Archive | Web Hacking


04 March 2014 | 2,350 views

EyeWitness – A Rapid Web Application Triage Tool

EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code […]

Continue Reading


24 February 2014 | 1,572 views

wig – WebApp Information Gatherer – Identify CMS

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of which package versions are include with […]

Continue Reading


22 January 2014 | 4,291 views

The 25 Worst Passwords Of 2013 – “password” Is Not #1

The worst passwords of 2013 – really, more like the most common. The majority come from the massive Adobe leak, which contributed over 40 million passwords and skewed the data a fair bit pushing “photoshop” and “adobe123″ into the list. Most of them are no surprise though, we published the top 10 most common passwords […]

Continue Reading


08 January 2014 | 1,213 views

Yahoo! Spread Bitcoin Mining Botnet Malware Via Ads

Bitcoin and other cryptocurrencies are pretty much headline news every day now, especially with the inflated values (Bitcoin over $1000 recently). We haven’t mentioned them for a long time though, back in 2012 we wrote about Hackers breaking into a Bitcoin Exchange Site called Bitcoinica. There have been plenty of Bitcoin related hacks since then, […]

Continue Reading


06 January 2014 | 2,203 views

xssless – An Automated XSS Payload Generator Written In Python

xssless is an automated XSS payload generator written in python. Usage Record request(s) with Burp proxy Select request(s) you want to generate, then right click and select “Save items” Use xssless to generate your payload: ./xssless.py burp_export_file Pwn! Features Automated XSS payload generation from imported Burp proxy requests Payloads are 100% asynchronous and won’t freeze […]

Continue Reading


25 November 2013 | 1,363 views

vBulletin.com Hacked – Forum User Emails & Encrypted Passwords Leaked

vBulletin.com hacked is the latest news going around, there seems to have been a spate of these lately, with huge numbers of user accounts leaked. Thankfully this time, the passwords are actually hashed, but with what algorithm – we aren’t quite sure. Perhaps someone could figure it out with HashTag. I do have some vBulletin […]

Continue Reading


20 November 2013 | 3,690 views

Cupid Media Hack Exposes 42 Million Passwords In Plain Text

42 Million Passwords – now that’s a big number, and the worst part – they aren’t even hashed. Nope, not at all – not even badly. Apparently the intrusion took place earlier this year, in January 2013 – but there was no public announcement. The data was found on the same server where the hacked […]

Continue Reading


06 November 2013 | 2,318 views

aidSQL – PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem […]

Continue Reading


04 November 2013 | 857 views

Anonymous Targets Singapore For Proposed Internet Licensing Rules

So the latest news in South East Asia is that someone claiming to be affiliated with Anonymous is waging a digital war against Singapore due to their proposed Internet licensing rules, which are akin to backdoor censorship. You can see the Youtube video here: The Anonymous Legion Threatens Singapore Government They already started by attacking […]

Continue Reading


28 October 2013 | 1,514 views

Major Adobe Hack – Acrobat & ColdFusion Source Code Leaked

So earlier this month there was a major Adobe hack and the source code for a couple of it’s mainstream products (Acrobat Reader, ColdFusion and ColdFusion Builder) was leaked and downloaded, most likely in it’s entirety. There was a bit of a panic surrounding this as the software is used by a lot of major […]

Continue Reading