CVE-2026-34227 Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...

CVE-2026-34227

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...

LDAPWordlistHarvester - A Tool To Generate A Wordlist From The Information Present In LDAP, In Order To Crack Passwords Of Domain Accounts

A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be. x Creates a wordlist based on the following information found in the LDAP: x User : name and...

Certsync - Dump NTDS With Golden Certificates And UnPAC The Hash

certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI : it uses golden certificate and UnPAC the hash. It works in several steps: 1. Dump user list, CA informations and CRL from LDAP 2. Dump CA certificate and private key 3. Forge offline a certificate for ever...

Graphcat - Generate Graphs And Charts Based On Password Cracking Result

Simple script to generate graphs and charts on hashcat and john potfile and ntds Install git clone https://github.com/Orange-Cyberdefense/graphcat cd graphcat pip install . Helper $ graphcat.py -h usage: graphcat.py -h -potfile hashcat.potfile -hashfile hashfile.txt -john -format FORMAT...

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...

NTDS Grabber

This module uses a powershell script to obtain a copy of the ntds,dit SAM and SYSTEM files on a domain controller. It compresses all these files in a cabinet file called All.cab. This module requires Metasploit: https://metasploit.com/download Current source:...

DPAT - Domain Password Audit Tool for Pentesters

This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links. You can run the...

Domain Password Audit Tool: DPAT

Domain Password Audit Tool This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with...

VSS Errors Related to the 'NTDS' VSS Writer

Challenge This article discusses an error that occurs due to VSS and Veeam's Guest Processing technique for Domain Controllers. It is relevant to all backup jobs for both virtual and physical Domain Controllers. A job processing a Domain Controller with Application-Aware Processing fails with one...

NTDS - SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

NTDS WebStudio SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...