SSH 弱口令 PoC

SSH 默认没有限制连接次数，可以加载字典文件进行密码猜解。 常用的用户名： root, admin, test, user 常用的密码： '', 'test', '123456', 'password', 'root', 'admin'...

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

lib32-krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

krb5 -- requires_preauth bypass in PKINIT-enabled KDC

MIT reports: In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an...

Aircrack-ng 1.2 RC 2 - WEP and WPA-PSK keys cracking program

Here is the second release candidate. Along with a LOT of fixes, it improves the support for the Airodump-ng scan visualizer. Airmon-zc is mature and is now renamed to Airmon-ng. Also, Airtun-ng is now able to encrypt and decrypt WPA on top of WEP. Another big change is recent version of GPSd now...

Fast Password Cracker: John the Ripper

Fast Password Cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix 11 are officially supported, not counting different architectures, Windows, DOS, BeOS, and OpenVMS the latter requires a contributed patch. Its primary purpose is to detect weak Unix...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

Exploit for hardware platform in category dos / poc Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Category: Remote...

Sky Broadband Router SR101 Weak WPA-PSK Generation Algorithm

Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Category: Remote Tested on: Sky SR101 Router The SR101 routers supplie...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Categor...

ODAT - Oracle Database Attacking Tool

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that test the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a val...

Microsoft IIS 5 User Existence Disclosure Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7492/info Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS will generate an...

Splunk Remote Root Exploit

No description provided by source. from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys Source: http://www.sec-1.com/blog/?p=233...

WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo --------------------------------------------------------------------\r\n; echo | WordPress = 2.0.2 'cache' shell injection exploit |\r\n; echo | by rgod [email protected] |\r\n; echo | site:...

Microsoft IIS 5 User Existence Disclosure Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7492/info Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS will generate an...

phpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool (updated)

No description provided by source. !/usr/bin/perl Title: PhpBB = 2.0.18 Remote Bruteforce/Dictionary Attack Tool Type: Bruteforce / Dictionary attack New demo: http://rapidshare.de/files/13694254/phpbbbtr.avi.html 1.06 mb Php Email Script data: ? mail$destinataire, $objet, $contenu, From:...

Check Point Software Firewall-1 3.0/1 4.0/1 4.1 Session Agent Dictionary Attack (1)

No description provided by source. source: http://www.securityfocus.com/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing...

UPC Ireland Cisco EPC 2425 Router / Horizon Box

No description provided by source. Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category: Remote Tested on: Cisco EPC 2425 / Horizon B...

Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit

No description provided by source. / Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================= / / By B-r00t / / / / In response to the Kerio Mailserver vulnerabilities / / discovered by David F.Madrid. / / / / Although this exploit requires valid...

Check Point Software Firewall-1 3.0/1 4.0/1 4.1 Session Agent Dictionary Attack (2)

No description provided by source. source: http://www.securityfocus.com/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing...