Think, Talk, Hack

Browsing category

Hackers Repository

Vulnx v1.9 – An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (WordPress, Joomla, Drupal, Prestashop…)

Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target website […]

root

Jaeles – The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.Installation go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for more details.Checkout Signature Repo for base signature. UsageMore usage hereExample commands. jaeles scan -u http://example.comjaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txtjaeles scan –retry 3 –verbose -s “signatures/cves/jira-*” […]

root

mihari v0.15 releases: a sidekick tool for TheHive for monitoring malicious hosts continuously

mihari mihari is a sidekick tool for TheHive for monitoring malicious hosts (C2 / landing page/phishing, etc.) continuously. How it works mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts from the… The post mihari v0.15 releases: a sidekick tool for TheHive for monitoring malicious hosts continuously appeared first on Penetration Testing.

root

kubesec v2.3.1 alpha releases: Security risk analysis for Kubernetes resources

kubesec Security risk analysis for Kubernetes resources Changelog v2.3.1 alpha 76b2707 Modified the GH actions release to work with go modules b96a1d6 Swapped goreleaser hook to use go modules 68ced39 Merged master into go-mod-test 388b806 Updated travis and… The post kubesec v2.3.1 alpha releases: Security risk analysis for Kubernetes resources appeared first on Penetration Testing.

root

Debian Releases Security Update for Mitigating a Series of CPU Vulnerabilities

The Debian Project released a new Linux kernel security update for its supported version of Debian GNU/Linux to address the latest vulnerabilities affecting Intel’s CPU microarchitecture. As previously revealed, four new security vulnerabilities have been discovered in the Linux kernel that has an impact on Intel CPUs: CVE-2019-11135, CVE-2018-12207, CVE-2019-0154, and CVE-2019-0155. These vulnerabilities could lead to privilege […]

root

Alabama Man Admits Using “the Largest Darknet Child Pornography Website”

The U.S. Attorney’s Office Northern District of Alabama announced that 29 year old Ryan Thomas Carver pleaded guilty to possession of a collection of pictures and videos depicting child sexual abuse. According to court documents, Carver purchased child abuse content from Welcome to Video, a now-defunct dark web “the largest darknet child pornography website” according […]

root

RFI/LFI Payload List

As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give code […]

root

Canonical Releases Linux Kernel Security Update for Ubuntu for Mitigating a Series of CPU Vulnerabilities

Canonical has released a new set of Linux kernel security updates for all of its supported Ubuntu releases to address the latest Intel CPU vulnerabilities and other important flaws. As announced a few days ago, Canonical quickly responded to the latest security vulnerabilities affecting Intel’s CPU microarchitecture, so they have now released Linux kernel updates […]

root

Sigma Hunting App: containing Sigma detection rules

Sigma Hunting App A Splunk App containing Sigma detection rules, which can be updated dynamically from a Git repository. Motivation Most of the modern Security Operations Center (SOC) store the detection rules in a… The post Sigma Hunting App: containing Sigma detection rules appeared first on Penetration Testing.

root

[Unpatch] Apache Flink remote code execution vulnerability alert

Recently, the security team found the Apache Flink arbitrary Jar package to upload the attack data that caused the remote code execution vulnerability. The attacker can use this vulnerability to upload any Jar package in the Apache Flink Dashboard page and use Metasploit to execute arbitrary code in the Apache Flink server. Apache Flink is […]

root

Evil-Winrm v1.9 – The Ultimate WinRM Shell For Hacking/Pentesting

This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can […]

root

How to disable Intel TSX to prevent Zombieload v2 attacks

To prevent the Zombieload v2 attack that was just exposed, Microsoft Windows and Linux kernel teams have introduced methods to turn off Intel Transactional Synchronization Extensions (TSX). The Zombieload vulnerability is related to TSX, which is similar to the previously disclosed Meltdown, Spectre, and Foreshadow, Fallout, and Zombieload v1 vulnerabilities, which use predictive execution to […]

root

SCShell: Fileless lateral movement tool to run command

SCShell Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn’t perform authentication against SMB everything is performed over DCERPC. The utility can be… The post SCShell: Fileless lateral movement tool to run command appeared first on Penetration Testing.

root

[Unpatch] Apache Shiro Padding Oracle remote code execution vulnerability alert

Recently, Apache Shiro Padding Oracle reveals remote code execution vulnerability. After we analysis and judgment, it is judged that the level of the vulnerability is serious and the damage surface/wide impact is wide. At present, Apache Shiro does not issue official patches and mitigation solutions. Apache Shiro is an open-source software security framework that performs […]

root

Rainbow Crackalack – Rainbow Table Generation And Lookup Tools

This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current release only supports NTLM, future releases aim to support MD5, SHA-1, SHA-256, and possibly more. Both Linux and Windows are supported!For more information, see the project website: https://www.rainbowcrackalack.com/VolunteeringThe project for generating NTLM 9-character […]

root

The Admin of SamSara Market is Gone

SamSara Market, the official yet unofficial successor to Dream Market, has been down for several days without any explanation from the market’s administration. The administrator of the market has been keeping the staff in the dark as well, according to a recent post by one of the market’s most senior staff members. Although the unexpected […]

root

mordor: provides pre-recorded security events

Mordor Gates The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data is categorized by platforms, adversary… The post mordor: provides pre-recorded security events appeared first on Penetration Testing.

root

leprechaun: map out the network data flow

Leprechaun The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what’s going… The post leprechaun: map out the network data flow appeared first on Penetration Testing.

root

Asset Discover – Burp Suite Extension To Discover Assets From HTTP Response

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.The extension is now part of the BApp store and can be installed directly from the Burp Suite. https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3eDescriptionPassively parses HTTP response of the URLs in scope and identifies different type assets such […]

root

Operation CROZET Suspects Admit Darkweb Drug Trafficking

Two residents of Melbourne, Australia, admitted they had used the dark web and the postal system to import drugs into Australia for distribution. The duo ran the drug trafficking operation from a two-bedroom apartment in Mernda, Melbourne. Steen McBeth and Jackson Li both 28 years old were arrested on October 27, 2017, following months of […]

root