Jump to content

Search the Community

Showing results for tags 'information'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL










  1. When performing a Web Application Security Assessment, an important step is Fingerprinting which allows for further exploitation by an attacker. So as a security researcher/pentester, we should do well at fingerprinting the web server, which gives lot of information like application name, software version, web server info, OS, and more. This helps for known vulnerabilities, researching vulnerabilities and exploiting. So here I will discuss some techniques which are required for this task: Finger Print Methodology How to perform this activity: obviously for an attacker there is no hard and fast
  2. DrWire


    Hello, I'am DrWire and i registered here for some stuff and tutorials. I work as system administrator, my skills is: php,python,perl,html,css,some mysql,c++ and some information about networking. -Sorry for bad english, I'am from Germany.
  3. Cookies Manager Author: Doddy Hackman A simple program in PHP to help with XSS vulnerability in this program are the following: [+] Cookie Stealer with TinyURL Generator [+] Can you see the cookies that brings back a page [+] Can create cookies with information they want [+] Hidden to login to enter Panel use ?poraca to find the login A video with examples of use: Download Source: https://github.com/DoddyHackman/Cookies_Manager
  4. #Vulnerability title: Wordpress plugin Simple Ads Manager - Information Disclosure #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2826 #Author: Nguyen Hung Tuan (tuan.h.nguyen@itas.vn) & ITAS Team ::PROOF OF CONCEPT:: + REQUEST POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1 Host: target.com Content-Type: application/x-www-form-urlencoded Content-Length: 17 action=load_users
  5. GrabME Sensitive information extraction tool. Report a bug: https://github.com/GuerrillaWarfare/GrabME/issues Up-to-date Usage examples: https://github.com/GuerrillaWarfare/GrabME/wiki/GrabME-Usage-Examples GrabME - Extract Sensitive information from a file. Usage: ./grabme.py [FILE] What can it extract ?: Links hash values email addresses ipv4, ipv6 addresses bitcoin wallet addresses MAC addresses with : or - (deliminators) USA Based Telephone, Social Security and Major Credit Card numbers. Guerrilla Warfare Free License ("GWFL") v1.0 You're free to modify this software to YOUR lik
  6. Uber insisted it had not been hacked following the discovery that log-in information for thousands of the car-sharing service's users is widely available on the online black market. Motherboard confirmed last week that several dark Web forums — hidden from the regular internet using the online anonymity software Tor — were selling working log-ins for Uber for as little as $1. Uber denies the information was taken from its own servers, however. “We investigated and found no evidence of a breach,” the company said in a statement. “Attempting to fraudulently access or sell accounts is illegal and
  7. Router Scan is able to find and identify a variety of devices from a variety of known routers / routers, and most importantly - to pull out of them useful information, in particular the characteristics of the wireless network: a way to protect the access point (encryption), access point name (SSID) and key access point (passphrase). Also receives information about the WAN connection (useful when scanning the local network) and outputs the make and model of the router. Getting information occurs in two possible ways: the program will try to pick up a couple of login / password to the router fro
  8. The Supreme Court of India today struck down Section 66A of the Information Technology Act -- a controversial law that allowed law enforcement officials to arrest people for posting "offensive" comments on social networks and other internet sites. After hearing a clutch of petitions by defenders of free speech, the Supreme Court described the 2009 amendment to India's Information Technology Act known as section 66A as vague and ambiguous and beyond ambit of the constitutional right to freedom of speech. "Section 66A is unconstitutional and we have no hesitation in striking it down," said Justi
  9. BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version). Features Automatically scans your current minidump folder and displays the list of all crash dumps, including crash dump da
  10. Free PC Diagnostics Tool ESET SysInspector is an easy to use diagnostic tool that helps troubleshoot a wide range of system issues. Coming either as a free, standalone application, as well as, integrated into ESET NOD32 Antivirus and ESET Smart Security, it captures critical and detailed information about your computer. Solve Problems While best used to track down the presence of malicious code, ESET SysInspector also comes in handy when resolving issues related to: Running processes and services Presence of suspicious and unsigned files Software issues Hardware incompatibility Outdated or
  11. While some lawmakers claim that a threat information-sharing bill, called CISA, was amended with substantial privacy provisions – privacy experts worry that that the bill still lacks enough protections. Last Thursday, the Senate Intelligence Committee approved the Cybersecurity Information Sharing Act (CISA) in a 14 to 1 vote (that followed a closed door session where several amendments were added to the bill). The legislation, which is said to advocate information-sharing between private companies and government to thwart cyberattacks like the one's striking Sony and Anthem, was strongly cont
  12. *Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection' [CWE-89] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) Impact Subscore: 6.4 Exploitabilit
  13. Google leaked the complete hidden whois data attached to more than 282,000 domains registered through the company's Google Apps for Work service, a breach that could bite good and bad guys alike. The 282,867 domains counted by Cisco Systems' researchers account for 94 percent of the addresses Google Apps has registered through a partnership with registrar eNom. Among the services is one that charges an additional $6 per year to shield from public view all personal information included in domain name whois records. Rather than being published publicly, the information is promised to remain in t
  14. #Vulnerability title: Community Gallery - Srored Corss-Site Scripting vulnerability #Product: Community Gallery #Vendor: https://www.woltlab.com #Affected version: Community Gallery 2.0 before 12/10/2014 #Download link: https://www.woltlab.com/purchase/?products[]=com.woltlab.gallery #Fixed version: Community Gallery 2.0 after 12/26/2014 #CVE ID: CVE-2015-2275 #Author: Pham Kien Cuong (cuong.k.pham@itas.vn) & ITAS Team (www.itas.vn) ::PROOF OF CONCEPT:: + REQUEST: POST /7788bdbc/gallery/index.php/AJAXProxy/?t=7d53f8ad7553c0f885e3ccb60edbc0b6512 d9eed HTTP/1.1 Host: target User-Agent: Mo
  15. Windows Object Explorer 64-bit (WinObjEx64) WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the "Properties..." toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related securit
  16. ScanBox is a framework in the form of a JavaScript file. The function of ScanBox is to collect information about the visitor’s system without infecting the system. And this information includes things like the last page the user was on before visiting the compromised website, the OS of the system and the language settings of the system, the screen width and height, the web browsers used by the victim, the geographical location, security softwares used and programs like Java, Acrobat Reader, MS Office and Adobe Flash versions used. ScanBox also can log the keystrokes the victim is typing inside
  17. Twitter has revised and simplified its rules and process for reporting abusive behavior on the service, and users now have the ability to report people who are posting their personal information. The change essentially gives Twitter users a method to combat doxing, which is the process of dumping a victim’s personal information online. This often is done as a form of revenge or to embarrass someone. Doxing used to be done in forums or on underground sites, but Twitter has made it possible to broadcast the information to a much larger audience more quickly. Twitter officials are well aware of t
  18. How To Assess a Third Party Web Site or Cloud Service with the OWASP ZAP Attack Proxy When You Don’t Have Permission to Pentest As a security professional, you will often be asked to give your opinion or assessment on the security of a third-party web site or cloud service. The person asking the question will usually have no authority to give you permission to run a penetration test on the remote site, and the chances that you can secure permission from the remote site’s owner will also be remote. If this happens to you, are you stuck? Actually, the answer is no. There is plenty of reconnaissa
  19. TalkTalk has admitted to a major breach of user information, which may have led to some customers handing over bank information to hackers. In an email to customers, the company said it first saw a big increase in malicious scammers claiming to be from TalkTalk at the end of last year. Following an investigation it said some of its customer information, such as names, addresses, phone and account numbers, could have been illegally accessed, with scammers quoting these details to customers. Consequently a small number may have revealed more in-depth information, such as bank details. In some of
  20. The breaches at Community Health Systems and Anthem, Inc. serve as prime examples of how valuable health care data can be to cybercriminals, but a recent study suggested that these intrusions should not be the only cause for concern for consumers. A study conducted by Timothy Libert, a doctoral student at the University of Pennsylvania's Annenberg School for Communication found that nine out of ten health-related websites expose information regarding visitors' health interests with third parties. The websites included in the study, titled “Privacy Implications of Health Information Seeking on
  21. An all new anonymous online underground black market website, DarkLeaks, has been introduced on the Internet where Whistleblowers, blackmailers, hackers and any individual can trade/sell sensitive and valuable data/secrets anonymously in exchange for Bitcoin payments. DarkLeaks is a decentralized underground blackmarket which is built on top of the Bitcoin Blockchain technology and is available on the Internet to download as a free software package together with its source code published openly on code-sharing site Github. TRADE INFORMATION ANONYMOUSLY DarkLeaks underground black market websit
  22. After weeks of mounting pressure from national governments for increased access to personal data following the Charlie Hebdo attack, the European Parliament has pulled a switch that aims to simultaneously increase citizens’ privacy rights while also giving law enforcement agencies more ability to track travellers. As they twist and turn like a twisty turny thing, MEPs are essentially leveraging national governments’ desire for a PNR (Passenger Name Record) tracking system to get the draft Data Protection Regulation legislation approved. In a resolution approved by 532 votes to 136, with 36 abs
  23. >> NetGear WNDR Authentication Bypass / Information Disclosure Reported by: ---- Peter Adkins <peter.adkins () kernelpicnic.net> Access: ---- Local network; unauthenticated access. Remote network; unauthenticated access*. Tracking and identifiers: ---- CVE - Mitre contacted; not yet allocated. Platforms / Firmware confirmed affected: ---- NetGear WNDR3700v4 - V1.0.0.4SH NetGear WNDR3700v4 - V1.0.1.52 NetGear WNR2200 - V1.0.1.88 NetGear WNR2500 - V1.0.0.24 Additional platforms believed to be affected: ---- NetGear WNDR3800 NetGear WNDRMAC NetGear WPN824N NetGear WNDR4700 Vendo
  24. The blog post of today is a bit different than usual, as you can read the full post on the Panda Security blog. Read it here: Yet another ransomware variant In this post I'm simply adding some additional information and repeating the most important points. So, there's yet another ransomware variant on the loose. You may call this one Chuingam (chewing gum?) ransomware or Xwin ransomware - pointing to respectively the file with this string 'Chuingam' dropped, or in the latter case the folder on C:\ it creates. Or just another (skiddie) Generic Ransomware. In the blog post above, I discuss the m
  25. Introduction The virtual space has over time become something of real importance for business, politics, work, communities and communications. In becoming gradually more and more dependent and addicted to the Internet, individuals, companies, organizations and governments have raised (or are raising) awareness of being intimately vulnerable to attacks and threats of various types. Not only can the Internet potentially be used “as it is” to conduct offensive actions that are born and die in cyber-space, but it can also be a great way to conduct complementary or parallel actions to physical thre
  • Create New...