A router is the core of anyone's internet experience, but most people don't spend much time setting up this critical piece of hardware. Old firmware, default passwords, and other configuration issues continue to haunt many organizations. Exploiting the poor, neglected computer inside these routers h ...more
Armis Labs has revealed eight vulnerabilities, called "BlueBorne", which put 5.3 billion Android, iOS, Windows, and Linux devices that use Bluetooth at risk. With it, hackers can control devices, access data, and spread malware to other vulnerable devices through networks. In this post, we will lear ...more
today we will touch on "SHODAN" in its Pentesting mode, using functional Exploits that will help them understand and audit vulnerable servers that exist. first before going through the exploit methodology, we will have an "Extra" with a database manager "little known by some", but used by large & ...more
http://news.softpedia.com/news/a-third-of-all-https-websites-are-vulnerable-to-the-drown-attack-501202.shtml DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, was revealed today as an attack that could decrypt your secure HTTPS communications, such as passwords or credit card n ...more
Things like Heartbleed come to mind, or really any Zero day to be honest. What if I am a company who relies on product X but product X has just been found to have a bad vulnerability and it will probably take a couple days to patch. What do I do? Do I leave it vulnerable and keep myself open or do I ...more
I'm sure that many of us have heard of that nasty Shellshock vulnerability, but not very many people know how to exploit it. Try these few tricks on vulnerable websites! Background InformationSo, what is Shellshock? Shellshock is a vulnerability in Bash shell (v1.1 to v4.3, and possibly more...) tha ...more
http://gyazo.com/7be35e7c0a9c0c559c98a79cfd949625 The follow URL shows a screenshot of again happening what happend last time. I tried to exploit it, but nothing came up. I set RHOSTS, I typed "run", as @occupythewebotw did in his tutorial, and nada. It just came up "Auxiliary Module Execution Compl ...more
A group ironically called the "Guardians of Peace" hacked into Sony Pictures' computer systems and released a mountain of internal information such as medical records, leaked scripts, work complaints, and even celebrity aliases. Why did this happen? Sure, a lot of well-thought-out work went into thi ...more
While we now know that iCloud was not exploited by hackers to steal private celebrity photos, Apple did admit that guessed (aka brute-forced) passwords and/or iCloud security questions were to blame for the breach. All of the celebrity accounts that were compromised were targeted on an individual ba ...more
Heartbleed, move over. There's a new bug in town, and this time it's also affecting Mac and Linux computers. It's called Shellshock (its original official title is CVE-2014-6271), and it's currently got a 10 out of 10 severity rating over at the National Cyber Awareness System. While some updates ha ...more
Chrome, Firefox, and Safari all provide built-in features that allow you to save your username and password for your favorite sites, making the process for entering your credentials a breeze when you revisit them. While this automation does make your life a little easier, it definitely doesn't make ...more
Welcome back, my rookie hackers! I recently began a series on using Metasploit, and my goal with it is to teach you the very basics the incredibly powerful hacking tool has to offer while progressively moving on to the more advanced features. In my first Metasploit installment, I showed you the vari ...more
As great as the Internet is, it is not without its dangers. Hackers at any time may be breaking into your online accounts and compromising your sensitive information. Last year, hackers broke into Facebook, Gmail, and Twitter and made off with 2 million stolen passwords. It's a nightmare to be the u ...more
In a era where cyber security is becoming increasingly important, Comcast has decided to use its customers' routers to provide hotspot access to the public. A new program, outlined by Dwight Silverman over on the Houston Chronicle website, seeks to provide Xfinity customers with city-wide Wi-Fi hots ...more
It started in Australia, and now seems to have made its way statewide—hackers are remotely locking iOS and Mac devices, holding them for a $100 ransom. Users awoke to the loud "lost iPhone" ringtone, with a message on their lock screen stating that "Oleg Pliss" has hacked their device, and that "the ...more
Welcome back, my aspiring hackers! In previous tutorials, I have shown you how to scan the globe for vulnerable servers and write simple scripts in BASH and Perl to perform other reconnaissance tasks. In a very recent guide, I taught how to scan vulnerable servers for Heartbleed. In all of these cas ...more
Welcome back, my budding hackers! Recently, I showed you how you could exploit the widely disseminated OpenSSL vulnerability that has to become known as "Heartbleed". Although the world has known about this vulnerability for over a month now, it will likely take many more months—or even years—for ev ...more
Welcome back, my greenhorn hackers! In recent weeks, the Heartbleed vulnerability of OpenSSL has been dominating the information security headlines. This vulnerability enables an attacker to extract data from the server's memory that may contain authentication credentials, cookies, the servers priva ...more
Incorporating features such as CarPlay, UI enhancements such as the new call screen, and several bug fixes, iOS 7.1 was the first major update to Apple's operating system since iOS 7 was released in June of last year. Now Apple has released a seemingly small update in the form of iOS 7.1.1, which co ...more
Unless you've been living under a rock with no internet connection, it's safe to say that you've heard of the Heartbleed flaw that allows practically anyone with the right knowledge to steal your personal information, such as passwords, credit card numbers, and e-mail addresses using OpenSSL. What m ...more
This time it's serious. Really. The largest web security vulnerability of all time went public on Monday, April 7th, 2014, resulting in widespread panic throughout the Internet as system administrators scrambled to secure their websites from the OpenSSL bug known as Heartbleed. This bug is so bad, i ...more
Welcome back, my greenhorn hackers! Although we have focused primarily on technical hacks here, social engineering can sometimes be especially effective. This one requires a bit of technical skill, but not too much. In addition, it's limited by how specific a target you can choose—but it will work. ...more
As you may have already heard, the worst bug in OpenSSL history went public yesterday, dubbed Heartbleed. While we can go deeper into the technical details of it later, the short version is that OpenSSL, the library used to encrypt much of the web running on Linux and Apache has been vulnerable for ...more
