Search the Community
Showing results for tags 'connections'.
A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE. We trust our hardware manufacturers to build products that are secure. In this current climate of rising cybercrime, if you cant trust your hardware manufacturer you are in a very difficult position.
Intro Data grabbing: URL's (geturl/massurl) -> (scan) Configs, Databases, SQLi's (dork) Full Path Disclosures / Users (fpds) -> (brutefpds) Top websites info (top) Massive scanning XSS, SQLi, LFI, RFI (scan) FTP, SSH, DB's, IMAP (multibruter) Accurate SSH bruteforce (brutefpds) Plan Web Apps Grab url's via 'geturl' or 'massurl' (massurl requires list of tags as file) Scan url's parameters for vulns with 'scan' Servers Pick target, get ip range Scan for services on each IP and bruteforce with 'multibruter' Grab full path disclosures, and so linux usernames Perform SSH bruteforce for speci