Archive | Exploits/Vulnerabilities




HashPump – Exploit Hash Length Extension Attack

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage

You can download HashPump here:

Or read more […]

Tags: , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Hacking Tools | Add a Comment

Kadimus – LFI Scanner & Exploitation Tool

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

Then you can run the configure file:

Then:

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

LastPass Leaking Passwords Via Chrome Extension

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Password Cracking, Web Hacking | Add a Comment

Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject commands into a Ubiquiti device which surprise, surprise, runs the web service as root. Apparently, they also got scammed […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Wireless Hacking | Add a Comment

Powerfuzzer – Automated Customizable Web Fuzzer

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user-friendly, modern, effective and to work consistently. It is also designed and coded to be modular and extendable, […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment

Another MongoDB Hack Leaks Two Million Recordings Of Kids

No surprises here, but there’s been another big MongoDB hack and from the looks of it, it’s been owned for quite some time. This time 2 million records from over 820,000 accounts have been leaked due to yet another default MongoDB installation with no authentication listening on the public IP address. The terrible part is, […]

Tags: , , , , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities | Add a Comment

ShellNoob – Shellcode Writing Toolkit

ShellNoob is a Python-based Shellcode writing toolkit which removes the boring and error-prone manual parts from creating your own shellcodes. Do note this is not a shellcode generator or intended to replace Metasploit’s shellcode generator, it’s designed to automate the manual parts of shellcode creation like format conversion, compilation and testing, dealing with syscalls and […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment

crackle – Crack Bluetooth Smart Encryption (BLE)

crackle is a tool to crack Bluetooth Smart Encryption (BLE), it exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers. crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment

160,000 Network Printers Hacked

It’s a pretty simple hack (in a rather grey-hat fashion), but it’s getting a LOT of media coverage and 160,000 network printers hacked just goes to show once again the whole Internet of Things chapter we are entering is pretty scary. Definitely a neat hack tho, utilising the mass scanning power of Zmap and scanning […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Network Hacking | Add a Comment

OWASP VBScan – vBulletin Vulnerability Scanner

OWASP VBScan short for vBulletin Vulnerability Scanner is an open-source project in Perl programming language to detect VBulletin CMS vulnerabilities and analyse them. Features VBScan currently has the following: Compatible with Windows, Linux & OSX Up to date exploit database Full path disclosure Firewall detect & bypass Version check Upgrade config finder Random user agent […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

Popular Tags

computer-security · darknet · Database Hacking · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · XSS ·