Exploit

UPDATE: winAUTOPWN v3.0!

by Mayuresh on April 18, 2012

in Penetration Testing, Security Reconnaissance, Tool Updates, Web Application Penetration Testing

Our original post about winAUTOPWN can be found here. Like metasploit winAUTOPWN is regularly updated and winAUTOPWN version 3.0 has been recently released.

“winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded portscan [...]

Tagged as: , , , , , , , ,

2 comments

Samba Patches remote code execution vulnerability

by Black on April 12, 2012

in Miscellaneous

After public release of samba vulnerabilty. Administrators using samba in their envirionment were in high alert. In the Samba open-source software that could enable an attacker to gain root privileges without any authentication. The bug is in all versions of Samba from 3.0.x to 3.6.3, but has been fixed in Samba 3.6.4, which is the [...]

Tagged as: ,

2 comments

UPDATE: Intersect 2.5!

by Mayuresh on April 7, 2012

in Open Source, Penetration Testing, Tool Updates

Our first post regarding Intersect, the post exploitation framework can be found here. Recently, an update – Intersect 2.5 – was made available to us!

“Intersect is a post-exploitation framework written in Python. The main goal of this project is to assist penetration testers in the automation of many post exploitation and data exfiltration tasks that [...]

Tagged as: , , ,

Be the first to comment!

POC: Cloudworm Candidate MS12-020

by Black on April 3, 2012

in Penetration Testing, Portable, Reverse Engineering, Windows

As per new researches show that it is highly probably that many Windows cloud images may be vulnerable to a MS12-020 RDP exploit by default.
People are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible.
Technical people know this. Not all cloud customers [...]

Tagged as: , , , ,

Be the first to comment!

XSS ChEF: Chrome Extension Exploitation Framework

by Black on March 14, 2012

in Open Source, Security Reconnaissance, Security tools, Web Application Penetration Testing

XSS ChEF is a Chrome Extension Exploitation Framework. Think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation. We have published about Chrome Extensions for web application security for scanning , testing ,reporting etc. In addition to that this is also a great tool.

Features of XSS [...]

Tagged as: , , ,

Be the first to comment!

UPDATE: Metasploit Framework 4.2.0!

by Mayuresh on February 23, 2012

in Penetration Testing, Security Reconnaissance, Tool Updates, Web Application Penetration Testing

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 4.2.0! Our first post regarding the MSF can be found here.

“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, [...]

Tagged as: , , , , , , , , , , , , , , , , ,

Be the first to comment!

Intersect: Automated post-exploitation tool for Linux

by Black on February 21, 2012

in Penetration Testing, Portable, Security Reconnaissance, Security tools

Intersect 2.0 is a Python script written to perform automated Post-Exploitation information gathering and reporting. The general idea is that after you have exploited a target, you run this script and it performs a variety of tasks that you would normally need to perform manually. Intersect will collect password files, copy SSH keys, enumerate processes [...]

Tagged as: , , ,

2 comments

PoC Linux privilege escalation exploits

by Black on January 27, 2012

in Miscellaneous

POC proof-of-concept exploit code for a recently spotted privilege escalation flaw CVE-2012-0056 ( POC Linux privilege escalation exploits ) in the Linux kernel has left Linux vendors scrambling to push out a patch.
As per POC Linux privilege escalation exploits papers flaw affects versions 2.6.39 and above of the Linux kernel code, and the OS’ creator Linus Torvalds published [...]

Tagged as: , , ,

Be the first to comment!

Page 1 of 1
1