Lucene search
K

46 matches found

GithubExploit
GithubExploit
added 2025/09/04 12:17 a.m.208 views

Penetration-Testing-on-Metasploitable2

Penetration-Testing-on-Metasploitable2...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.230 views

Microsoft SQL Server NTLM Stealer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2024/01/29 5:8 p.m.504 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2023-35636 Microsoft Outlook Information Disclosure Vulner...

6.5CVSS6.8AI score0.17559EPSS
Exploits1
Kitploit
Kitploit
added 2023/12/13 11:30 a.m.42 views

Osx-Password-Dumper - A Tool To Dump Users'S .Plist On A Mac OS System And To Convert Them Into A Crackable Hash

  OSX Password Dumper Script Overview A bash script to retrieve user's .plist files on a macOS system and to convert the data inside it to a crackable hash format. to use with John The Ripper or Hashcat Useful for CTFs/Pentesting/Red Teaming on macOS systems. Prerequisites The script must be ru...

7.2AI score
Exploits0References1
Packet Storm
Packet Storm
added 2023/04/10 12:0 a.m.253 views

Franklin Fueling Systems TS-550 Information Disclosure

Exploit Title: Franklin Fueling Systems TS-550 - Exploit and Default Password Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks an...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/06 12:0 a.m.4 views

The vulnerability of the pcapngoptionwalk function in the hcxpcapngtool.c component of the WiFi dump file conversion software, which converts cap/pcap/pcapng files into hashcat and John the Ripper Hcxtools formats. This vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the pcapngoptionwalk function in the hcxpcapngtool.c component of the WiFi dump file conversion software, which converts WiFi cap/pcap/pcapng files into hashcat and John the Ripper format, is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker...

9.3CVSS7.5AI score0.01029EPSS
Exploits1References5Affected Software2
Metasploit
Metasploit
added 2021/05/04 5:41 p.m.783 views

UNIX Gather Cached AD Hashes

Post Module to obtain all cached AD hashes on the targeted UNIX machine. These can be cracked with John the Ripper JtR. Module Options msf use post/multi/gather/unixcachedadhashes msf postunixcachedadhashes show actions ...actions... msf postunixcachedadhashes set ACTION msf postunixcachedadhashe...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2019/09/23 2:7 p.m.72 views

Exploit for OS Command Injection in Webmin

Make-and-Break Create and exploit a vulnerable Virtual Mac...

10CVSS9.5AI score0.99766EPSS
Exploits37
Metasploit
Metasploit
added 2019/05/31 4:18 p.m.105 views

Password Cracker: Linux

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from unshadowed passwd files from Unix/Linux systems. The module will only crack MD5, BSDi and DES implementations by default. However, it can also crack Blowfish and SHA256/512, but it is much slower...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/05/31 4:18 p.m.77 views

Password Cracker: Webapps

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from various web applications. Atlassian uses PBKDF2-HMAC-SHA1 which is 12001 in hashcat. PHPass uses phpass which is 400 in hashcat. Mediawiki is MD5 based and is 3711 in hashcat. Apache Superset, some...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/05/31 4:18 p.m.37 views

Password Cracker: AIX

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from passwd files on AIX systems. These utilize DES hashing. DES is format 1500 in Hashcat. This module requires Metasploit: https://metasploit.com/download Current source:...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/05/31 4:18 p.m.40 views

Password Cracker: Databases

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from the mssqlhashdump, mysqlhashdump, postgreshashdump, or oraclehashdump modules. Passwords that have been successfully cracked are then saved as proper credentials. Due to the complexity of some of t...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/05/31 4:18 p.m.110 views

Password Cracker: Windows

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from Windows systems. LANMAN is format 3000 in hashcat. NTLM is format 1000 in hashcat. MSCASH is format 1100 in hashcat. MSCASH2 is format 2100 in hashcat. NetNTLM is format 5500 in hashcat. NetNTLMv2 ...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/02/03 3:17 p.m.66 views

Apply Pot File To Hashes

This module uses a John the Ripper or Hashcat .pot file to crack any password hashes in the creds database instantly. JtR's --show functionality is used to help combine all the passwords into an easy to use format. This module requires Metasploit: https://metasploit.com/download Current source:...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/01/25 7:7 p.m.73 views

John the Ripper Windows Password Cracker (Fast Mode)

This module uses John the Ripper to identify weak passwords that have been acquired as hashed files loot or raw LANMAN/NTLM hashes hashdump. The goal of this module is to find trivial passwords in a short amount of time. To crack complex passwords or use large wordlists, John the Ripper should be...

7AI score
Exploits0
Metasploit
Metasploit
added 2018/05/30 12:0 a.m.33 views

John the Ripper Password Cracker (Fast Mode)

This module uses John the Ripper to identify weak passwords that have been acquired as hashed files loot or raw LANMAN/NTLM hashes hashdump. The goal of this module is to find trivial passwords in a short amount of time. To crack complex passwords or use large wordlists, John the Ripper should be...

1.1AI score
Exploits0
Kitploit
Kitploit
added 2018/01/22 1:5 p.m.112 views

SNMP-Brute - Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script

SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Requirements metasploit snmpwalk snmpstat john the ripper Usage python snmp-brute.py -t IP Options --help, -h show...

7.3AI score
Exploits0References1
n0where
n0where
added 2018/01/01 7:9 p.m.105 views

A Deep Learning Approach for Password Guessing: PassGAN

State-of-the-art password guessing tools, such as HashCat and John the Ripper JTR, enable users to check billions of passwords per second against password hashes. In addition to straightforward dictionary attacks, these tools can expand dictionaries using password generation rules. Although these...

7.1AI score
Exploits0References3
pentestit
pentestit
added 2017/10/25 5:49 a.m.204 views

P4wnP1: A Open Source USB Attack Platform

PenTestIT RSS Feed As of now, hardware security projects seem to be attracting me more than software based projects. Evidently, I wrote a few posts covering them - List of Portable Hardware Devices for Penetration Testing, List of Raspberry Pi DIY Projects for Anonymity, etc. among other awesome...

6.8AI score
Exploits0
rapid7community
rapid7community
added 2017/03/21 3:3 p.m.59 views

Combining Responder and PsExec for Internal Penetration Tests

By Emilie St-Pierre, TJ Byrom, and Eric Sun Ask any pen tester what their top five penetration testing tools are for internal engagements, and you will likely get a reply containing nmap, Metasploit, CrackMapExec, SMBRelay and Responder. An essential tool for any whitehat, Responder is a Python...

7.7AI score
Exploits0
Rows per page
Query Builder