18 matches found
Black-Oracle
🖤 BLACK ORACLE 🖤 «The Eye That Sees Through Digital...
Emotet's Thanksgiving Campaign Delivers New Recipes for Compromise
Emotet, the seemingly ubiquitous banking trojan, has turned up again after a small hiatus, this time as the anchor in a Thanksgiving-themed campaign that cranked up in the U.S. this week. It has also upgraded its capabilities with new tactics and modules, which has boosted its efficacy, according...
Emotet Campaign Ramps Up with Mass Email Harvesting Module
A large-scale spam campaign has launched, spreading the Emotet banking trojan. Worryingly, the offensive has launched about a week after a fresh module for mass email-harvesting was detected for the malware. Emotet is technically a banking trojan, but it’s most often used as a dropper for a varie...
Anatomy of a sextortion scam
This blog was written by Jaeson Schultz. Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a public...
HackerOne: Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature
Hi HackerOne, Summary: I have found a way that it is possible to harvest all private invitation using the new Leave Program feature together with the security@ email forwarding feature without any user interaction. --- Description: First, when the program activated the security@ email forwarding ...
ODIN - Tool For Automating Penetration Testing Tasks
ODIN is made possible through the help, input, and work provided by others. Therefore, this project is entirely open source and available to all to use/modify. All this developer did was assemble the tools, convert some of them to Python 3, and stitch them together into an all-in-one toolkit. Wha...
Traditional OSINT Swiss Army Knife: Belati
Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...
Belati - The Traditional Swiss Army Knife for OSINT
Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...
Legal Robot: https://www.legalrobot.com/
Hello, I found a info disclosure vulnerability. We can enumerate emails via userid parameter from Manage users. And I found that : [email protected] [email protected] [email protected] [email protected] [email protected] I attached photos from burp repeater to be more explici...
Gratipay: An adversary can harvest email address for spamming.
The website is displaying email address. These email address can be harvested by automated programs called bots and then used as a target for spamming. 1. Use any Email extractor tool or Add on. Here I have used Chrome Email Extractor Add on offered by Mr. Alien. 2. In Browser open...
Yelp: Information disclosure - emails disclosed in response > staging.seatme.us
Hello, I found a info disclosure vulnerability. We can enumerate emails via userid parameter from Manage users. And I found that : ID 1 is ██████ ID 514755 is ████████ ID 514775 is █████ ID 514764 is ███████ I attached photos from burp repeater to be more explicit. We can easily bruteforce userid...
[Scythe Framework] Harvest Profile Id And Email
In this video i will show you how to use Scythe Framework for Harvesting a Email ID and other usernames from blogs, social-media, etc .. I personally like this tool because,online there's tons of tools available for Email ID harvesting but this one is great .... right now only supports two Mail...
JIRA REST API makes it easy to harvest email addresses
The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...
Code Widget SpiderTrap-Spider,Robot / Harvester Blocking SQL injection
Exploit for asp platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Web Server Harvested Email Addresses
Nessus harvested HREF mailto: links and extracted email addresses by crawling the remote web server. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid49705; scriptversion"1.7"; scriptcvsdate"Date: 2018/05/24 13:59:31"; scriptnameenglish:"Web Server Harvested Email...
The Business of Phishing
Today I got a ‘Anti-virus notification message’ from our mail server protected by kav4lms so naturally I was interested in what the content was. Examining the quarantined mail on the server revealed some interesting details starting from the mail header itself. These ‘phish kits’ are archives whi...
CVE-2000-0960
The vulnerability CVE-2000-0960 affects Netscape Messaging Server 4.15p1: the POP3 server exposes user enumeration by returning different error messages for incorrect usernames versus incorrect passwords, enabling an attacker to determine valid accounts and harvest email addresses. The connected ...
Netscape Messaging server 4.15 poor error strings
Hello, I have searched for anything regarding this problem, and haven't found anything so I apologize if this has already been covered. I am dealing with Netscape Messaging Server aka Iplanet Messaging server 4.15p1 mar 15 2000. The problem is that the POP3 server displays a different message for...