131 matches found
Hashcat Advanced Password Recovery 7.1.2 Source Code
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code...
Exploit for SQL Injection in 10Web Photo_Gallery
CVE-2022-0169 — WordPress Photo Gallery SQLi PoC This is a si...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2025-24071-POC-NTLMHashDisclosure - Triggers automatic SMB...
Wordpress Secure Copy Content Protection And Content Locking Sccp_id Unauthenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Secure Copy Content Protection and Content Locking sccpid Unauthenticated SQLi', 'Description' = %q Secure Copy Content Protection and...
LDAPWordlistHarvester - A Tool To Generate A Wordlist From The Information Present In LDAP, In Order To Crack Passwords Of Domain Accounts
A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be. x Creates a wordlist based on the following information found in the LDAP: x User : name and...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulner...
Osx-Password-Dumper - A Tool To Dump Users'S .Plist On A Mac OS System And To Convert Them Into A Crackable Hash
OSX Password Dumper Script Overview A bash script to retrieve user's .plist files on a macOS system and to convert the data inside it to a crackable hash format. to use with John The Ripper or Hashcat Useful for CTFs/Pentesting/Red Teaming on macOS systems. Prerequisites The script must be ru...
Graphcat - Generate Graphs And Charts Based On Password Cracking Result
Simple script to generate graphs and charts on hashcat and john potfile and ntds Install git clone https://github.com/Orange-Cyberdefense/graphcat cd graphcat pip install . Helper $ graphcat.py -h usage: graphcat.py -h -potfile hashcat.potfile -hashfile hashfile.txt -john -format FORMAT...
all user password hash is disclosed
Proof of Concept login to admin account and then visit https://demo.pimcore.fun/admin/customermanagementframework/customers/detail?id=1016&filteroperator-customer=AND&filteroperator-segments=AND&filtershowSegments0=832&filtershowSegments1=833&filtershowSegments2=874&filterDefinitionid=1 able to...
DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts
DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...
Exploit for SQL Injection in Wordpress
SSI-CVE-2022-21661 Information System's Security 2nd Assignme...
PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...
[Security Nation] Jeremi Gosney on the Psychology of Password Hygiene
!\Security Nation\ Jeremi Gosney on the Psychology of Password Hygienehttps://blog.rapid7.com/content/images/2022/10/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod talk to renowned password security expert Jeremi Gosney about how we are all guilty of bad password...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
Design/Logic Flaw
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
CVE-2022-37164 affects Inoda OnTrack version 3.4. The issue is a weak password policy that enables brute-force access and password hashes stored without salt or pepper, making cracking with tools like hashcat feasible. This combination creates a risk of unauthorized access to the application. The...
CVE-2022-37163
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
OnTrack 安全漏洞
OnTrack is a simple self-hosted budget application from the individual developer Isaac Noda. OnTrack version v3.4 suffers from a security vulnerability that stems from the use of a weak password policy that allows an attacker to potentially gain unauthorized access to the application through brut...
IHateToBudget 安全漏洞
IHateToBudget is a simple web application by the individual developer Bryton Lacquement in France. Used to understand and control your expenses. A security vulnerability exists in IHateToBudget v1.5.7 that stems from the use of a weak password policy that allows an attacker to potentially gain...
Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security
A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn't be here open an issue Books Hash...