Skip navigation.

exploit kits


just wondering if anyone has some of the latest exploit kits they can share. thanks in advanced!

normally people pay a

normally people pay a considerable amount of money for new exploit kits :P. Try searching around on Russian forums

Anything specific?

That's a pretty general request. Are you looking for anything specific? What are your research goals in this area?

If you give a little more detail then perhaps someone may be able to help. There maybe people on this site which have many different packs and I don't think they'll be willing to give you their complete collection.

-=[ dxp ]=-

thanx for replying fellas!

thanx for replying fellas! here are a couple of Exploit kits i have. i think i have few more kits and will post them as well too.

FirePack Lite

Adrenalin Exploit Kit



And the password for these exploit packs is??? :D

Member of Comodo Malware Research Group


try the default password buddy!

thx Technosoft-McDss for

thx Technosoft-McDss for helping me out.


ok peepz got 6 more kits for

ok peepz got 6 more kits for you check out. some of these contain executables so be smart and wise. the kits included are:

Fiesta Kit
MPack v0.99
My Sploits Kit
Fire Pack Kit





My Sploit Kit

Fire Pack
this one is different from the first one i uploaded.

password is the same as always!



I've been looking for a more recent version of Zeus!


can you say password for exploits


Adrenalin is not an exploit pack...its the webpanel of a bot.
i guess same goes for the bot zeus file in here.

Here are a bunch of exploit

Here are a bunch of exploit kits that I found a while ago, the password is: infected. A word of caution, I haven't done a lot with these so I have no idea if they are backdoored (which seems likely given where I found them) or have some other bad stuff put in them. There may be (and probably are) duplicates, I didn't sort them at all, and it is likely that there are parts missing.

thanx skuld for the share.

thanx skuld for the share. gonna check them out now.


PDF Exploit Kits

PDF Exploit Kits
link download????



Can you repost the link. for some reason it fails download.

A new exploit kit


I just came across this new small exploit kit today.

Exploits for Opera9, Firefox, Internet Explorer 4, 5, 6, and 7. Seperate module to exploit Adobe Reader util.printf() (CVE-2008-2992) vulnerability. Also, includes a module to deliver binaries via social engineering the visitor into accepting the download, similar to Fake AV.

So, what's so unique about it? Nothing really. Perhaps the fact that it obfuscates its PHP code which contains exploits, which isn't difficult to take off. Also, maybe because it doesn't use any parameter passing to scripts via URL, as most other packs do.
Here's a summary of some scripts:


Defines variables for loader and exploit URLs, database credentials, and control panel credentials.

URLs are defined for loader script ("load.php") and Adobe PDF exploit ("pdf.php").

Filename of binary which will be dropped ("1.exe").

Database host, name, credentials. Default DB name is "spl".

Control Panel's script name ("admcp.php"), username, and password (double MD5 hash of real pass). Default user is "root".


Defines functions and text for 404 page. Functions to identify browser, operating system, country (based on GeoIP), and encoding function to Unicode for Javascript (eg: "%u9090").


Configuration variables for social engineering module to convince the user to download the binary, similar to the idea used in RogueAV schemes.

"install.php" or "_install.php"

Database creation script. Will connect to the database with configured credentials and create necessary table.

CREATE TABLE `statistic` (
`id` int(10) NOT NULL auto_increment,
`ip` varchar(15) default NULL,
`os` varchar(30) default NULL,
`br` varchar(30) default NULL,
`country` varchar(2) default '--',
`good` int(1) NOT NULL default '0',
`mv` int(1) NOT NULL default '0',
`refer` varchar(300) NOT NULL,
`date` datetime default '2008-10-01 00:00:00',


Checks for presence of "install.php" and executes it. If visitor's IP was already logged then aborts with HTTP 200 status but shows a 404 page as defined in the variable of the "cfg/options.php" file.

Identifies country, browser, operating system, referer, IP address and updates the database. Includes "sploit.php" file for exploit generation.


Checks if "Unique" name is defined and aborts with 404 message from predefined variable if not defined. Determines the browser and loads appropriate exploit script:
"sploit/op9.php" - Opera
"sploit/ff.php" - Firefox
"sploit/ie7.php" - Internet Explorer 7
"sploit/ie.php" - Internet Explorer 4, 5, or 6.


Reads the executable which was defined in config file and serves it to the user. Updates database column "good" for this connection's IP address.


Contains the exploit for Adobe Reader ; CVE-2008-2992 ; util.printf(). Interestingly, the file contains obfuscated PHP script to generate the exploit. It has some protection against people attempting to modify the code and print out the exploit. It reads itself and looks for calls to "print | sprint | echo" and aborts if found. This prevents people from simply modifying the "eval" statement to see the real exploit code.

Delivers an executable file using social engineering technique similar to RogueAV by convincing the user of a threat or some required update. Messages can be customized per browser, operating system, and country.

Checks if visiting IP was already given a binary using this method and aborts if found.

If GET parameter "?a" is set then delivers the binary otherwise displays a convincing message and redirects back to itself with proper parameter.

You can download it from here:

Member of Comodo Malware Research Group

The file didn't include

The file didn't include vparivatel.php, do you have this someplace else for download?

Maybe an error

I just downloaded it from the site again and it dosn't seem the be included in the package.

Member of Comodo Malware Research Group


Great topic...!

Thanks for share all this content, i was looking for it for while ago without too much success.

Actually i have zopack v 1.2, let me know if you are interested on it.


Please post

I have not heard of that one. Is it original or a derivative on some of the more well known ones?


Hi, can you upload this zopack 1.2 for me ?
If your have older version that would be also nice.

P.S. let me the password.

Is this zopack a banking trojan ? i don't now anything about this zopack.



Well baracuda bot (same author as for zeus banking bot) or some recent exploit kit would be nice to blacklist.

bad know

baracuda bot is small code with ddos and loader i have 40K bot baracuda
zeus banking bot ! last builder now is i run

where you can know all and tell here?

try know 70% hidden ^^ me:

my Services: ddos,loader,banking,spyhunter,info,datahunter,smstroi,spambot,sploit..all for carder and research team.
my pm:

thank you

Could you upload the link for the Barucada ddos bot?

Thank you.


Can someone PM me the default password?


yeah, I'm interested in Zopack, send on the link, thanks for sharing.

More exploit packs. Full

More exploit packs.

Full List pack


Download it from here:

Member of Comodo Malware Research Group

office exploit kits

anyone got, know where to find office exploit kits. trying to develop a detection tool and need samples. thx

china come to

or pm me:

Do you happen to have the

Do you happen to have the latest Zeus sploit, Lucky Sploit, Unique Pack?
I wanna add detection code to my application.


Zeus sploit:THIS is the latest zeus botnet

@yoohav: Thanks a lot for

@yoohav: Thanks a lot for sharing this.

Does anyone have latest

Does anyone have latest exploit kits?