The Latest Exploits/Vulnerabilities

Exploit Discussion

Find the Best Exploits/Vulnerabilities from 2018 here:


PowerMemory - Exploit Windows Credentials In Memory

PowerMemory – Exploit Windows Credentials In Memory

PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory, it levers Microsoft signed binaries to hack Windows. The method is totally new. It proves that it can be extremely easy to get credentials or any other information from Windows memory without needing to code in C-type languages. In addition, […]

Topic: Exploits/Vulnerabilities, Hacking Tools, Password Cracking, Windows Hacking
HashPump - Exploit Hash Length Extension Attack

HashPump – Exploit Hash Length Extension Attack

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage

You can download HashPump here:

Or read more […]

Topic: Cryptography, Exploits/Vulnerabilities, Hacking Tools
Kadimus - LFI Scanner & Exploitation Tool

Kadimus – LFI Scanner & Exploitation Tool

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

Then you can run the configure file:

Then:

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Topic: Exploits/Vulnerabilities, Hacking Tools, Web Hacking
Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject commands into a Ubiquiti device which surprise, surprise, runs the web service as root. Apparently, they also got scammed […]

Topic: Exploits/Vulnerabilities, Hardware Hacking, Wireless Hacking
Powerfuzzer - Automated Customizable Web Fuzzer

Powerfuzzer – Automated Customizable Web Fuzzer

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user-friendly, modern, effective and to work consistently. It is also designed and coded to be modular and extendable, […]

Topic: Exploits/Vulnerabilities, Hacking Tools, Secure Coding