The home Trojan-banker known as Shylock has just been updated with new functions. According to the CSIS Security Group, during an investigation, researchers found that Shylock is now capable of spreading using the popular Voice over IP service and software application, Skype. The program was discovered in 2011 that steals online banking credentials and other […]
Continue ReadingA new Distributed Denial of Service (DDoS) crimeware bot known as “Zemra” and detected by Symantec as Backdoor.Zemra. Lately, this threat has been observed performing denial-of-service attacks against organizations with the purpose of extortion. Zemra first appeared on underground forums in May 2012 at a cost of €100. This crimeware pack is similar to other […]
Continue ReadingtheHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported are: – Google – emails,subdomains/hostnames – […]
Continue ReadingPatator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: ftp_login : Brute-force FTP ssh_login : Brute-force SSH telnet_login : Brute-force Telnet smtp_login : Brute-force SMTP smtp_vrfy : Enumerate valid users using the SMTP VRFY command smtp_rcpt : Enumerate valid users using the SMTP RCPT TO […]
Continue ReadingThis script uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping. Syntax: perl mysql5enum.pl -h [hostname] -u [url] [-q [query]] Example: perl mysql5enum.pl -h www.target.tld -u http://www.target.tld/vuln.ext?input=24 -q “select system_user()” Description: – By default, this script will first determine username, version and database name before enumerating the information_schema information. – When the -q […]
Continue ReadingReaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover […]
Continue Reading