Tag: vulnerabilities

Exploitation, Training

Compile a simple vulnerability on modern Windows

Visual Studio 2015 Open Visual Studio. Project Properties -> General -> Platform Toolset: Visual Studio 2010 (v100) or Windows7.1SDK Project Properties -> C/C++ -> Optimization -> Optimization: Disabled (/Od) Project Properties -> C/C++ -> Code Generation -> Security Check: Disable Security Check (/GS-) Project Properties -> C/C++ -> Advanced -> Compile As: Compile as C …

Nessus

Nessus _qdb_open: invalid table of contents

1. You start Nessus and you get an error while connecting to https://127.0.0.1:8834. 2. You run nessuscli and you get an error indicating: blah blah _qdb_open: invalid table of contents Stop Nessus service service nessusd stopservice nessusd stop Repair Nessus /opt/nessus/sbin/nessusd -R/opt/nessus/sbin/nessusd -R Start Nessus service service nessusd startservice nessusd start

Hacking, Penetration Testing

Find vulnerable routers and devices on the Internet

The Routerhunter is an automated security tool que finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The Routerhunter was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers. The script explores four vulnerabilities in routers …

Hacking, Penetration Testing, WEB

Scan for vulnerable 3rd party web applications

Yasuo is a ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. During a network security assessment we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Exploit-db contains hundreds exploits that could allow an attacker …

Exploitation, Hacking, OpenVAS, Penetration Testing

Quick OpenVAS setup

Open a terminal on your Kali host. Installation – Configuration openvas-setupopenvas-setup openvas-scapdata-syncopenvas-scapdata-sync openvas-certdata-syncopenvas-certdata-sync Change admin password openvasmd –user=admin –new-password=newpasswordopenvasmd –user=admin –new-password=newpassword Run openvas-startopenvas-start Open your browser and visit the address: https://127.0.0.1:9392/

General, Linux, Programming, Ubuntu

First Official Pro Linux Laptop Released!

First official pro notebook that is released with Linux: DELL XPS 13, Developers Edition. Enjoy Ubuntu 12.04 LTS on up to 8GB RAM, 256GB SSD HD, full HD 1080p display on less than 1.40kg. Congrats to DELL for stepping forward on offering the Linux world to the IT/Engineering-Pro world with such nice specs!

Detection, Enumeration, Penetration Testing, Scanners, Security Software, Vulnerabilities, WEB

Testing your web application for vulnerabilities | Part 1

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It is developed using Python to be easy to use and extend, and licensed under GPLv2.0. w3af is fully extensible and if you …

Penetration Testing, Tools, Vulnerabilities

Search Google’s cache to look for vulnerabilities with SiteDigger

SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites. > SiteDigger supports Proxy and TOR. 1. Choose search options from FoundStone Database or Google Hacking Database 2. Enter the domain 3. Hit Scan! System Requirements > Microsoft .NET Framework v3.5 Download SiteDigger from McAfee.