Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry

Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...

openSUSE: Security Advisory for gssntlmssp (openSUSE-SU-2023:0048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ShadowSpray - A Tool To Spray Shadow Credentials Across An Entire Domain In Hopes Of Abusing Long Forgotten GenericWrite/GenericAll DACLs Over Other Objects In The Domain

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements I see in BloodHound that the group "Everyone" / "Authenticated Users" / "Domain Users" or some other...

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...

Assless-Chaps - Crack MSCHAPv2 Challenge/Responses Quickly Using A Database Of NT Hashes

Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes Introduction Assless CHAPs is an efficient way to recover the NT hash used in a MSCHAPv2/NTLMv1 exchange if you have the challenge and response e.g. from a WiFi EAP WPE attack. It requires a database of NT hashes,...

Ubiquiti Inc.: Remote Code Execution at http://tw.corp.ubnt.com

The researcher found a Command Injection in tw.corp.ubnt.com. While hunting i came across a host of Ubiquiti Networks tw.corp.ubnt.com , when i browsed to http://tw.corp.ubnt.com there was Dir listing enabled which contained various sensitive information. This was reported to Ubiquiti Team. Howev...

SuSE 10 Security Update : samba (ZYPP Patch Number 2556)

A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. CVE-2007-0452 In addition the following changes are included with these packages : - Move tdb utils to the client package. - The version string of binaries reported by the -V option now include the packag...

openSUSE 10 Security Update : samba (samba-2553)

A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon CVE-2007-0452. In addition the following changes are included with these packages : - Move tdb utils to the client package. - Add version of the package subversion to Samba vendor version suffix. - Fix tim...