I am happy to announce of a special release of Resolver version 1.0.9 “Bug Hunters Edition” If you want to know what Resolver is you can read about it Here. What is new and why its called the “Bug Hunters Edition” ? Well…When participating in a bug bounty programs you may want to find as …
Blog
PayPal Gesture Pay Admin Panel Authentication Bypass
During my participation in the PayPal bug bounty program I came a cross an application which allows to make payments using a signature / gesture with your mobile phone, the app was hosted on https://apac.paypal-labs.com/gesture/, I guess this app was still in development due to the reason it was hosted on a PayPal-labs sub domain. …
PayPal Stored XSS via Request Payment feature or “How to inject a malicious payload remotely into users accounts”
This is the first vulnerability i discovered during the PayPal bug bounty program on the first day of the program, i thought its about time i’d share it with ya all. Vulnerability Details: An attacker is able to inject and execute a malicious payload on a remote user account without the need to convince the …
Windows 7 Fake Access Point With Alfa AWUS036H
In my previous post I discussed how to Setup a Fake Access Point with Backtrack Linux Although I love Backtrack Linux one of the tools I really miss is Cain & Able, I thought some of you will want to setup a Fake AP when Pentesting on Windows systems as well. So, here it goes… I am using an Alfa …
Setup a Fake Access Point With BackTrack5
Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP. There are a lot of Tutorials and Scripts for setting up a Fake AP, The “Gerix” tool also have an option to auto set …
Resolver
I needed a simple tool that can preform a reverse dns lookup for a given IP address or for a range of IP’s in order to find its PTR. Usually I use Linux which has several tools for querying DNS, One of my favourite tools is the “host” command which can be used for this task: root@bt”>root@bt:~# host …
Wophcrack – Ophcrack web interface
Rainbow tables are really useful when cracking password hashes, One disadvantage of these tables is their size which can get up to tens and even hundreds of gigs. I really liked the Offensive security Crackpot online hash cracker and i thought it would be really nice to have a web interface for my rainbow tables which i can access from web …
New home for exploit.co.il
You have probably noticed the blog was down for a couple of weeks, it was due to an ttack on godaddy’s server. afer that attack i decided to move the blog to a more controlled hosting environment with the ability to manage logs and security measures. due to the new security measures taken visitors may experience trouble accessing certain areas or …
ScreenSpy – New Meterpreter Script Review
Yesterday a new Meterpreter script named “ScreenSpy” was added to the Metasploit redmine. The script was written by Roni Bachar, You can read the official release notes on his Blog. This Meterpreter script captures images on remote host desktop at a predefined interval and then displays the images sequence . This emulates a live view of the remote host …
Meterpreter Script – Windows Service Creator
There are several ways to Backdoor a machine that has been compromised, One of them is placing your executable as a windows service. The advantages are that user doesn’t have to log on in order for the service to run, non like placing it in the startup via registry which requires user to log in. …
Exploit KB Vulnerable Web App
During my SQL Injection learning journey I needed a vulnerable web application for practice I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL. I must confess, I am not a programmer and I have never coded in PHP …
Patching and Compiling Cowpatty UBUNTU 10.04
I was playing around with some wireless attack tools today, Mostly with cuda based tools such as pyrit. I wanted to check my new Core i7 PC and GPU cracking capabilities and speed on my UBUNTU 10.04 64bit OS. Pyrit supports WPA cracking with Cowpatty, At first i decided to do some benchmarking for different …
Metasploit Java Meterpreter Payload
If you haven’t noticed the Metasploit Framework has a JAVA meterpreter payload for some time now It supports all the commands supported by the PHP meterpreter, as of SVN revision 9777, and additionally the ipconfig, route, and screenshot commands. It is not fully implemented into the framework yet and in order to get it up and …
Digital Whisper Magazine issue 11
Wrote an article named : “Buffer Overflows 101” which was published today on the Israeli Security Magazine “Digital Whisper” issue 11. The article is in the Hebrew language and covers the basics of buffer overflows,fuzzing,olly basics,writing a metasploit modules and more… The article has a companion tar.gz file which includes the source code of the vulnerable server (Which was …
Cracking Sofaware Safe@Office UTM (SBOX) Passwords
The Safe@Office UTM is a fully-integrated stateful inspection firewall, intrusion prevention, VPN and antivirus gateway, specifically designed to meet the needs of small businesses of various sizes. You can manage the Safe@Office (SBOX) via a web interface or SSH, This product has several passwords stored in its configuration such as: 1. User passwords 2. VPN …
Recent Comments