본문 바로가기

모의해킹157

Metasploit VNC Password Extraction Chris Gates wrote a blog post about the 'getvncpw' meterpreter script. I ran into the same issue on Penetration Tests in the past but didn't know much about the wacked out version of DES that RFB (the VNC protocol) was using. Not being a fan of manually editing a binary and compiling each time I had a password to crack I wanted to find another way, but didn't get a chance to. Yesterday I saw thi.. 2011. 3. 21.
Metasploit Framework 3.6.0 Released! In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP in.. 2011. 3. 8.
Moscrack WPA Cluster Cracker 2.0b Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are .. 2011. 2. 23.
More about the JailbreakMe PDF exploit Today has been released the source code of the Jailbreakme exploit, so maybe this explanation comes a bit late. In the update of the previous post about this subject I knew that I was right about the overflow in the arguments stack when parsing the charstrings in the Type 2 format, so here is a little more info. After decoding the stream of the object 13 we can see the following bytes (talking a.. 2011. 2. 21.
OWASP Top 10 2010 시연 동영상 OWASP Top 10 2010: A1 - Injection OWASP Top 10 2010: A2 - Cross Site Scripting OWASP Top 10 2010: A3 - Broken Authentication and Session Management OWASP Top 10 2010: A4 - Insecure Direct Object References OWASP Top 10 2010: A5 - Cross-Site Request Forgery (CSRF) OWASP Top 10 2010: A6 - Security Misconfiguration OWASP Top 10 2010: A7 - Insecure Cryptographic Storage OWASP Top 10 2010: A8 - Failu.. 2011. 2. 8.
728x90