Exploiting with EternalRomance with Win10 WSL

by admin

Wednesday, October 4th, 2017 at 2:55 am

How to install metasploit inside Win10 WSL and use some python scripts to exploit vulnerable Win2k through 2k16 machines.
willgenovese.com/exploiting-with-eternalromance-using-metapsloit-installed-inside-win10-wsl/

DigitalOcean using same common password for 1-Clicks running MySQL

by admin

Tuesday, September 19th, 2017 at 3:31 am

Have fun scanning before DigitialOcean releases their public notice:
1-Click users potentially remotely exploitable unless they have changed the debian-sys-maint password {MySQL, PHPMyAdmin,LAMP, LEMP, WordPress, OwnCloud}
In the MySQL Debian/Ubuntu packaging, there is an additional MySQL user being created: debian-sys-maint.
Any Droplet created from this common image shares the same password for the MySQL debian-sys-maint user.
Affected Versions:
Ubuntu 14.04
Ubuntu 16.04
Ubuntu 17.10
Debian 7
Debian 8
Not Affected:
Debian 9

MS17-010 update

by admin

Tuesday, June 20th, 2017 at 1:54 pm

Along with the write up about MS17-010/EternalBlue last month on how the exploit works, worawit has posted new details, analysis, POCs, exploits (new one works against win2016). Check out the analysis first.

Happy 15th Birthday to illmob!

by admin

Thursday, April 20th, 2017 at 3:21 pm

It’s been a fun 15 years, nothing’s changed since our inception , the industry still sucks and is full of greedy fucks selling bullshit, 0days still dropping because of shitty code, celebrities still getting exposed, and the government treats still treats hackers like terrorists with obscenely high sentences. So here’s to another year of pwning, eventually they’ll get it right.

Windows 10 RS1 14316

by admin

Sunday, April 10th, 2016 at 3:44 pm

The build brings new changes targeting previously exploited dll-hijacking and uac bypass method vulnerabilities.

cliconfg.exe – can no longer be used as target for autoelevation as MS changed it manifest to autoelevate=false.

mmc.exe – event viewer console fixed, dll hijacking no longer works.

fake IIS inetmgr.exe launch from inetsrv appinfo hardcoded directory fixed too – Windows will not allow you to run & autoelevate anything except legit InetMgr.exe from system32\inetsrv directory.

Bypasses alot of the methods used by UACme that is posted in my ::Wiki::

Bypassing Rolling Code Systems

by admin

Sunday, February 7th, 2016 at 5:41 am

Attacking AM/OOK systems that implement rolling codes.
http://andrewmohawk.com/2016/02/05/bypassing-rolling-code-systems/

Windows Commands Abused by Attackers

by admin

Wednesday, January 27th, 2016 at 11:00 am

Listing of common Windows commands that attackers intruding into a network use in order to collect information and/or to spread malware infection within the network. http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html

Windows exploitation in 2015

by admin

Wednesday, January 27th, 2016 at 10:49 am

Eset released their annual report “Windows exploitation in 2015” a comprehensive overview of various aspects of defensive and offensive technologies in Microsoft Windows, Internet Explorer, Google Chrome, and EMET.

Vovnenko / Fly / MUXACC1 pleads guilty

by admin

Wednesday, January 27th, 2016 at 10:19 am


Vovnenko and his lawyers agreed to a plea agreement where Vovnenko took the rap, agreeing that he could face a sentence of 20 years imprisonment and $250,000 fine. Because he also faced the charge of Aggravated Identity Theft, there is an additional two year mandatory minimum sentence that cannot run concurrently with any other sentence. Sentencing in this case is set to May 2, 2016.
::SRC::

The End of illmob?

by admin

Saturday, March 12th, 2005 at 5:59 am

well as far as fund to support the server we have none, we do this as a hobby,not a job, we dont get piad, we like what we do we like to present the latest tools in internet hacking/security.. unfortunately the guy who has been hosting us for the past year isnt able to make the payments on the server, he wanted to at least host some othes sites to have the server pay for itself.. so in the next few weeks we might be up and down depending if we can get reliable hosting.. if not we might have to drop the files and go to a free host… so if you can help support us or know anyone who needs some cheap hosting packages please email me. also looking for some html coders to help setup the new hosting page…

Your IP: 172.71.223.182
Hostname: 172.71.223.182

You are from the area.

We love our country, but fear our government.