Collaborate Disseminate
Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation [crayon-58d574f29c045430221660/] Then you can run the configure file: [crayon-58d574f29c058368581278/] Then: [crayon-58d574f29c… Continue reading Kadimus – LFI Scanner & Exploitation Tool
LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]
The post LastPass Leaking…
Read the full post at darknet.org.uk
Continue reading LastPass Leaking Passwords Via Chrome Extension
SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. The tool can find and decrypt saved session inf… Continue reading SessionGopher – Session Extraction Tool
SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. The tool can find and decrypt saved session inf… Continue reading SessionGopher – Session Extraction Tool
We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject commands into a Ubiquiti device which surprise, surprise, runs the web service as root. Apparently, they also got scammed […]
The post Ubiquiti Wi-Fi…
Read the full post at darknet.org.uk
Continue reading Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version
Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be… Continue reading Powerfuzzer – Automated Customizable Web Fuzzer
Angry IP scanner is a very easy to use, fast network scanner – basically a cross-platform IP address and port scanner. It can scan IP addresses in any range as well as any their ports, it’s also very lightweight and doesn’t require any installation, it can be freely copied and used anywhere. Angry IP scanner […]
The post Angry IP Scanner…
Read the full post at darknet.org.uk
WikiLeaks has dropped another massive bomb called “Vault7“, basically a massive CIA leak which covers documents, correspondence, hacking tools, exploits and much more. It details sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Smart TVs. The first installment published already contains…
Read the full post at darknet.org.uk
Continue reading WikiLeaks Exposes Massive CIA Leak Including Hacking Tools
mongoaudit is a CLI tool for MongoDB auditing of servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called…
Read the full post at darknet.org.uk
Continue reading mongoaudit – MongoDB Auditing & Pen-testing Tool
No surprises here, but there’s been another big MongoDB hack and from the looks of it, it’s been owned for quite some time. This time 2 million records from over 820,000 accounts have been leaked due to yet another default MongoDB installation with no authentication listening on the public IP address. The terrible part is, […]
The post…
Read the full post at darknet.org.uk
Continue reading Another MongoDB Hack Leaks Two Million Recordings Of Kids