Exploits/Vulnerabilities – Page 4

Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

Posted on March 17, 2017 by Darknet

We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject commands into a Ubiquiti device which surprise, surprise, runs the web service as root. Apparently, they also got scammed […]

The post Ubiquiti Wi-Fi…

Read the full post at darknet.org.uk

Continue reading Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version→

Powerfuzzer – Automated Customizable Web Fuzzer

Posted on March 13, 2017 by Darknet

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be… Continue reading Powerfuzzer – Automated Customizable Web Fuzzer→

Another MongoDB Hack Leaks Two Million Recordings Of Kids

Posted on March 1, 2017 by Darknet

No surprises here, but there’s been another big MongoDB hack and from the looks of it, it’s been owned for quite some time. This time 2 million records from over 820,000 accounts have been leaked due to yet another default MongoDB installation with no authentication listening on the public IP address. The terrible part is, […]

The post…

Read the full post at darknet.org.uk

Continue reading Another MongoDB Hack Leaks Two Million Recordings Of Kids→

ShellNoob – Shellcode Writing Toolkit

Posted on February 24, 2017 by Darknet

ShellNoob is a Python-based Shellcode writing toolkit which removes the boring and error-prone manual parts from creating your own shellcodes. Do note this is not a shellcode generator or intended to replace Metasploit’s shellcode generator, it’s designed to automate the manual parts of shellcode creation like format conversion, compilation and…

Read the full post at darknet.org.uk

Continue reading ShellNoob – Shellcode Writing Toolkit→

crackle – Crack Bluetooth Smart Encryption (BLE)

Posted on February 20, 2017 by Darknet

crackle is a tool to crack Bluetooth Smart Encryption (BLE), it exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers. crackle can guess or very quickly brute force the TK (temporary k… Continue reading crackle – Crack Bluetooth Smart Encryption (BLE)→

160,000 Network Printers Hacked

Posted on February 8, 2017 by Darknet

It’s a pretty simple hack (in a rather grey-hat fashion), but it’s getting a LOT of media coverage and 160,000 network printers hacked just goes to show once again the whole Internet of Things chapter we are entering is pretty scary. Definitely a neat hack tho, utilising the mass scanning power of Zmap and scanning […]

The post 160,000…

Read the full post at darknet.org.uk

Continue reading 160,000 Network Printers Hacked→

OWASP VBScan – vBulletin Vulnerability Scanner

Posted on January 27, 2017 by Darknet

OWASP VBScan short for vBulletin Vulnerability Scanner is an open-source project in Perl programming language to detect VBulletin CMS vulnerabilities and analyse them. Features VBScan currently has the following: Compatible with Windows, Linux & OSX Up to date exploit database Full path disclosure Firewall detect & bypass Version check…

Read the full post at darknet.org.uk

Continue reading OWASP VBScan – vBulletin Vulnerability Scanner→

p0wnedShell – PowerShell Runspace Post Exploitation Toolkit

Posted on January 13, 2017 by Darknet

p0wnedShell is an offensive PowerShell Runspace Post Exploitation host application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a PowerShell run space environment (.NET). It has a lot of offensive… Continue reading p0wnedShell – PowerShell Runspace Post Exploitation Toolkit→

nishang – PowerShell For Penetration Testing

Posted on October 17, 2016 by Darknet

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the… Continue reading nishang – PowerShell For Penetration Testing→

Mirai DDoS Malware Source Code Leaked

Posted on October 5, 2016 by Darknet

So there’s been some HUGE DDoS attacks going on lately, up to 620Gbps and the Mirai DDoS Malware has been fingered – with the source code also being leaked. It’s spreading like wildfire too, and the scariest thought? All that was really needed to construct it was a telnet scanner and a list of default […]

The post Mirai DDoS Malware Source…

Read the full post at darknet.org.uk

Continue reading Mirai DDoS Malware Source Code Leaked→