Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Piwigo CVE-2023-26876 Gather Credentials via SQL Injection ', 'Description' = %q This module allows an authenticated user to retrieve the usernam...

User scoped external storage can be used to gather credentials of other users

None...

SharpSCCM - A C# Utility For Interacting With SCCM

SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager a.k.a. ConfigMgr, formerly SCCM for lateral movement and credential gathering without requiring access to the SCCM administration console GUI. SharpSCCM was initially created to execute user huntin...

Windows Live Mail Credential Gatherer

This module searches for Windows Live Mail credentials on a Windows host. Module Options msf use post/windows/gather/credentials/windowslivemail msf postwindowslivemail show actions ...actions... msf postwindowslivemail set ACTION msf postwindowslivemail show options ...show and set options... ms...

Miranda Credential Gatherer

This module searches for Miranda credentials on a Windows host. Module Options msf use post/windows/gather/credentials/miranda msf postmiranda show actions ...actions... msf postmiranda set ACTION msf postmiranda show options ...show and set options... msf postmiranda run This module requires...

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

This is Part I of a two-part blog series taking readers inside the criminal enterprise that is account-takeover fraud. For part II, please click here. With account takeover ATO attacks on the rise, stopping threat actors in the early phases of the kill chain will help today’s defenders gain an...

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat APT group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espiona...

CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks and auto-injecting Mimikatz into memory using Powershell! The biggest improvements over the above tools are: Pure...

Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery

Exploit Title: Dell SonicWALL Secure Remote Access SRA Appliance Cross-Site Request Forgery Date: 04/28/2015 Exploit Author: Veit Hailperin Vendor Homepage: www.dell.com Version: Dell SonicWALL SRA 7.5 prior to 7.5.1.0-38sv and 8.0 prior to 8.0.0.1-16sv CVE : 2015-2248 Exploitation Procedure...