Jump to content

Search the Community

Showing results for tags 'exploit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. VMware și-a avertizat clienții cu privire la o vulnerabilitate critică prezentă în mai multe dintre produsele sale, inclusiv Workspace One Access și Identity Manager, care ar putea permite hackerilor să preia controlul mașinilor vulnerabile. Defecțiunea bazata pe "code execution", urmărită ca CVE-2020-4006 și evaluată cu 9,1 pe scara de severitate a amenințărilor CVSS, poate fi exploatată într-o serie de produse VMware, a avertizat compania. În prezent nu există niciun patch disponibil, deși firma a emis o soluție care poate fi aplicată în unele cazuri. De asemenea, nu se menționează dacă
  2. Se intampla o chestie ciudata la mine in oras. De aproximativ 4 zile cineva a facut un cont de instagram numit "gossipsimleu" unde oricine ii spune o barfa el/ea o posteaza . Cred ca e gen luata din seriarul GossipGirl. Toata lumea cauta deja sa demascheze contul. Ceva idei?
  3. SQL Poizon v1.1 – SQLi Exploit Scanner, Search Hunter, Injection Builder Tool ---------------------------------------------------------------------------------------- SQL Poizon v1.1 – SQLi Exploit Scanner, Search Hunter, Injection Builder Tool is a tool which scans website through dorks automatically and finds vulnerabilities in them its very easy powerful too, to find vulnerable site of any country. New Features : “Look &Feel” is more attractive now. Rich “Context Menu” items. “Results” contain checkboxes to enable selection. “Selected D
  4. files on https://elastixhacking.wordpress.com/
  5. Este o serie de articole ce descriu dezvoltarea exploit-urilor de kernel Windows, folosind HackSysExtremeVulnerableDriver pe Windows 7 32bit cat si Windows 7 64bit, dar si Windows 10. [Kernel Exploitation] 1: Setting up the environment [Kernel Exploitation] 2: Payloads [Kernel Exploitation] 3: Stack Buffer Overflow (Windows 7 x86/x64) [Kernel Exploitation] 4: Stack Buffer Overflow (SMEP Bypass) [Kernel Exploitation] 5: Integer Overflow [Kernel Exploitation] 6: NULL pointer dereference Sursa: https://twitter.com/abatchy17 (decizia de a scrie articolele: h
  6. Salutare, Aici avem singurul PoC real de meltdown, care functioneaza fara probleme (probat de mine). https://github.com/IAIK/meltdown This repository contains several videos demonstrating Meltdown Video #1 shows how Meltdown can be used to spy in realtime on a password input. Video #2 shows how Meltdown leaks physical memory content. Video #3 shows how Meltdown reconstructs a photo from memory. Video #4 shows how Meltdown reconstructs a photo from memory which is encoded with the FLIF file format. Video #5 shows how Meltdown leaks uncached
  7. This framework is similar to metsploit. It's still under development, but it looks good. The author hopes to give more advice. Let's go and have a try! Github:https://github.com/hucmosin/purelove
  8. # PS4 4.05 Kernel Exploit --- ## Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, *does not* contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port `9020` and will execute them upon receival. You can find fail0verflow's original write-up on the bug [here](https://fail0verflow.com/blog/
  9. Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It consists of a standard sockets-based interface for user space processes and an internal kernel API for kernel modules. Credit An independent security researcher, Mohamed Ghannam, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
  10. #!/usr/bin/env python # # Exploit Title : VXSearch v10.2.14 Local SEH Overflow # Date : 11/16/2017 # Exploit Author : wetw0rk # Vendor Homepage : http://www.flexense.com/ # Software link : http://www.vxsearch.com/setups/vxsearchent_setup_v10.2.14.exe # Version : 10.2.14 # Tested on : Windows 7 (x86) # Description : VX Search v10.2.14 suffers from a local buffer overflow. The # following exploit will generate a bind shell on port 1337. I # was unable to get a shell working with msfvenom shellcode so #
  11. Author: Google Security Research | Category: dos/poc | Platform: multiple Date add: 02-10-2017 | Risk: [Security Risk Medium] | 0day-ID: 0day-ID-28727 | CVE: CVE-2017-14496 ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac, --add-cpe-id or --add-subnet. ================================================================= ==2215==ER
  12. ==================================================== - Discovered by: Dawid Golunski (@dawid_golunski) - dawid[at]legalhackers.com - https://legalhackers.com - ExploitBox.io (@Exploit_Box) - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High ============================================= I. VULNERABILITY ------------------------- WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) II. BACKGROUND ------------------------- "WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. WordPress was used by m
  13. [Sursa: https://www.exploit-db.com/exploits/41782/?rss ] # Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (trevor Hough) # Vendor Homepage: www.zyxel.com # Version: EMG2926 - V1.00(AAQT.4)b8 # Tested on: linux # CVE : CVE-2017-6884 OS command injection vulnerability was discovered in a commonly used home router (zyxel - EMG2926 - V1.00(AAQT.4)b8). The vulnerability is located in the diagnostic tools specify the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the rout
  14. https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.dkvmm22rn
  15. --[ Tools and Basic Reverse Engineering --[ Extended Reverse Engineering --[ Introduction to Memory Corruption --[ Shellcoding --[ Format Strings --[ DEP and ROP --[ Secure Systems and Game Console Exploitation --[ Address Space Layout Randomization --[ Heap Exploitation --[ Misc Concepts & Stack Canaries --[ C++ Concepts and Differences --[ Kernel Exploitation --[ Exploitation on 64bit, ARM, Windows --[ Automation & The Future of Exploitation http://security.cs.rpi.edu/courses/binexp-spring2015/
  16. In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android
  17. NODEJS RCE AND A SIMPLE REVERSE SHELL While reading through the blog post on a RCE on demo.paypal.com by @artsploit, I started to wonder what would be the simplest nodejs app that I could use to demo a RCE. Looking at the hello world tutorials online, I came up with the following simple app that takes a user input via the URL as a GET parameter and passes it to eval, which is obviously a bad programming practice. Obviously, the functionality of this app is questionable, but in the real world Node applications will use eval to leverage JavaScript’s eval but with sandboxing amon
  18. Repo-ul e pe private for now.
  19. Product Avactis PHP Shopping Cart Version 4.7.9.Next.47900 Full Disclosure EXPLOIT DB
  20. Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] (link is external) Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] (link is external) The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for
  21. Hello RST : Exploit Development Course 2015 --> Free Preface Hi and welcome to this website! I know people don’t like to read prefaces, so I’ll make it short and right to the point. This is the preface to a course about Modern Windows Exploit Development. I chose Windows because I’m very familiar with it and also because it’s very popular. In particular, I chose Windows 7 SP1 64-bit. Enough with Windows XP: it’s time to move on! There are a few full-fledged courses about Exploit Development but they’re all very expensive. If you can’t afford such courses, you can scour the Internet for pa
  22. VAND ROOT FLOOD SCAN ARHIVE FLOOD SCAN BOTI PERLI PMA EXPLOIT SV CS SI ALTELECINE VREA LASATI REPLY aici la topic mai repede;)
  23. Scan: https://www.sendspace.com/file/cqn4y2
  24. Exploit Kits: Past, Present and Future March 16, 2015 View research paper: The Evolution of Exploit Kits Exploit kits are a fast-growing online threat that cybercriminals seem to have favored in the last few years to execute Web-based attacks to distribute malware. Exploit kits are old tools released by Russian programmers dating back to 2006. As seen in the diagram below, exploit kits have continuously grown in numbers from 2006 to 2013. The market seemingly changed and took a significant dip however in 2014. The rise of exploit kits in underground markets push exploit kit developers to impr
  25. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> | Exploit Title: Milw0rm Clone Script v1.0 (Auth Bypass) SQL Injection Vulnerability | | Date: 06.13.2015 | | Exploit Daddy: Walid Naceri
×
×
  • Create New...