MHA - Mail Header Analyzer

Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name | Dev | Issues ---|---|---...

Denial Of Service (DoS)

github.com/moby/moby formerly known as github.com/docker/docker is vulnerable to denial of service DoS attacks. These attacks are possible because the NewInputTarStream function in tar-split does not limit the number of \0's at the end of an archive, filling the RAM...

XSS Radar: Discover Cross Site Scripting with A Chrome Extension

PenTestIT RSS Feed If you remember, there used to an add-on for Firefox - XSS Me; which unfortunately no longer works out of the box for the latest versions of the browser. It was also a part of the Firefox Addons for helping you with web application penetration testing. We now have something...

BootStomp: Find Mobile Device Bootloader Vulnerabilities

PenTestIT RSS Feed Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads th...

Hydra 8.6 - Fast and Flexible Network Login Hacker

A very fast network logon cracker which supports many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and Medusa. Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of...

UPDATE: Luckystrike 2.0!

PenTestIT RSS Feed My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM...

Google Chrome V8 Private Property Arbitrary Code Execution

// Source: https://github.com/secmob/pwnfest2016/ function exploit function tohexnum return num0.toString16; function intarraytodoubleintarr var uBuf = new Uint32Array2; var dBuf = new Float64ArrayuBuf.buffer; uBuf0=intarr0; uBuf1=intarr1; return dBuf0; function strtodoublestr//leng of str must b...

Direct Memory Access Attack: PCILeech

Direct Memory Access Attack The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read...

Insecure Cipher

github.com/go-macaron/macaron uses an insecure cipher for AES keys. The library uses MD5 to create AES keys which is considered insecure since MD5 is vulnerable to rainbow table attacks...

Widespread Email Scam Targets Github Developers with Dimnie Trojan

Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest...

CUPS 2.0.3 - Remote Command Execution

CUPS 2.0.3 - Remote Command Execution !/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link: https://github.com/apple/cups/releases/tag/release-2.0.2 Version: 2.0....

AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...

Bulgaria passes Law that mandates Government Software must be Open Source

Do you have any idea what the software you have installed is doing stealthily in the background? If it's not an open source software, can you find out? Usually, the answer is no. After Edward Snowden’s revelations, it's clear that how desperately government agencies wants to put secret backdoors ...

Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution

-- coding: utf8 -- """ Exploit Title: Cuckoo Sandbox Guest XMLRPC Privileged RCE PoC Date: June 28th 2016 Exploit Author: Rémi ROCHER Vendor Homepage: https://cuckoosandbox.org/ Software Link: https://github.com/cuckoosandbox/cuckoo/archive/master.zip Version: = 2.0.1 Tested on: MS Windows 7, MS...

Armadito Antimalware - Backdoor/Bypass

Exploit for windows platform in category dos / poc / Exploit Title : Armadito antimalware - Backdoor/Bypass Date : 07-06-2016 DD-MM-YYYY Exploit Author : Ax. Vendor Homepage : http://www.teclib-edition.com/teclib-products/armadito-antivirus/ Software Link : https://github.com/41434944/armadito-av...

Armadito Antimalware - Backdoor AccessBypass

Armadito Antimalware - Backdoor AccessBypass / Exploit Title : Armadito antimalware - Backdoor/Bypass Date : 07-06-2016 DD-MM-YYYY Exploit Author : Ax. Vendor Homepage : http://www.teclib-edition.com/teclib-products/armadito-antivirus/ Software Link : https://github.com/41434944/armadito-av Versi...

XSS Hunter is Now Open Source – Here’s How to Set It Up!

Recently I opened up XSS Hunter for public registration, this was after publishing a post on how I used XSS Hunter to hack GoDaddy via blind XSS and pointed out that many penetration testers use a very limited alert box-based pentesting methodology which will not detect these types of issues. Aft...

Warning about NPM modules | Cloud Foundry

Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...

PictureTrails Photo Editor GE.exe 2.0.0 - .bmp Crash (PoC)

PictureTrails Photo Editor GE.exe 2.0.0 - .bmp Crash PoC Exploit Title: PictureTrail Photo Editor GE.exe 2.00 - ./bmp Crash PoC Date: 01-03-2016 Exploit Author: redknight99 Vendor Homepage: http://www.picturetrail.com/ Software Link: http://www.picturetrail.com/downloads/photoeditor200.exe Versio...

Open Audit SQL Injection

Exploit Title : Open AuditGPL version SQL injection vulnerability Author : WICS Date : 9/12/2015 Software Link : https://github.com/jonabbey/open-audit Overview: deletemissedaudit.php is accessible without authentication and GET Method parameter pc is not getting filter before passing to SQL quer...