Source
- How To Pentest A Website
- Pentest Jobs
- Hacking Gif
- Hacking To The Gate
- Hacking Programs
- Pentest Methodology
- Pentest Vs Ethical Hacking
- Pentest Firewall
Wednesday, 10 June 2020
An Overview Of Exploit Packs (Update 25) May 2015
Update May 12, 2015
Added CVE-2015-0359 and updates for CVE-2015-0336
Update February 19, 2015
Added Hanjuan Exploit kit and CVE-2015-3013 for Angler
http://www.kahusecurity.com |
Added CVE-2015-3010, CVE-2015-3011 for Agler and a few reference articles.
If you notice any errors, or some CVE that need to be removed (were retired by the pack authors), please let me know. Thank you very much!
Update December 12, 2014
Update Jan 8, 2014
This is version 20 of the exploit pack table - see the added exploit packs and vulnerabilities listed below.
I want to give special thanks to Kafeine L0NGC47, Fibon and Curt Shaffer for their help and update they made. Note the new Yara rules sheet / tab for yara rules for exploit kit.
I also want to thank Kahu security, Kafeine, Malforsec and all security companies listed in References for their research.
If you wish to be a contributor (be able to update/change the exploits or add yara rules), please contact me :)
If you have additions or corrections, please email, leave post comments, or tweet (@snowfl0w) < thank you!
The Wild Wild West image was created by Kahu Security - It shows current and retired (retiring) kits.
List of changed kits
=================================================================
The Explot Pack Table has been updated and you can view it here.
Exploit Pack Table Update 19.1 - View or Download from Google Apps
If you keep track of exploit packs and can/wish to contribute and be able to make changes, please contact me (see email in my profile)
I want to thank L0NGC47, Fibon, and Kafeine, Francois Paget, Eric Romang, and other researchers who sent information for their help.
Update April 28, 2013 - added CVE-2013-2423 (Released April 17, 2013) to several packs.
Now the following packs serve the latest Java exploit (update your Java!)
Other changes
Updated:
March 2013
The Explot Pack Table, which has been just updated, has migrated to Google Apps - the link is below. The new format will allow easier viewing and access for those who volunteered their time to keep it up to date.
In particular, I want to thank
L0NGC47, Fibon, and Kafeine for their help.
There are 5 tabs in the bottom of the sheet
Additions - with many thanks to Kahu Security
Hierarchy Exploit Pack
=================
CVE-2006-0003
CVE-2009-0927
CVE-2010-0094
CVE-2010-0188
CVE-2010-0806
CVE-2010-0840
CVE-2010-1297
CVE-2010-1885
CVE-2011-0611
JavaSignedApplet
Siberia Private
==========
CVE-2005-0055
CVE-2006-0003
CVE-2007-5659
CVE-2008-2463
CVE-2008-2992
CVE-2009-0075
CVE-2009-0927
CVE-2009-3867
CVE-2009-4324
CVE-2010-0806
Techno XPack
===========
CVE-2008-2992
CVE-2010-0188
CVE-2010-0842
CVE-2010-1297
CVE-2010-2884
CVE-2010-3552
CVE-2010-3654
JavaSignedApplet
"Yang Pack"
=========
CVE-2010-0806
CVE-2011-2110
CVE-2011-2140
CVE-2011-354
Version 14 Exploit Pack table additions:
Credits for the excellent Wild Wild West (October 2011 edition) go to kahusecurity.com
With many thanks to XyliBox (Xylitol - Steven), Malware Intelligence blog, and xakepy.cc for the information:
The full table in xls format - Version 14 can be downloaded from here.
The exploit pack table in XLSX format
The exploit pack table in csv format
P.S. There are always corrections and additions thanks to your feedback after the document release, come back in a day or two to check in case v.15 is out.
Kahusecurity issued an updated version of their Wild Wild West graphic that will help you learn Who is Who in the world of exploit packs. You can view the full version of their post in the link above.
----------------------------------------------
Bleeding Life 3.0
New Version Ad is here
====================================================================
Also, here is another article claiming it is not a fake http://community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
Go1 Pack CVE are reportedly
CVE-2006-0003
CVE-2009-0927
CVE-2010-1423
CVE-2010-1885
Does anyone have this pack or see it offered for sale?
Exploit kits I am planning to analyze and add (and/or find CVE listing for) are:
Also, here is a great presentation by Ratsoul (Donato Ferrante) about Java Exploits (http://www.inreverse.net/?p=1687)
--------------------------------------------------------
9. April 5, 2011 Version 9 ExploitPackTable_V9Apr11
It actually needs another update but I am posting it now and will issue version 10 as soon as I can.
Changes:
Phoenix 2.5
IFramer
Tornado
Bleeding life
Many thanks to Gunther for his contributions.
If you wish to add some, please send your info together with the reference links. Also please feel free to send corrections if you notice any mistakes
This is version 20 of the exploit pack table - see the added exploit packs and vulnerabilities listed below.
Exploit Pack Table Update 20 |
---|
Click to view or download from Google Apps |
I want to give special thanks to Kafeine L0NGC47, Fibon and Curt Shaffer for their help and update they made. Note the new Yara rules sheet / tab for yara rules for exploit kit.
I also want to thank Kahu security, Kafeine, Malforsec and all security companies listed in References for their research.
If you wish to be a contributor (be able to update/change the exploits or add yara rules), please contact me :)
If you have additions or corrections, please email, leave post comments, or tweet (@snowfl0w) < thank you!
The Wild Wild West image was created by Kahu Security - It shows current and retired (retiring) kits.
List of changed kits
Gong Da / GonDad | Redkit 2.2 | x2o (Redkit Light) | Fiesta (=Neosploit) | Cool Styxy | DotkaChef | |
---|---|---|---|---|---|---|
CVE-2011-3544 | CVE-2013-2551 | CVE-2013-2465 | CVE-2010-0188 | CVE-2010-0188 | CVE-2012-5692 | |
CVE-2012-0507 | CVE-2013-2471 | CVE-2013-0074/3896 | CVE-2011-3402 | CVE-2013-1493 | ||
CVE-2012-1723 | CVE-2013-1493 | CVE-2013-0431 |
| CVE-2013-2423 | ||
CVE-2012-1889 | CVE-2013-2460 | CVE-2013-0634 | CVE-2013-1493 | |||
CVE-2012-4681 | CVE-2013-2551 | CVE-2013-2423 | ||||
CVE-2012-5076 | ||||||
CVE-2013-0422 | ||||||
CVE-2013-0634 | ||||||
CVE-2013-2465 |
Angler | FlashPack = SafePack | White Lotus | Magnitude (Popads) | Nuclear 3.x | Sweet Orange |
---|---|---|---|---|---|
CVE-2013-0074/3896 | CVE-2013-0074/3896 | CVE-2011-3544 | CVE-2011-3402 | CVE-2010-0188 | CVE-2013-2423 |
CVE-2013-0634 | CVE-2013-2551 | CVE-2013-2465 | CVE-2012-0507 | CVE-2012-1723 | CVE-2013-2471 |
CVE-2013-2551 | CVE-2013-2551 | CVE-2013-0634 | CVE-2013-0422 | CVE-2013-2551 | |
CVE-2013-5329 | CVE-2013-2460 | CVE-2013-2423 | |||
CVE-2013-2471 ?? | CVE-2013-2471 | CVE-2013-2460 | |||
CVE-2013-2551 | CVE-2013-2551 |
CK | HiMan | Neutrino | Blackhole (last) | Grandsoft | Private EK |
---|---|---|---|---|---|
CVE-2011-3544 | CVE-2010-0188 | CVE-2013-0431 | CVE-2013-0422 | CVE-2010-0188 | CVE-2006-0003 |
CVE-2012-1889 | CVE-2011-3544 | CVE-2013-2460 | CVE-2013-2460 | CVE-2011-3544 | CVE-2010-0188 |
CVE-2012-4681 | CVE-2013-0634 | CVE-2013-2463* | CVE-2013-2471 | CVE-2013-0422 | CVE-2011-3544 |
CVE-2012-4792* | CVE-2013-2465 | CVE-2013-2465* | and + all or some | CVE-2013-2423 | CVE-2013-1347 |
CVE-2013-0422 | CVE-2013-2551 | CVE-2013-2551 | exploits | CVE-2013-2463 | CVE-2013-1493 |
CVE-2013-0634 | * switch 2463*<>2465* | from the previous | CVE-2013-2423 | ||
CVE-2013-3897 | Possibly + exploits | version | CVE-2013-2460 | ||
* removed | from the previous | ||||
version |
Sakura 1.x | LightsOut | Glazunov | Rawin | Flimkit | Cool EK (Kore-sh) | Kore (formely Sibhost) |
---|---|---|---|---|---|---|
cve-2013-2471 | CVE-2012-1723 | CVE-2013-2463 | CVE-2012-0507 | CVE-2012-1723 | CVE-2013-2460 | CVE-2013-2423 |
CVE-2013-2460 | CVE-2013-1347 | cve-2013-2471 | CVE-2013-1493 | CVE-2013-2423 | CVE-2013-2463 | CVE-2013-2460 |
and + all or some | CVE-2013-1690 | CVE-2013-2423 | CVE-2013-2471 | CVE-2013-2463 | ||
exploits | CVE-2013-2465 | CVE-2013-2471 | ||||
from the previous | ||||||
version |
Styx 4.0 | Cool | Topic EK | Nice EK |
---|---|---|---|
CVE-2010-0188 | CVE-2012-0755 | CVE-2013-2423 | CVE-2012-1723 |
CVE-2011-3402 | CVE-2012-1876 | ||
CVE-2012-1723 | CVE-2013-0634 | ||
CVE-2013-0422 | CVE-2013-2465 | ||
CVE-2013-1493 | cve-2013-2471 | ||
CVE-2013-2423 | and + all or some | ||
CVE-2013-2460 | exploits | ||
CVE-2013-2463 | from the previous | ||
CVE-2013-2472 | version | ||
CVE-2013-2551 | |||
Social Eng |
=================================================================
The Explot Pack Table has been updated and you can view it here.
Exploit Pack Table Update 19.1 - View or Download from Google Apps
If you keep track of exploit packs and can/wish to contribute and be able to make changes, please contact me (see email in my profile)
I want to thank L0NGC47, Fibon, and Kafeine, Francois Paget, Eric Romang, and other researchers who sent information for their help.
Update April 28, 2013 - added CVE-2013-2423 (Released April 17, 2013) to several packs.
Now the following packs serve the latest Java exploit (update your Java!)
- Styx
- Sweet Orange
- Neutrino
- Sakura
- Whitehole
- Cool
- Safe Pack
- Crime Boss
- CritX
Other changes
Updated:
- Whitehole
- Redkit
- Nuclear
- Sakura
- Cool Pack
- Blackhole
- Gong Da
- KaiXin
- Sibhost
- Popads
- Alpha Pack
- Safe Pack
- Serenity
- SPL Pack
There are 5 tabs in the bottom of the sheet
- 2011-2013
- References
- 2011 and older
- List of exploit kits
- V. 16 with older credits
March 2013
The Explot Pack Table, which has been just updated, has migrated to Google Apps - the link is below. The new format will allow easier viewing and access for those who volunteered their time to keep it up to date.
In particular, I want to thank
L0NGC47, Fibon, and Kafeine for their help.
There are 5 tabs in the bottom of the sheet
- 2011-2013
- References
- 2011 and older
- List of exploit kits
- V. 16 with older credits
- Neutrino - new
- Cool Pack - update
- Sweet Orange - update
- SofosFO aka Stamp EK - new
- Styx 2.0 - new
- Impact - new
- CritXPack - new
- Gong Da - update
- Redkit - update
- Whitehole - new
- Red Dot - new
The long overdue Exploit pack table Update 17 is finally here. It got a colorful facelift and has newer packs (Dec. 2011-today) on a separate sheet for easier reading.
Updates / new entries for the following 13 packs have been added (see exploit listing below)
Exploit lists for the added/updated packs
Updates / new entries for the following 13 packs have been added (see exploit listing below)
- Redkit
- Neo Sploit
- Cool Pack
- Black hole 2.0
- Black hole 1.2.5
- Private no name
- Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)
- Nuclear 2.1 (Update to 2.0 - actual v. # is unknown)
- CrimeBoss
- Grandsoft
- Sweet Orange 1.1 Update to 1.0 actual v. # is unknown)
- Sweet Orange 1.0
- Phoenix 3.1.15
- NucSoft
- Sakura 1.1 (Update to 1.0 actual v. # is unknown)
- AssocAID (unconfirmed)
Exploit lists for the added/updated packs
AssocAID (unconfirmed)
09-'12
CVE-2011-3106
CVE-2012-1876
CVE-2012-1880
CVE-2012-3683
Unknown CVE
5
Redkit
08-'12 |
CVE-2010-0188
CVE-2012-0507
CVE-2012-4681
3
Neo Sploit
09-'12
CVE-2012-1723
CVE-2012-4681
2?
Cool
08-'12
CVE-2006-0003
CVE-2010-0188
CVE-2011-3402
CVE-2012-0507
CVE-2012-1723
CVE-2012-4681
5
Black hole 2.0
09-'12
CVE-2006-0003
CVE-2010-0188
CVE-2012-0507
CVE-2012-1723
CVE-2012-4681
CVE-2012-4969 promised
5
Black hole 1.2.5
08-'12
CVE-2006-0003
CVE-2007-5659 /2008-0655
CVE-2008-2992
CVE-2009-0927
CVE-2010-0188
CVE-2010-1885
CVE-2011-0559
CVE-2011-2110
CVE-2012-1723
CVE-2012-1889
CVE-2012-4681
11
Private no name
09-'12
CVE-2010-0188
CVE-2012-1723
CVE-2012-4681
3
Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)
03-'12
CVE-2010-0188
CVE-2011-3544
CVE-2012-1723
CVE-2012-4681
4
Nuclear 2.1 (Update to 2.0 - actual v. # is unknown)
03-'12
CVE-2010-0188
CVE-2011-3544
CVE-2012-1723
3
CrimeBoss
09-'12
Java Signed Applet
CVE-2011-3544
CVE-2012-4681
3
Grandsoft
09-'12
CVE-2010-0188
CVE-2011-3544
2?
Sweet Orange 1.1
09-'12
CVE-2006-0003
CVE-2010-0188
CVE-2011-3544
CVE-2012-4681
4?
Sweet Orange 1.0
05-'12
CVE-2006-0003
CVE-2010-0188
CVE-2011-3544
3?
Phoenix 3.1.15
05-'12
CVE-2010-0842
CVE: 2010-0248
CVE-2011-2110
CVE-2011-2140
CVE: 2011-2371
CVE-2011-3544
CVE-2011-3659
Firefox social
CVE: 2012-0500
CVE-2012-0507
CVE-2012-0779
11
NucSoft
2012
CVE-2010-0188
CVE-2012-0507
2
Sakura 1.1
08-'12
CVE-2006-0003
CVE-2010-0806
CVE-2010-0842
CVE-2011-3544
CVE-2012-4681
5
Version 16. April 2, 2012
Thanks to Kahu security
for Wild Wild West graphic
for Wild Wild West graphic
The full table in xls format - Version 16 can be downloaded from here.
ADDITIONS AND CHANGES:
1. Blackhole Exploit Kit 1.2.3
Added:
- CVE-2011-0559 - Flash memory corruption via F-Secure
- CVE-2012-0507 - Java Atomic via Krebs on Security
- CVE-2011-3544 - Java Rhino via Krebs on Security
2. Eleonore Exploit Kit 1.8.91 and above- via Kahu Security
Added:
- CVE-2012-0507 - Java Atomic- after 1.8.91was released
- CVE-2011-3544 - Java Rhino
- CVE-2011-3521 - Java Upd.27 see Timo Hirvonen, Contagio, Kahu Security and Michael 'mihi' Schierl
- CVE-2011-2462 - Adobe PDF U3D
Also includes
"Flash pack" (presumably the same as before)
"Quicktime" - CVE-2010-1818 ?
there are rumors that Incognito development stopped after v.2 in 2011 and it is a different pack now. If you know, please send links or files.
Added after v.2 was released:
- CVE-2012-0507 - Java Atomic
See V.2 analysis via StopMalvertizing
4. Phoenix Exploit Kit v3.1 - via Malware Don't Need Coffee
Added:
- CVE-2012-0507 - Java Atomic
- CVE-2011-3544 - Java Rhino + Java TC (in one file)
5. Nuclear Pack v.2 - via TrustWave Spiderlabs
- CVE-2011-3544 Oracle Java Rhino
- CVE-2010-0840 JRE Trusted Method Chaining
- CVE-2010-0188 Acrobat Reader – LibTIFF
- CVE-2006-0003 MDAC
6. Sakura Exploit Pack > v.1 via DaMaGeLaB
- CVE-2011-3544 - Java Rhino (It was in Exploitpack table v15, listing it to show all packs with this exploit)
7. Chinese Zhi Zhu Pack via Kahu Security and Francois Paget (McAfee)
- CVE-2012-0003 - WMP MIDI
- CVE-2011-1255 - IE Time Element Memory Corruption
- CVE-2011-2140 - Flash 10.3.183.x
- CVE-2011-2110 - Flash 10.3.181.x
- CVE-2010-0806 - IEPeers
8. Gong Da Pack via Kahu Security
- CVE-2011-2140 - Flash 10.3.183.x
- CVE-2012-0003 - WMP MIDI
- CVE-2011-3544 - Java Rhino
- CVE-2010-0886 - Java SMB
- CVE-2010-0840 - JRE Trusted Method Chaining
- CVE-2008-2463 - Snapshot
- CVE-2010-0806 - IEPeers
- CVE-2007-5659/2008-0655 - Collab.collectEmailInfo
- CVE-2008-2992 - util.printf
- CVE-2009-0927 - getIco
- CVE-2009-4324 - newPlayer
Version 15. January 28, 2012
Additions - with many thanks to Kahu Security
Hierarchy Exploit Pack
=================
CVE-2006-0003
CVE-2009-0927
CVE-2010-0094
CVE-2010-0188
CVE-2010-0806
CVE-2010-0840
CVE-2010-1297
CVE-2010-1885
CVE-2011-0611
JavaSignedApplet
Siberia Private
==========
CVE-2005-0055
CVE-2006-0003
CVE-2007-5659
CVE-2008-2463
CVE-2008-2992
CVE-2009-0075
CVE-2009-0927
CVE-2009-3867
CVE-2009-4324
CVE-2010-0806
Techno XPack
===========
CVE-2008-2992
CVE-2010-0188
CVE-2010-0842
CVE-2010-1297
CVE-2010-2884
CVE-2010-3552
CVE-2010-3654
JavaSignedApplet
"Yang Pack"
=========
CVE-2010-0806
CVE-2011-2110
CVE-2011-2140
CVE-2011-354
Version 14. January 19, 2012
Version 14 Exploit Pack table additions:
Credits for the excellent Wild Wild West (October 2011 edition) go to kahusecurity.com
With many thanks to XyliBox (Xylitol - Steven), Malware Intelligence blog, and xakepy.cc for the information:
If you find any errors or CVE information for packs not featured , please send it to my email (in my profile above, thank you very much) .
- Blackhole 1.2.1 (Java Rhino added, weaker Java exploits removed)
- Blackhole 1.2.1 (Java Skyline added)
- Sakura Exploit Pack 1.0 (new kid on the block, private pack)
- Phoenix 2.8. mini (condensed version of 2.7)
- Fragus Black (weak Spanish twist on the original, black colored admin panel, a few old exploits added)
The full table in xls format - Version 14 can be downloaded from here.
The exploit pack table in XLSX format
The exploit pack table in csv format
P.S. There are always corrections and additions thanks to your feedback after the document release, come back in a day or two to check in case v.15 is out.
Version 13. Aug 20, 2011
Kahusecurity issued an updated version of their Wild Wild West graphic that will help you learn Who is Who in the world of exploit packs. You can view the full version of their post in the link above.
Version 13 exploit pack table additions:
- Bleeding Life 3.0
- Merry Christmas Pack (many thanks to kahusecurity.com)+
- Best Pack (many thanks to kahusecurity.com)
- Sava Pack (many thanks to kahusecurity.com)
- LinuQ
- Eleonore 1.6.5
- Zero Pack
- Salo Pack (incomplete but it is also old)
List of packs in the table in alphabetical order
- Best Pack
- Blackhole Exploit 1.0
- Blackhole Exploit 1.1
- Bleeding Life 2.0
- Bleeding Life 3.0
- Bomba
- CRIMEPACK 2.2.1
- CRIMEPACK 2.2.8
- CRIMEPACK 3.0
- CRIMEPACK 3.1.3
- Dloader
- EL Fiiesta
- Eleonore 1.3.2
- Eleonore 1.4.1
- Eleonore 1.4.4 Moded
- Eleonore 1.6.3a
- Eleonore 1.6.4
- Eleonore 1.6.5
- Fragus 1
- Icepack
- Impassioned Framework 1.0
- Incognito
- iPack
- JustExploit
- Katrin
- Merry Christmas Pack
- Liberty 1.0.7
- Liberty 2.1.0*
- LinuQ pack
- Lupit
- Mpack
- Mushroom/unknown
- Open Source Exploit (Metapack)
- Papka
- Phoenix 2.0
- Phoenix 2.1
- Phoenix 2.2
- Phoenix 2.3
- Phoenix 2.4
- Phoenix 2.5
- Phoenix 2.7
- Robopak
- Salo pack
- Sava Pack
- SEO Sploit pack
- Siberia
- T-Iframer
- Unique Pack Sploit 2.1
- Webattack
- Yes Exploit 3.0RC
- Zero Pack
- Zombie Infection kit
- Zopack
----------------------------------------------
Bleeding Life 3.0
New Version Ad is here
Merry Christmas Pack read analysis atkahusecurity.com | Best Pack kahusecurity.comread analysis at | Sava Pack read analysis at kahusecurity.com |
Eleonore 1.6.5 [+] CVE-2011-0611 [+] CVE-2011-0559 [+] CVE-2010-4452 [-] CVE-2010-0886 | Salo Pack Old (2009), added just for the collection | Zero Pack 62 exploits from various packs (mostly Open Source pack) |
LinuQ pack Designed to compromise linux servers using vulnerable PHPMyAdmin. Comes with DDoS bot but any kind of code can be loaded for Linux botnet creation.LinuQ pack is PhpMyAdmin exploit pack with 4 PMA exploits based on a previous Russian version of the Romanian PMA scanner ZmEu. it is not considered to be original, unique, new, or anything special. All exploits are public and known well. It is designed to be installed on an IRC server (like UnrealIRCD). IP ranges already listed in bios.txt can be scanned, vulnerable IPs and specific PMA vulnerabilities will be listed in vuln.txt, then the corresponding exploits can be launched against the vulnerable server. It is more like a bot using PMA vulnerabilities than exploit pack. It is using CVE-2009-1148 (unconfirmed) CVE-2009-1149 (unconfirmed) CVE-2009-1150 (unconfirmed) CVE-2009-1151 (confirmed) |
====================================================================
Version 12. May 26, 2011
additional changes (many thanks to kahusecurity.com)
Bomba
Papka
See the list of packs covered in the list below
The full table in xls format - Version 12 can be downloaded from here.
Version 11 May 26, 2011 Changes:
====================================================================
10. May 8, 2011 Version 10 Exploit Pack Table_V10May11
First, I want to thank everyone who sent and posted comments for updates and corrections.
*** The Wild Wild West picture is from a great post about evolution of exploit packs by Kahu Security Wild Wild West Update
As usual, send your corrections and update lists.
See the list of packs covered in the list below
The full table in xls format - Version 12 can be downloaded from here.
I want to thank everyone who sent packs and information :)
Version 11 May 26, 2011 Changes:
- Phoenix2.7
- "Dloader" (well, dloader is a loader but the pack is some unnamed pack http://damagelab.org/lofiversion/index.php?t=20852)
- nuclear pack
- Katrin
- Robopak
- Blackhole exploit kit 1.1.0
- Mushroom/unknown
- Open Source Exploit kit
====================================================================
10. May 8, 2011 Version 10 Exploit Pack Table_V10May11
First, I want to thank everyone who sent and posted comments for updates and corrections.
*** The Wild Wild West picture is from a great post about evolution of exploit packs by Kahu Security Wild Wild West Update
As usual, send your corrections and update lists.
Go1Pack (not included) as reported as being a fake pack, here is a gui. Here is a threatpost article referencing it as it was used for an attack
- Eleonore 1.6.4
- Eleonore 1.6.3a
- Incognito
- Blackhole
Also, here is another article claiming it is not a fake http://community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
Go1 Pack CVE are reportedly
CVE-2006-0003
CVE-2009-0927
CVE-2010-1423
CVE-2010-1885
Does anyone have this pack or see it offered for sale?
Exploit kits I am planning to analyze and add (and/or find CVE listing for) are:
- Open Source Exploit Kit
- SALO
- K0de
Legend:
Black color entries by Francois Paget
Red color entries by Gunther
Blue color entries by Mila
Also, here is a great presentation by Ratsoul (Donato Ferrante) about Java Exploits (http://www.inreverse.net/?p=1687)
--------------------------------------------------------
9. April 5, 2011 Version 9 ExploitPackTable_V9Apr11
It actually needs another update but I am posting it now and will issue version 10 as soon as I can.
Changes:
Phoenix 2.5
IFramer
Tornado
Bleeding life
Many thanks to Gunther for his contributions.
If you wish to add some, please send your info together with the reference links. Also please feel free to send corrections if you notice any mistakes
8. Update 8 Oct 22, 2010 Version 8 ExploitPackTable_V8Oct22-10
Changes:
- Eleonore 1.4.4 Moded added (thanks to malwareint.blogspot.com)
- Correction on CVE-2010-0746 in Phoenix 2.2 and 2.3. It is a mistake and the correct CVE is CVE-2010-0886 (thanks to ♫etonshell for noticing)
- SEO Sploit pack added (thanks to whsbehind.blogspot.com, evilcodecave.blogspot.com and blog.ahnlab.com)
7. Update 7 Oct 18, 2010 Version 7 ExploitPackTable_V7Oct18-10 released
thanks to SecNiche we have updates for Phoenix 2.4 :)
We also added shorthand/slang/abbreviated names for exploits for easy matching of exploits to CVE in the future. Please send us more information re packs, exploit names that can be added in the list. Thank you!
Thanks to Francois Paget (McAfee) we have updates for Phoenix 2.2 and Phoenix 2.3
5. Update 5. Sept 27, 2010 Version 5 ExploitPackTable_V5Sept26-10 released
Added updates for Phoenix 2.1 and Crimepack 3.1.3
4 Update 4 July 23, 2010 Version 4 ExploitPackTable_V4Ju23-10 released. Added a new Russian exploit kit called Zombie Infection Kit to the table. Read more at malwareview.com
Update 3 July 7, 2010. Please read more about this on the Brian Krebs' blog Pirate Bay Hack Exposes User Booty
Update 2 June 27, 2010 Sorry but Impassioned Framework is back where it belongs - blue
Update 1 June 24, 2010 Eleonore 1.4.1 columns was updated to include the correct list of the current exploits.
Francois Paget www.avertlabs.com kindly agreed to allow us to make additions to his Overview of Exploit Packs table published on Avertlabs (McAfee Blog)
Many thanks to Gunther from ARTeam for his help with the update. There are a few blanks and question marks, please do no hesitate to email me if you know the answer or if you see any errors.
Please click on the image below to expand it (it is a partial screenshot) Impassioned Framework is tentatively marked a different color because the author claims it is a security audit tool not exploit pack. However, there was no sufficient information provided yet to validate such claims. The pack is temporarily/tentatively marked a different color. We'll keep you posted.
Related articles
Subscribe to:
Posts (Atom)