Blog

Python HTTP Shell – PyHttpShell

PyHttpShell is a shell written in python and php, traffic is over http protocol using a server in the middle.

Read More

Windows Domain Credentials Phishing Tool

I created this tool for a pen test i performed for a client,
i already had a meterpreter session and i needed to get the current domain user credentials.
Instead of using a key logger and wait for the user to type his password i decided to force him to enter it.

Read More

EMS – E-mail Spoofer

E-mail Spoofer is a tool designed for penetration testers who need to send phishing e-mails.
It allows to send mails to a single recipient or a list, it supports plain text/html email formats, attachments, templates and more…

Read More

Resolver 1.0.9 – Bug Hunters Edition Release

I am happy to announce of a special release of Resolver version 1.0.9 “Bug Hunters Edition” If you want to know what Resolver is you can read about it Here. What is new and why its called the “Bug Hunters Edition” ? Well…When participating in a bug bounty programs you may want to find  as […]

Read More

PayPal Gesture Pay Admin Panel Authentication Bypass

During my participation in the PayPal bug bounty program I came a cross an application which allows to make payments using a signature / gesture with your mobile phone, the app was hosted on https://apac.paypal-labs.com/gesture/, I guess this app was still in development due to the reason it was hosted on a PayPal-labs sub domain. […]

Read More

PayPal Stored XSS via Request Payment feature or “How to inject a malicious payload remotely into users accounts”

This is the first vulnerability i discovered during the PayPal bug bounty program on the first day of the program, i thought its about time i’d share it with ya all. Vulnerability Details: An attacker is able to inject and execute a malicious payload on a remote user account without the need to convince the […]

Read More

Windows 7 Fake Access Point With Alfa AWUS036H

In my previous post I discussed how to Setup a Fake Access Point with Backtrack Linux  Although I love Backtrack Linux one of the tools I really miss is Cain & Able, I thought some of you will want to setup a Fake AP when Pentesting on Windows systems as well. So, here it goes… I am using an Alfa […]

Read More

Setup a Fake Access Point With BackTrack5

Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP. There are a lot of Tutorials and Scripts for setting up a Fake AP,  The “Gerix”  tool also have an option to auto set […]

Read More

Resolver

I needed a simple tool that can preform a reverse dns lookup for a given IP address or for a range of IP’s in order to find its PTR. Usually I use Linux which has several tools for querying DNS, One of my favourite tools is the “host” command which can be used for this task: root@bt”>root@bt:~# host […]

Read More

Wophcrack – Ophcrack web interface

Rainbow tables are really useful when cracking password hashes, One disadvantage of these tables is their size which can get up to tens and even hundreds of gigs. I really liked the Offensive security Crackpot online hash cracker and  i thought it would  be really nice to have a web interface for my rainbow tables which i can access from web […]

Read More

New home for exploit.co.il

You have probably noticed the blog was down for a couple of weeks, it was due to an ttack on godaddy’s server. afer that attack i decided to move the blog to a more controlled hosting environment with the ability to manage logs and security measures. due to the new security measures taken visitors may experience trouble accessing certain areas or […]

Read More

ScreenSpy – New Meterpreter Script Review

Yesterday a new Meterpreter script named “ScreenSpy” was added to the Metasploit redmine. The script was written by Roni Bachar, You can read the official release notes on his Blog. This Meterpreter script captures images on remote host desktop at a predefined interval and then displays the images sequence . This emulates a live view of the remote host […]

Read More

Meterpreter Script – Windows Service Creator

There are several ways to Backdoor a machine that has been compromised, One of them is placing your executable as a windows service. The advantages are that user doesn’t have to log on in order for the service to run, non like placing it in the startup via registry which requires user to log in. […]

Read More

Exploit KB Vulnerable Web App

During my SQL Injection learning journey I needed a vulnerable web application for practice I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL. I must confess, I am not a programmer and I have never coded in PHP […]

Read More

Patching and Compiling Cowpatty UBUNTU 10.04

I was playing around with some wireless attack tools today, Mostly with cuda based tools such as pyrit. I wanted to check my new Core i7 PC and GPU cracking capabilities and speed on my UBUNTU 10.04 64bit OS. Pyrit supports WPA cracking with Cowpatty, At first i decided to do some benchmarking for different […]

Read More
Page 1 of 212»

Recent Posts