340 matches found
TeamViewer Flaw in Windows App Allows Password-Cracking
Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. TeamViewer is a proprietary software application...
KITT-Lite
This is an offensive tool for wireless network exploitation. It is a collection of scripts and tools for various wireless-related tasks, including wireless network scanning, device identification, and password cracking. The toolset includes scripts for tasks such as: Wireless network scanning usi...
Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but...
Cross site request forgery (csrf)
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either...
CVE-2020-14489 OpenClinic GA
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques...
Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly
Docker for pentest is an image with the more used tools to create an pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB Hack the Box vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzd...
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...
OpenClinic GA suffers from an unspecified vulnerability (CNVD-2021-17436)
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A security vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which can be exploited by an attacker...
Baselining PassGAN: Adventures in the rhubarb
Cracking is a complex topic full of misunderstandings, confusing terminology and weird people. This blog post is front-loaded with some terminology, some explanations, and maybe some apologies. Password cracking: This is fundamentally one thing: guessing. Were not reversing, or talking to spirits...
Viber URI Handling Vulnerability
Viber is a suite of cross-platform instant messaging software. A security vulnerability exists in Viber versions prior to 13.2.0.39 Windows that stems from not properly referencing its custom URI handler. An attacker can exploit the vulnerability by leveraging a malicious website that causes a us...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline
This Script Supports Only Zip File in This Version You Can Also Use This Script With crunch Cross-platform Supported Usage: zipcracker.py options Options: --version show program's version number and exit -h, --help show this help message and exit -f FILENAME, --file=FILENAME Please Specify Path o...
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...
Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs
Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking...
Plone has an unspecified vulnerability
Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone versions 4.3 through 5.2.0, which stems from the program's lack of password strength checking. An attacker can exploit this vulnerability to crack passwords...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability
Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...
CVE-2020-3923
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system...
Hashcracker - Python Hash Cracker
Supportedhashing algorithms: SHA512, SHA256, SHA384, SHA1, MD5 Features: auto detection of hashing algorithm based on length not recommended, bruteforce, password list Arguments: type: hash algorithm must be one of the supported hashing algorithms mentioned above or AUTO if you want to use...
PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator
PCFG = Probabilistic Context Free Grammar PCFG = Pretty Cool Fuzzy Guesser In short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords honeywords, or help develop better password strength...
Logic Flaw Vulnerability in the Backend Management Login Interface of Angel School Training Website System
Angel school training website system is an open source website management system. Angel school training website system back-end management login interface has a logic flaw vulnerability that can be exploited by an attacker to violently break the administrator's password...