Browsing tag
This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History) and also you can choose whatever HTTP VERB what do you want to customize.Usage Easy to use ! ? Don’t forget to click save button ! Changelog24 October 2019 – v1.0 First […]
Cross-platform backdoor using dns txt records. What is ddor?ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines.Features Allows a single txt record to have seperate commands for both linux and windows machines List of around 10 public DNS servers that it randomly chooses from Unpredictable call […]
According to digital forensics specialists at security firm Applied Risk there are more than 100 vulnerabilities in multiple building management systems (BMS) of various manufacturers. If exploited, these flaws would allow threat actors to deploy denial of service (DoS) and remote code execution (RCE) attacks, and even collect critical information about the operation of these […]
Again, WhatsApp has become the target of malicious hacker attacks. According to web application security specialists, a critical vulnerability has been revealed in the instant messaging service that, if exploited, would allow a threat actor to hack a smartphone using only a malicious mp4 file to generate denial of service conditions (DoS) or even remote […]
In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) […]
SQL InjectionIn this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection. What is SQL injection (SQLi)?SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an […]
Blind SQL Injection Tool with Golang.UsageDownload andor.go and go to the folder where the file andor.go located. And type this to command promt:go run andor.go –url “http://deneme.com/index.php?id=1″** Note: Get parameter value must be correct, otherwise it will not work. Download Andor
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. PurposeThis lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system […]
Ransomware attacks are still something to be wary of these days. 2019 saw a resurgence in ransomware attacks and they’re expected to grow even more rampant in the coming weeks as we hit the holiday season. The Thanksgiving weekend ushers in major sales events including Black Friday and Cyber Monday. Retailers, both brick-and-mortar and digital, […]
[*] RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution is based on shellcode generated with DonutCS. It is therefore a hybrid, although developed in .Net it does not rely solely on the Assembly.Load. This increases the detection surface, but allows us to […]
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites.Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the target, website asks […]
Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target website […]
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.Installation go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for more details.Checkout Signature Repo for base signature. UsageMore usage hereExample commands. jaeles scan -u http://example.comjaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txtjaeles scan –retry 3 –verbose -s “signatures/cves/jira-*” […]
According to data protection specialists, for one year now all Canadian companies have been subject to the Personal Information and Electronic Documents Protection Act, which requires them to report on any information security incidents. This is a fundamental change, since previously the cybersecurity incident report was submitted voluntarily; as of the entry into force of […]
According to reports from ethical hacking specialists, Chinese authorities managed to resolve more than 45,000 cybercrime cases, as well as arresting more than 60,000 suspects related to these crimes during the first 10 months of this year, all as part of a campaign to eradicate Internet crimes in China. More than 50% of crimes investigated […]
As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give code […]
A new threat has caught the attention of the cybersecurity community in Los Angeles, California. According to the district attorney office, some public USB charging points contain dangerous malware that could infect users’ devices. The alert, published directly by the Prosecutor’s Office, refers to reports on a technique known as “juice-jacking”, in which a threat […]
According to information security specialists, ZoneAlarm, the firewall software produced by security firm Check Point, was the victim of a data breach that compromised the information stored in one of the company’s online forums. After infiltrating the ZoneAlarm forum, threat actors gained illegitimate access to the full names, dates of birth, email addresses and passwords […]
This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can […]
A recent research published by vulnerability testing specialists from Purdue University details a new exploit that abuses some Android operating system smartphones through the use of malicious peripheral devices (specifically through Bluetooth and USB). The application processor of almost any relatively recent smartphone model uses the AT Command Interface to launch high-level commands to the […]
This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current release only supports NTLM, future releases aim to support MD5, SHA-1, SHA-256, and possibly more. Both Linux and Windows are supported!For more information, see the project website: https://www.rainbowcrackalack.com/VolunteeringThe project for generating NTLM 9-character […]