Search Results for “Brute-force”

Vulnerabilities

Mar 07, 2024

Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a previously documented […]

root

Malware

Mar 14, 2023

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. “GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range,” Palo Alto Networks Unit 42 […]

root

Data Security

Sep 10, 2021

Passwords by Kaspersky Password Manager exposed to brute-force attack

If you are using Kaspersky Password Manager (KPM) for creating passwords, you might want to consider regenerating those you created before October 2019. According to Donjon, a security research team at Ledger passwords generated by KPM are so weak that it is easy to brute-force them. Researchers claim that they started analyzing Kaspersky’s password manager […]

root

Bruteforcing

Jun 30, 2019

Patator – Multi-Purpose Brute-Forcer with a Modular Design and a Flexible Usage

Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. The tool was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Currently it supports the following modules: * ftp_login : Brute-force FTP * ssh_login […]

root

Malware

Mar 07, 2019

StealthWorker Brute-force Malware Attack on Windows & Linux Platform Via Hacked E-commerce Websites

Researchers discovered a new brute-force malware called StealthWorker that attack Windows & Linux platform via compromised E-commerce websites to steals personal information and payment data. This Stealthy malware written in Golang language which is very rarely used by malware authors and this language already being used by Mirai botnet develop module. In this case, E-commerce […]

root

Bruteforcing

Feb 18, 2019

Password Cracking and Login Brute-force [Stats]

People are frequently misguided and look at the password brute-forcing (password cracking) as on a miracle approach to gain access to something, especially people not engaged in IT industry, non-tech folks (not sure if Hollywood is to blame). In any case, numerous times we’ve received inquiries from people asking us to “brute-force” some hashes or […]

root

Password

Dec 11, 2018

StegCracker – Brute-force Utility to Uncover Hidden Data Inside Files

Steganography is an art of hiding messages covert way so that exclusive the sender and recipient know the original message.This technique permits sender and receiver to communicate secretly and the third party won’t mindful of the correspondence happen. Steganalysis is the process of recovering hidden data, It decides the encoded hidden message, and if conceivable, it […]

root

Hacking Tools

Nov 29, 2018

Blazy – Open Source Modern Login Brute-forcer

I know what you are thinking, bruteforce doesn’t work anymore in many cases. However, Blazy is not just another brute-force tool. It can also check for CSRF (Cross Site Request Forgery), Clickjacking, Cloudflare hosts and even for WAF. It’s also multi threading and has very good error detection system. Installing Blazy As always, open up […]

root

Ransomware

Sep 07, 2018

Troldesh Ransomware Spreading Via Weaponized Word Document and RDP Brute-force Attack

Troldesh Ransomware emerges again and spreads all over the world. The crypto-ransomware variant was created in Russia, the previous variant of the ransomware encrypts the files and appends “.xtbl” extension whereas the new variant adds “.no_more_ransom” extension. Quick heal labs observed the ransomware is distributed by threat actors through RDP Brute-force Attack, Spam and phishing […]

root

Bruteforcing

Mar 08, 2018

CrawlBox – Easy Way to Brute-force Web Directory

Easy way to brute-force web directory. Operating Systems Tested: MacOSX Kali Linux Usage: python crawlbox.py [-h] [-v] [-w WORDLIST] url positional arguments: url specific target url, like domain.com optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST specific path to wordlist file -d DELAY […]

root

Password Attacks

Jan 01, 2018

RedLogin – SSH Brute-force Tools

Red Login: SSH Brute-force Tools. Features: High speed and precision CLI ( Console based ) Run the arbitrary command after the attack is successful ( Default ‘Uname -a’ ) Telegram messanger support for sending reports via bot API Usage: Redlogin.exe (Optional) -telegram ==> List of targets ip list ==> List of usernames want to test ==> List of […]

root

Hackers Repository

Dec 20, 2017

Brute Force Patator – Multi-purpose brute-forcer modular design

Brute-Force Patator – Multi-purpose brute-forcer modular design Brute-Force Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another […]

root

Vulnerabilities

Jun 26, 2017

UK Govt Wants Encryption Backdoors but Can’t Even Protect Its Email Servers From a Brute-Force Attack

A “determined” attacker has breached the email system of the UK Parliament over the weekend, according to a statement put out by the UK government on Sunday afternoon. The attack took place on Saturday and consisted of a brute-force attack that attempted to guess the passwords of email accounts belonging to various members of Parliament […]

root

Data Security

Apr 26, 2017

New Linux SSH Brute-force LUA Bot Shishiga Detected in the Wild

A new Linux malware has been spotted in the wild by security researchers at Eset, and it is much more sophisticated than any of the previously known Linux based malware. The security researchers have named this malware as “Linux/Shishiga” which utilizes four different protocols according to Eset research team. The protocols used are Telnet, HTTP and […]

root

How To

Oct 24, 2016

Auto_EAP – Automated Brute-Force Login Attacks

Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Install: ./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0 Initialized… […]

root

How To

Jul 18, 2016

How To Protect Your PC From A Brute-Force Attack

If someone is determined enough to guess your password using brute force then you need to lock down Windows . Here’s how to lock down Windows following several failed login attempts. Complex passwords can be a pain to remember and prone to mistyping, but shorter passwords can be much easier to guess by brute force. What […]

root

Data Security

Oct 09, 2015

WordPress XML-RPC Service Used to Amplify Brute-Force Attacks

Hackers are hiding hundreds or thousands of username/password combinations in one single XML-RPC request. WordPress sites are being abused once again and there is no surprise since the platform is the most popular CMS on the Internet, and the attack surface is literally enormous when compared to other website-building solutions. This time around, Sucuri’s security researchers […]

root