KeySweeper — Arduino-based Keylogger for Wireless Keyboards

Security researcher has developed a cheap USB wall charger that is capable to eavesdrop on almost any Microsoft wireless keyboard. MySpace mischief-maker Samy Kamkar has released a super-creepy keystroke logger for Microsoft wireless keyboards cunningly hidden in what appears to be a rather cheap...

ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com. Features Interactive Console: Type "help" to get a list of commands. Type "help command" to get a description/usage on specific command. crackpw This executes Nacho Barrientos Arias's PDFCrack tool by...

Heartbleed OpenSSL - Information Leak Exploit (1)

No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...

Ubuntu 14.04 LTS : OpenSSL regression (USN-2232-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2232-3 advisory. USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as...

Juniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities

The version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities : - The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to...

Medium: gnutls

Issue Overview: It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding...

CentOS Update for gnutls CESA-2013:0588 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

mcrypt 2.6.8 - Stack Buffer Overflow (PoC)

mcrypt 2.6.8 - Stack Buffer Overflow PoC !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when decryptin...

Windows Gather Local User Account Password Hashes (Registry)

This module will dump the local user accounts from the SAM database using the registry This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Gather Local User Account Passwo...

Know who you're dealing with

The EFF has some advice for interacting with border agents. First: don’t lie to them. This is a punishable crime regardless of whether you are lying to cover something up or not. It is always better to decline answering than it is to give a false answer. Don’t obstruct an Agent’s investigation or...

Design/Logic Flaw

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

Authentication flaw

The MS-Logon authentication scheme in UltraVNC aka Ultr@VNC 1.0.1 uses weak encryption XOR for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords...

ASPPortal 3.1.1 - 'downloadid' SQL Injection

!/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=21 Usage: aspp.pl use IO::Socket; use Math::BigInt; if@ARGV != 3 usage; else exploit; sub header print "\n- NukedX Securit...

CVE-2005-4860

Spectrum Cash Receipting System before 6.504 uses weak cryptography static substitution in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password...

CVE-2002-2133

CVE-2002-2133 describes a vulnerability in Telindus 1100 ADSL router firmware 6.0.x where weak encryption is used for UDP session traffic. This weakness could allow remote attackers to gain unauthorized access by sniffing and decrypting the administrative password. Documents do not provide remedi...

CVE-2002-2133

Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password...

bsd/x86 execve /bin/sh Crypt /bin/sh 49 bytes

Exploit for bsd/x86 platform in category shellcode ============================================= bsd/x86 execve /bin/sh Crypt /bin/sh 49 bytes ============================================= / Self decripting dec/inc shellcode executes /bin/sh Size 49 bytes OS BSD /rootteam/dev0id www.sysworld.net...

bsd/x86 execve /bin/sh Crypt /bin/sh 49 bytes

No description provided by source. / Self decripting dec/inc shellcode executes /bin/sh Size 49 bytes OS BSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short shellcode main: pop esi xor ecx,ecx mov cl,28 maindecript: inc byte esi+ecx loop maindecript inc byte esi push esi...

bsd/x86 - execve /bin/sh Crypt /bin/sh 49 bytes

bsd/x86 execve /bin/sh Crypt /bin/sh 49 bytes. Shellcode exploit for bsdx86 platform / Self decripting dec/inc shellcode executes /bin/sh Size 49 bytes OS BSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short shellcode main: pop esi xor ecx,ecx mov cl,28 maindecript: inc...