Search Results for “Brute”

Vulnerabilities

Mar 07, 2024

Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a previously documented […]

root

Malware

Mar 14, 2023

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. “GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range,” Palo Alto Networks Unit 42 […]

root

Malware

Oct 17, 2022

Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a […]

root

Malware

Aug 07, 2022

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. “This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers […]

root

Data Security

Jul 26, 2022

Windows enables default account lockout policy for RDP (Remote Desktop Protocol) to reduce ransomware attacks based on brute forcing RDP

Microsoft has chosen to add specific security measures against brute force attacks against RDP (Remote Desktop Protocol). These security improvements have been introduced in the most recent builds of Windows 11. Given the evolution of this type of attack abusing RDP, Microsoft decided to add the security measure in the latest Insider Preview22528.1000. This system […]

root

Tutorials

Apr 25, 2022

How to do local privilege escalation attacks on Windows to brute force the local administrator account?

Privilege escalation attacks pose a severe cyber security risk to all kinds of systems in public and private organizations. In these attacks, threat actors exploit vulnerabilities or design flaws in operating systems and software applications to gain illegitimate access to resources that would otherwise be restricted to authorized users only, triggering dangerous hacking scenarios. As […]

root

Data Security

Sep 10, 2021

Passwords by Kaspersky Password Manager exposed to brute-force attack

If you are using Kaspersky Password Manager (KPM) for creating passwords, you might want to consider regenerating those you created before October 2019. According to Donjon, a security research team at Ledger passwords generated by KPM are so weak that it is easy to brute-force them. Researchers claim that they started analyzing Kaspersky’s password manager […]

root

News

Sep 10, 2021

T-Mobile hacker used brute force attack to steal customers’ data

A 21-year-old US citizen named John Binns has claimed responsibility for the T-Mobile data breach and labeled the carrier’s “security is awful.” Earlier this month, T-Mobile suffered a data breach in which a hacker claimed to steal the personal data of 100 million customers. Although the company acknowledged the breach yet claimed that the incident […]

root

Malware

Jul 06, 2021

Russian APT Hackers Launched A Mass Global Brute Force Attack to Hack Enterprise & Cloud Networks

Recently, in a joint warning, the cybersecurity agencies of the US and UK have released a set of large-scale brute-force attacks escorted by the Russia-linked APT28 hacking group. There were many other groups that have been tracked in this attack like, Fancy Bear, Pawn Storm, Sednit, Strontium, and Tsar Team. Not only this, even all […]

root

Web Application Security

May 01, 2021

WPCracker – WordPress User Enumeration And Login Brute Force Tool

WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password batches each […]

root

Malware

Jun 29, 2020

Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game

Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too

root

Hackers Repository

Dec 27, 2019

Async DNS Brute: DNS asynchronous brute force utility

Async DNS Brute A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It’s fast. Benchmarks on small VPS hosts put around 100k DNS resolutions at 1.5-2mins. An amazon M3… The post Async DNS Brute: DNS asynchronous brute force utility appeared first on Penetration Testing.

root

Hack Tools

Nov 11, 2019

GCPBucketBrute – A Script To Enumerate Google Storage Buckets, Determine What Access You Have To Them, And Determine If They Can Be Privilege Escalated

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script (optionally) accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will then be used to scan for the existence of […]

root

Exploitation Tools

Oct 21, 2019

XMLRPC Bruteforcer – An XMLRPC Brute Forcer Targeting WordPress

An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt Bugs If you get an xml.etree.ElementTree.ParseError: Did you forget to add ‘xmlrpc’ […]

root

Bruteforcing

Jul 21, 2019

Brute_Force – BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix

A tool to Brute force social media, email and streaming accounts. Install Brute_force pip install proxylist pip install mechanizegit clone https://github.com/Matrix07ksa/Brute_Force Usage: BruteForce Gmail Attack python3 Brute_Force.py -g Account@gmail.com -l File_list python3 Brute_Force.py -g Account@gmail.com -p Password_Single BruteForce Hotmail Attack python3 Brute_Force.py -t Account@hotmail.com -l File_list python3 Brute_Force.py -t Account@hotmail.com -p Password_Single […]

root

Bruteforcing

Jun 30, 2019

Patator – Multi-Purpose Brute-Forcer with a Modular Design and a Flexible Usage

Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. The tool was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Currently it supports the following modules: * ftp_login : Brute-force FTP * ssh_login […]

root

Bruteforcing

Jun 02, 2019

Facebash – Facebook Brute Forcer in shellscript using TOR

Facebook Brute Forcer in shellscript using TOR WARNING: Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass/h. Features Save/Resume sessions Anonymous attack through TOR Default Password List (+39k) How to Hack any Facebook Account with Z-Shadow Usage: git clone https://github.com/thelinuxchoice/facebash cd instashell chmod +x facebash.sh service […]

root

Ransomware

May 23, 2019

GetCrypt Ransomware Encrypts Files, Brute Forces Credentials

Here’s a new ransomware that not only encrypts files and programs on a computer, but attempts to brute force credentials as well. GetCrypt, a new ransomware that’s being installed through malvertising campaigns and which redirects victims to the RIG exploit kit, encrypts all files on a computer and then demands ransom for decrypting the files. […]

root

Bruteforcing

May 07, 2019

Kerbrute – A Tool To Perform Kerberos Pre-Auth Bruteforcing

A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. Background This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. I wanted something that didn’t require privileges to install a Kerberos client, and when I found […]

root

Hacking Tools

Mar 26, 2019

Gobuster – An Elegant CLI Utility for Brute Forcing URI Directories

Every reconnaissance phase has a standard checklist that is to be followed. If you’ve ever conducted or been a part of target recon you’ve most likely encountered, these steps: Network Scanning Directory Brute forcing Subdomain Brute forcing Target Mapping Today, we’ll be focusing on the the 2nd and 3rd contenders, with an awesome utility written […]

root

Malware

Mar 07, 2019

StealthWorker Brute-force Malware Attack on Windows & Linux Platform Via Hacked E-commerce Websites

Researchers discovered a new brute-force malware called StealthWorker that attack Windows & Linux platform via compromised E-commerce websites to steals personal information and payment data. This Stealthy malware written in Golang language which is very rarely used by malware authors and this language already being used by Mirai botnet develop module. In this case, E-commerce […]

root