Darknet – Page 17 – WindowsTechs.com

XXE Injection Attacks – XML External Entity Vulnerability With Examples

Posted on October 25, 2017 by Darknet

XXE Injection Attacks or XML External Entity vulnerabilities are a specific type of Server Side Request Forgery or SSRF attack relating to abusing features within XML parsers.

The features these attacks go after are widely available but rarely used and when trigged can cause a DoS (Denial of Service) attack and in some cases much more serious escalation like extraction of sensitive data or in worst case scenarios RCE or Remote Code Execution.

Read the rest of XXE Injection Attacks – XML External Entity Vulnerability With Examples now! Only available at Darknet.

Continue reading XXE Injection Attacks – XML External Entity Vulnerability With Examples→

SQLiv – SQL Injection Dork Scanning Tool

Posted on October 23, 2017 by Darknet

SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning.

SQLiv Massive SQL Injection Scanner Features

Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot of URLs. It’s a fairly new tool and there are plans for more features and to add support for other search engines like DuckDuckGo.

Read the rest of SQLiv – SQL Injection Dork Scanning Tool now! Only available at Darknet.

Continue reading SQLiv – SQL Injection Dork Scanning Tool→

OSSIM Download – Open Source SIEM Tools & Software

Posted on October 20, 2017 by Darknet

OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.

OSSIM stands for Open Source Security Information Management, it was launched in 2003 by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Read the rest of OSSIM Download – Open Source SIEM Tools & Software now! Only available at Darknet.

Continue reading OSSIM Download – Open Source SIEM Tools & Software→

What You Need To Know About KRACK WPA2 Wi-Fi Attack

Posted on October 19, 2017 by Darknet

The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself, not the implementation. It’s a flaw in the 4 way handshake for WP2 compromised by a Key Reinstallation Attack.

This means any device that has correctly implemented WPA2 is likely affected (so basically everything that has Wi-Fi capability) – this includes Android, Linux, Apple, Windows, OpenBSD and more.

Read the rest of What You Need To Know About KRACK WPA2 Wi-Fi Attack now! Only available at Darknet.

Continue reading What You Need To Know About KRACK WPA2 Wi-Fi Attack→

Spaghetti Download – Web Application Security Scanner

Posted on October 17, 2017 by Darknet

Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations, and misconfigurations.

It is built on Python 2.7 and can run on any platform which has a Python environment.

Features of Spaghetti Web Application Security Scanner

Fingerprints
- Server
- Web Frameworks (CakePHP, CherryPy,…)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux, Unix,..)
- Language (PHP, Ruby,…)
- Cookie Security
Bruteforce
- Admin Interface
- Common Backdoors
- Common Backup Directory
- Common Backup File
- Common Directory
- Common File
- Log File
Disclosure
- Emails
- Private IP
- Credit Cards
Attacks
- HTML Injection
- SQL Injection
- LDAP Injection
- XPath Injection
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- PHP Code Injection
Other
- HTTP Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Web Dav
- Cross Site Tracing (XST)
- PHPINFO
- .Listing
Vulns
- ShellShock
- Anonymous Cipher (CVE-2007-1858)
- Crime (SPDY) (CVE-2012-4929)
- Struts-Shock

Using Spaghetti Web Application Security Scanner

root@darknet:~/Spaghetti# python spaghetti.py
_____ _ _ _ _
| __|___ ___ ___| |_ ___| |_| |_|_|
|__ | .

Read the rest of Spaghetti Download – Web Application Security Scanner now! Only available at Darknet.

Continue reading Spaghetti Download – Web Application Security Scanner→

Taringa Hack – 27 Million User Records Leaked

Posted on October 11, 2017 by Darknet

The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it’s not often covered in the Western media with it being a Latin American site (something like Reddit).

The leak happened in August and it seems like the hackers were able to brute force around 95% of the account passwords fairly quickly with Taringa using an outdated and flawing hashing algorithm – md5.

Read the rest of Taringa Hack – 27 Million User Records Leaked now! Only available at Darknet.

Continue reading Taringa Hack – 27 Million User Records Leaked→

A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

Posted on October 9, 2017 by Darknet

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

SSL Vulnerabilities Detected by A2SV

[CVE-2007-1858] Anonymous Cipher
[CVE-2012-4929] CRIME(SPDY)
[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack
[CVE-2016-0800] SSLv2 DROWN

Planned for future:

[PLAN] SSL ACCF
[PLAN] SSL Information Analysis

Installation & Requirements for A2SV

Read the rest of A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet.

Continue reading A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed→

VHostScan – Virtual Host Scanner With Alias & Catch-All Detection

Posted on October 8, 2017 by Darknet

VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

Features of VHostScan Virtual Host Scanner

Quickly highlight unique content in catch-all scenarios
Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time)
Identify aliases by tweaking the unique depth of matches
Wordlist supports standard words and a variable to input a base hostname (for e.g.

Read the rest of VHostScan – Virtual Host Scanner With Alias & Catch-All Detection now! Only available at Darknet.

Continue reading VHostScan – Virtual Host Scanner With Alias & Catch-All Detection→

Equifax Hack Blamed On Single Employee

Posted on October 5, 2017 by Darknet

We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn’t been patched.

Now it seems the CEO Rick Smith is basically placing the blame on a single employee that failed to pass a message on to the right people, rather than taking responsibility for an organisational failure. It’s also interesting there was a scheduled security scan not long after the flaw was disclosed and it wasn’t detected.

Read the rest of Equifax Hack Blamed On Single Employee now! Only available at Darknet.

Continue reading Equifax Hack Blamed On Single Employee→

LOIC Download – Low Orbit Ion Cannon DDoS Booter

Posted on October 3, 2017 by Darknet

LOIC Download below – Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#.

It’s an interesting tool in that it’s often used in what are usually classified as political cyber-terrorist attacks against large capitalistic organisations. The hivemind version gives average non-technical users a way to give their bandwidth as a way of supporting a cause they agree with.

Read the rest of LOIC Download – Low Orbit Ion Cannon DDoS Booter now! Only available at Darknet.

Continue reading LOIC Download – Low Orbit Ion Cannon DDoS Booter→