exploit the possibilities
Showing 1 - 25 of 45 RSS Feed


Heartbleed Attack
Posted Dec 21, 2020
Authored by Jaspreet Singh, Siddhi Verma

This document is intended to provide a detailed study on the Heartbleed attack. It covers the required topics for understanding the exploit. The proof of concept will help visualize and perform the attack in a virtual scenario to understand the attack vector of the process of exploitation.

tags | paper, proof of concept
advisories | CVE-2014-0160
SHA-256 | cf6fbc4d936699857b6524b54211eae3ce2b2ca1a865a3ff3877d5fc4fc945b6

Related Files

PrintNightmare Vulnerability
Posted Nov 22, 2021
Authored by Siddhi Verma, Divya Bora, Mayank Dholia

Whitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.

tags | paper, remote, local, code execution
systems | windows
advisories | CVE-2021-34527
SHA-256 | a5647c132e4877c92a507d0bcd1ac0ea57ab7bb3dca97b06b3806f2dcf13942f
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
SHA-256 | 6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
Comprehensive Guide On TShark
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This document is a guide on how to use tshark effectively to monitor and analyze traffic.

tags | paper
SHA-256 | b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
A Hands-On Approach To Linux Privilege Escalation
Posted Jan 12, 2021
Authored by Tanishq Sharma, Shikhar Saxena

Whitepaper called A Hands-On Approach To Linux Privilege Escalation. This document is intended to provide multiple techniques that a pentester can use to escalate their privileges and gain access to higher roles.

tags | paper
systems | linux
SHA-256 | 310fda8af6653a1631b701e34fda63984b79da47abf4d0c694660655c07035b4
Bypassing Certificate Pinning In Modern Android Application Via Custom Root CA
Posted Aug 20, 2020
Authored by Nghia Van Le

This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.

tags | paper, root
SHA-256 | e451c3653c39f8c69197cc44125ea0be0963f12054cce2cca25c7696dab74b07
Manually Exploiting Intel AMT
Posted Mar 18, 2020
Authored by Laxita Jain

This document illustrates the manual exploitation of the vulnerability found in the Intel Active Management Technology in 2017 that stripped off the primary authentication mechanism in the Intel AMT web interface.

tags | paper, web
advisories | CVE-2017-5689
SHA-256 | cfebcadf4361db526ce74bd43cf6067fdd66062b8ff3d28335972d33dcde2b8d
The Network Protocol Cheatsheet
Posted Feb 24, 2020
Authored by Riddhi Suryavanshi

This document is intended for students and security professionals as a quick reference for networking protocols. It covers 50 protocols classified according to the OSI Layer they operate on. The corresponding RFC has been provided to further check for parameters / commands of a particular protocol. From a security perspective, the corresponding attacks / vulnerabilities are also included in this cheatsheet.

tags | paper, vulnerability, protocol
SHA-256 | 4ae048d7061779872feeaba89b1f42cb9adcbb7b27fd89275e80e93dd0279d75
Local File Inclusion (LFI) Testing Techniques
Posted Jan 6, 2017
Authored by Aptive | Site aptive.co.uk

The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.

tags | paper, web, local, vulnerability, file inclusion
SHA-256 | 5e0f59932f1a0e50ca16efbe5fc14be1920860feb00a8731ba38a2383ae6c8bf
Cybercrime Report Template
Posted Nov 15, 2016
Authored by Bart Blaze

This document is meant to be a general purpose cybercrime report template for victims.

tags | paper
SHA-256 | d2a757ec4ee74be20c8708dcd4bc1be434315415d4d907969ebf5e328eb1d4b7
Heartbleed Vulnerability Scanning Tool
Posted Sep 24, 2015
Authored by hybridus

This python script checks for the OpenSSL memory leak named Heartbleed and as noted in CVE-2014-0160. It can be used for different SSL TLS versions and multiple (HTTPS/SMTP/IMAP/POP3) protocols. It is optimized for mass scans.

tags | tool, web, scanner, imap, protocol, memory leak, python
systems | unix
advisories | CVE-2014-0160
SHA-256 | 89791cf81b92b962ceaf4da83a28781f5cf9ed884168321574cab9f157657409
Heartbleed OpenSSL Information Leak Proof Of Concept
Posted Apr 24, 2014
Authored by Ayman Sagy

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | c130ea864e8a5752cbeeeb43cf5a566cbd9daeaef96e1462511173ae8e398614
Heartbleed TLS/DTLS Information Leak
Posted Apr 9, 2014
Authored by prdelka

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.

Changes: Multiple bug fixes have been added since the first release. Please ensure you have the latest copy.
tags | exploit
advisories | CVE-2014-0160
SHA-256 | 68bcedd2a727967e92d3a342ff6f366dc236929be5c2a5f69dba9ed2c35f299a
Heartbleed User Session Extraction
Posted Apr 9, 2014
Authored by Michael Davis, Jared Stafford

This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions.

tags | exploit, proof of concept, python
advisories | CVE-2014-0160
SHA-256 | 6be146c172695396122c8d40d4638e904f2ee1a827bd6f5062014ed22f051f9f
Heartbleed Mass Testing Script
Posted Apr 8, 2014
Authored by Mustafa Al-Bassam, Jared Stafford

This is a modified version of ssltest.py that will do a mass scan for the Heartbleed TLS heartbeat vulnerability.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 82c6e88d81229fdc66b6164151c0633d131f032bbe9893c23498032d22ddb017
Framework For Improving Critical Infrastructure Cybersecurity
Posted Feb 14, 2014
Site nist.gov

This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.

tags | paper
SHA-256 | 696de85131e12c5aeceb80b81967cf7b6a763bedd16495ecd096c382eb8c7d35
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
SHA-256 | 8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
Poor Man's Brand Monitoring
Posted Jul 7, 2013
Authored by Josh Clark | Site chimera-security.com

This document is a collection of short guides to set up your own (free) brand monitoring solution. The document is primarily aimed at security professionals but is very simple, enabling even non-technical people to follow.

tags | paper
SHA-256 | 4769fca2809576803cac3c3a5b874c0ffdeef8513cf9eec20d76edf4dbd6ef9e
HTML 5 Good Practice Guide
Posted May 16, 2013
Authored by Tim Brown | Site portcullis-security.com

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.

tags | paper
SHA-256 | e3b7da92b117e655d18a4b2e648cd4ef9db4d3e700ec2c3b40f6234edae3ba09
A Short Guide On ARM Exploitation
Posted Feb 13, 2013
Authored by Aditya Gupta, Gaurav Kumar

This document is a short guide on ARM exploitation and architecture.

tags | paper
SHA-256 | eb11c5954a8a1ffe7fe345267174615ea26305cce19dcecad07807f79430e55d
ICS / SCADA / PLC Google / Shodanhq Cheat Sheet
Posted Jan 21, 2013
Authored by Yuri Goltsev, Gleb Gritsai, Alexander Timorin, Roman Ilin | Site ptsecurity.com

This document illustrates multiple ways to identify multiple SCADA systems.

tags | paper
SHA-256 | 4a6fa6642d990c8dd6fd4923a4888e0ece61a8ec460784de6393c1c946926834
Java Applet CVE-2012-5076 Analysis
Posted Dec 3, 2012
Authored by KAIST CSRC

This document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.

tags | paper, java
advisories | CVE-2012-5076
SHA-256 | 7eeb8ee0aa1f322c9171f7d50fdfb6981bdfe07f9917cd5cb594c930fb228140
MS IE CVE-2012-4969 Analysis
Posted Oct 10, 2012
Authored by KAIST CSRC

This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.

tags | paper
advisories | CVE-2012-4969
SHA-256 | 71be4f13df3ab83a03a854c8af051074e8ab424be281df96d72b7c7300338be3
Oracle Java Applet SunToolkit.getField Method Remote Code Execution
Posted Sep 15, 2012
Authored by Minsu Kim, Hyunwoo Choi, Hyunwook Hong, Changhoon Yoon

This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.

tags | paper, java, remote, code execution
advisories | CVE-2012-4781
SHA-256 | 984b4382479c7f5ba1f0cdda3a43a567466a673b2a4732358d08f4d66b5b22cf
XMLCoreServices Vulnerability Analysis
Posted Jul 24, 2012
Authored by Minsu Kim

This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.

tags | paper
advisories | CVE-2012-1889
SHA-256 | 828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
SHA-256 | b0bd48d4dfcf7fc338169df812038a282998457c61b3f8cfb9294a669b43f80a
Page 1 of 2

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By