Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

A FrameWork For NoSQL Scanning, Enumeration and Exploitation. NoSQL Databases are schema less databases. They were invented to store data easily and flexibly. NoSQL Databases have gained popularity and its security has always been under the scanner. The NoSQL Exploitation Framework focuses...

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...

oclHashcat v1.20 - Worlds fastest password cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...

[Racfsnow] Password cracker for RACF (IBM mainframe)

RACFSNOW is a highly optimised PC program for performing a dictionary attack against a RACF database, with the option of using a database unload IRRDBU00 to validate the User IDs to attack. It uses an ini file to control various parameters to enable focusing the attack on certain user IDs and or...

Seagate BlackArmor权限提升漏洞

No description provided by source. ?php Seagate Black Armor Exploit by J. Diel [email protected] Public Release v0.2 abstract class MD5Decryptor abstract public function probe$hash; public static function plain$hash, $class = NULL if $class === NULL $class = getcalledclass; else $class =...

IBM Lotus Notes Sametime User Enumeration

This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack which is preferred, or a bruteforce attack trying all usernames of MAXDEPTH length or less. This module requires Metasploit: https://metasploit.com/download Current source:...

UPC Ireland Cisco EPC 2425 Router / Horizon Box

Exploit for hardware platform in category web applications The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: • Random • A to Z Uppercase only • 8...

UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information

UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category:...

UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information

Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category: Remote Tested on: Cisco EPC 2425 / Horizon Box The Cisco EPC 2425 routers...

FTP 弱密码 PoC

当网络上的主机提供匿名FTP服务时，用户则可以通过anonymous/空、FTP/FTP、USER/pass等匿名账号登陆到这些FTP服务器。 如果 FTP 服务使用了弱密码，攻击者可以加载字典文件猜解密码。 攻击者可以通过该漏洞获取主机文件系统信息。...

CVE-2013-5097

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, a...

Design/Logic Flaw

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, a...

CVE-2013-5097

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, a...

[TXDNS v 2.2.1] Aggressive multithreaded DNS digger

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques: -- Typos: Mised, doouble and transposde keystrokes; -- TLD/ccSLD rotation; -- Dictionary...

Cisco CallManager vulnerable to brute force attack

Roberto Suggi Liverani, founder of the OWASP Open Web Application Security Project New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog "During a...

Splunk - Remote Command Execution

Splunk - Remote Command Execution from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: http://www.sec-1.com/blog/?p=233...

Splunk Remote Root Exploit

Exploit for multiple platform in category remote exploits from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source:...

Splunk - Remote Command Execution

from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: http://www.sec-1.com/blog/?p=233 Splunk remote root exploit. Author...

Cain & Abel v4.9.39 updated version Download !

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords,...

CVE-2009-2818

Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack aka dictionary attack...