Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new modules and payloads! Read more about UPDATE: WordPress Exploit Framework v1.6.1!
Web Application Security Archives:
I seem to have missed about two updates made to the this mass audit toolkit. My last post about the Leviathan Framework can be found here. We now have the latest - Leviathan Framework v0.1.2! Read more about UPDATE: Leviathan Framework v0.1.2!
I was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across JexBoss, which turned out to be a pretty decent open source tool. I think JexBoss is a play on Java EXploitation like a Boss wording. Read more about JexBoss: Java Deserialization Verification & EXploitation Tool!
If you remember, I had posted about this Red Teaming Hardware Implant in an earlier post. It now happens that it was updated and we now have WarBerryPi Version 5! As you remember, it is a Raspberry Pi based hardware implant allowing you to be stealthy during red teaming scenarios, exfiltrating information with speed. Read more about UPDATE: WarBerryPi Version 5!
About a month and half ago, Nmap 7.50 was released. Today, a few minutes ago - Nmap 7.60 was made available with SSH support, improved SMB2/SMB3 support by Paulino Calderon (@calderpwn), addition of 14 NSE scripts and a new Npcap version. Nmap is now the default tool to discover services running on a remotely connected system. None of us really need any introduction to this very popular “network mapper“. Read more about UPDATE: Nmap 7.60 Now Available!
This is a short post about an open source domain administrative dashboard finder - Cangibrina that is coded in Python. The name Cangibrina is Brazilian for Cachaça in local slang, which is a distilled spirit made from fermented sugarcane juice. Read more about Cangibrina: A Domain Admin Dashboard Finder!
Seems like yesterday when S2-045, the Jakarta Multipart vulnerability was being actively exploited in the wild which allowed remote attackers to execute arbitrary code. A few hours ago a new equally exploitable advisory - S2-048 was made public by the Apache foundation! This is a quick write up to see if we can test an exploit for the Apache Struts2 vulnerability and create a proof of concept code. This vulnerability has been assigned: CVE-2017-9791 Read more about Apache Struts2 Showcase Remote Code Execution! (S2-048)