Pentester

How-To: Cloud Cracker

1) Create AWS EC2 Instance
2) Choose p3.16xlarge
3) Install nVidia drivers
4) Install Hashcat
5) Crack Password Hashes

Alt) Choose an upToDate AMI from nVidia in the AWS Marketplace that already has nvidia drivers & configs installed. Then install Hashcat.

60 views04:05

GitHub - 0xInfection/Awesome-WAF: 🔥 A curated list of awesome web-app firewall (WAF) stuff.
https://github.com/0xInfection/Awesome-WAF

GitHub - 0xInfection/Awesome-WAF: Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥 - 0xInfection/Awesome-WAF

77 views05:27

Need to steal the password to a wireless network? Have access to Windows 8 or 10 box?

1) netsh wlan show profiles
2) netsh wlan show profile name=WIFI_NAME key=clear
3) Look for the “Key Content” line, the cleartext password will be there.

69 views12:40

Wireshark 3.0.0 Released! https://t.co/B9lA0GdpzC

62 views07:16

Wordpress Scanners collection:-
https://t.co/q3s23QBKp2
https://t.co/8cPeIHZJ3i
https://t.co/7e0Bi62JWN
https://t.co/MPgMWMiWkI
https://t.co/DoYZuEuT6M
https://t.co/GaZAmoguiH

WPSeku - Wordpress Security Scanner . Contribute to m4ll0k/WPSeku development by creating an account on GitHub.

m4ll0k/WPSeku

67 viewsedited 07:22

Day 59: Windows API for Pentesting (Part 1) – int0x33 – Medium
https://medium.com/@int0x33/day-59-windows-api-for-pentesting-part-1-178c6ba280cb

Day 59: Windows API for Pentesting (Part 1)

What is the Windows API?

60 views07:28

Analyzing a Windows DHCP Server Bug (CVE-2019-0626)

Analyzing a Windows DHCP Server Bug (CVE-2019-0626) - MalwareTech
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html

Malwaretech

Today I’ll be doing an in-depth write up on CVE-2019-0626, and how to find it. Due to the fact this bug only exists on Windows Server, I’ll be using a Server 2016 VM (corresponding patch is KB4487026).

Note: this bug was not found by me, I reverse engineered…

62 views18:55

Raz0r.name — Web Application Security

Arbitrary File Reading in Next.js < 2.4.1 – Arseny Reutov – Medium
https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/

Arbitrary File Reading in Next.js < 2.4.1 | Raz0r — Web3 Security

Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into server's code, a list of internal routes drew my attention: defineRoutes()…

55 views18:57

Released a very special v2.18 - "Jackass" bettercap

https://t.co/I89btKAe4y

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks. - bettercap/bettercap

bettercap/bettercap

54 views08:40

File upload vulnerability scanner and exploitation tool.
https://t.co/JoQu6EQz6Y

File upload vulnerability scanner and exploitation tool. - almandin/fuxploider

almandin/fuxploider

51 views07:52

Credentials & lateral movement

findstr /si password *.txt
findstr /si password *.xml
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /spin "password" *.*
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s

54 views18:48

GitHub - Pure-L0G1C/Loki: Remote Access Tool/Botnet
https://github.com/Pure-L0G1C/Loki

GitHub - Bitwise-01/Loki: Remote Access Tool

Remote Access Tool. Contribute to Bitwise-01/Loki development by creating an account on GitHub.

51 views18:55

Automation exploit with mad-metasploit(db_autopwn module)

Automation exploit with mad-metasploit(db_autopwn module) - HAHWUL :: 하훌
https://www.hahwul.com/2019/03/automation-exploit-with-mad-metasploit.html

Hahwul

46 views19:07

Remote Code Execution — Gaining Domain Admin privileges due to a typo
https://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

Remote Code Execution — Gaining Domain Admin due to a typo

CVE-2018–9022

45 views12:56

MS Excel Weaponization Techniques – Bank Security – Medium
https://medium.com/@Bank_Security/ms-excel-weaponization-techniques-79ac51610bf5

MS Excel Weaponization Techniques

Different methods to run a command line via Excel file in order to spawn a Meterpreter reverse shell.

45 views09:57

Web Application Security, Testing, & Scanning - PortSwigger

Today's Burp Suite release (2.0.18) includes a major iteration of the new crawler algorithm, based on real-world feedback. We're getting closer to Burp Suite 2.0 coming out of beta.
https://portswigger.net

portswigger.net

PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.

40 viewsedited 10:04

Introduction to File Format Fuzzing & Exploitation – Daniel C – Medium
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

Introduction to File Format Fuzzing & Exploitation

This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to…

38 views10:11

Apktool v2.4.0 has been released packing months of fixes and a few new features.

Apktool v2.4.0 Released
https://connortumbleson.com/2019/03/03/apktool-v2-4-0-released/

Connor Tumbleson

Apktool v2.4.0 Released

45 views10:15