Archive | Exploits/Vulnerabilities




Sn1per – Penetration Testing Automation Scanner

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info […]

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment

WannaCry Ransomware Foiled By Domain Killswitch

Whilst I was away on a tropical island enjoying myself the Infosec Internet was on fire with news of the global WannaCry ransomware threat which showed up in the UK NHS and was spreading across 74 different countries. The Ransomware seems to be the first that is P2P using an SMB exploit from the NSA […]

Tags: , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Malware | Add a Comment

Intel Finally Patches Critical AMT Bug (Kinda)

Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the […]

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking | Add a Comment

Shadow Brokers Release Dangerous NSA Hacking Tools

It’s not the first time Shadow Brokers has been on the radar with NSA Hacking Tools, in August 2016 they exposed a bunch of 0-day exploits (also from 2013). This cache of tools appears to be from 2013, so was probably snatched during the same intrusion. This is somewhat more dangerous though as it provides […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Legal Issues | Add a Comment

PowerMemory – Exploit Windows Credentials In Memory

PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory, it levers Microsoft signed binaries to hack Windows. The method is totally new. It proves that it can be extremely easy to get credentials or any other information from Windows memory without needing to code in C-type languages. In addition, […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Password Cracking, Windows Hacking | Add a Comment

HashPump – Exploit Hash Length Extension Attack

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage

You can download HashPump here:

Or read more […]

Tags: , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Hacking Tools | Add a Comment

Kadimus – LFI Scanner & Exploitation Tool

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

Then you can run the configure file:

Then:

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

LastPass Leaking Passwords Via Chrome Extension

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Password Cracking, Web Hacking | Add a Comment

Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject commands into a Ubiquiti device which surprise, surprise, runs the web service as root. Apparently, they also got scammed […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Wireless Hacking | Add a Comment

Powerfuzzer – Automated Customizable Web Fuzzer

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user-friendly, modern, effective and to work consistently. It is also designed and coded to be modular and extendable, […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment

Popular Tags

computer-security · darknet · Database Hacking · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · XSS ·