Category ArchiveExploits
Filed under: Defacements, Exploits, Hacktivism
posted by D1m on 05 Apr 2008
Jun 2007 – Feb 2008 U.S. Gov Website Defacements + Commentary
Below is a list of US governmental websites which were defaced by crackers – or elite hackers as the media would say – since 26th of June 07 until late February 2008. It is quite interesting to know that most of the security vulnerabilities affecting the following *.gov websites are known for some years now.
Filed under: Exploits, Penetration Testing, Security Tools
posted by D1m on 21 Aug 2007
TXDNS v2.1.5 – A Multithreaded Digger/Brute Forcer For DNS
Arley Silveira has released the 1 year anniversary version of TXDNS. Very soon he will release the version 2.2 of TXDNS.
This release implements DNS queries against multiple DNS servers, a more efficient threading algorithm and some minor bug fixes.
Filed under: Exploits, Penetration Testing, Security Tools
posted by D1m on 21 Aug 2007
SSHatter v0.2 – A Password Brute Forcer For SSH
Tim Brown from Nth Dimension has coded a cool password brute forcer for SSH called SSHatter.
It is multi threaded and can audit more than one system and account in a given session.
Filed under: Exploits, Penetration Testing, Security Articles
posted by D1m on 17 Mar 2007
Pen-Test Paper: How An Internal Network Becomes External
My friend SuRGeoN from Greece wrote a very interesting pen-test paper which explains how easy is to convert an internal network into an external with the port redirection technique. He demonstrates the attack scenarios – including network architecture diagrams – and goes into great technical details about them.
Filed under: Exploits, Phishing, XSS
posted by D1m on 15 Mar 2007
Internet Explorer 7: Phishing Using Local Resource Vulnerability
Aviv Raff has published on his blog an interesting proof of concept of the vulnerability affecting Internet Explorer v7: a cross-site scripting in the navcancl.htm local resource.
OWASP