Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Microsoft Baseline Security Analyzer 2.3 XML Injection

      Recommended Posts

      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in the waybackmachine.
          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exists and is accessible
              Automatic threads depending on the response to a website (and reconfig if WAF is detected too many times). Max: 30
              Search S3 buckets in the source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.9.5
              Fixed: A pass on the source code, more speedy

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs.
          HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new or previously unknown malware – but it also makes no distinction between safe and unsafe items. Users are expected to research all scanned items, and only remove items from their PC when absolutely appropriate.
          Therefore, FALSE POSITIVES ARE LIKELY. If you are ever unsure, you should consult with a knowledgeable expert BEFORE deleting anything.
          Features
              Lists non-default settings in the registry, hard drive and memory related to autostart
              Generates organized, easily readable reports
              Does not use a database of specific malware, adware, etc
              Detects potential methods used by hijackers
              Can be configured to automatically scan at system boot up
          Advantages
              Short logs
              Fast scans
              No need to manually create fixing scripts
              No need for Internet access or recurring database updates
              Already familiar to many people
              Portable
          New in version 3
              Detects several new hijacking methods
              Fully supports new Windows versions
              New and updated supplementary tools
              Improved interface, security, and backups
          HiJackThis also comes with several useful tools for manually removing malware from a computer:
              StartupList 2 (*new*)
              Process Manager
              Uninstall manager
              Hosts file manager
              Alternative Data Spy
              Delete file/service staff
              Digital Signature Checker (*new*)
              Registry key unlocker (*new*)
              Check Browsers’ LNK & ClearLNK (as downloadable component) (*new*)
          Log analysis
          IMPORTANT: HiJackThis Fork does not make value-based calls on what is considered good or bad. You must exercise caution when using this tool. Avoid making changes to your computer settings without thoroughly studying the consequences of each change.
          Changelog v2.10.0.10
              – Added detection of Windows 11, Windows Server 2016, Windows Server 2022.
              – Added DisplayVersion in addition to ReleseId where possible.
              – O22 – Tasks: whitelists are updated.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. ghacks user.js
          The ghacks user.js is a template that aims to provide as much privacy and enhanced security as possible and to reduce tracking and fingerprinting as much as possible – while minimizing any loss of functionality and breakage (but it will happen).
          A user.js which resides in the root directory of a profile is used to set preferences for that profile when Firefox starts. Preferences are settings that control Firefox’s behavior. Some can be set from the Options interface and all can be found in about:config, except for what is called hidden preferences which will only show when they are set by the user.
          That’s a bit to digest, so here is a pretty picture showing a preference with the same value as status user set/modified and default. In about:config’s search box, you can use wildcards (e.g network*policy) to save time typing, and it is case insensitive.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Like many Security Plugins, SecuPress has a bunch of awesome features. But it’s not only about features, it’s also about performance, loading speed, memory usage. And less technically the confort of using a well done plugin with a beautiful user interface and an great user experience counts. Then, we have in mind to secure a large number of websites, you can be part of this. The most important for us is that you have a secured website, using SecuPress or not.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in the waybackmachine.
          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exists and is accessible
              Automatic threads depending on the response to a website (and reconfig if WAF is detected too many times). Max: 30
              Search S3 buckets in the source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.9.3 beta
              Updated: New banner
              Fixed: Multiple websites with a file which contains url

          Hidden Content
          Give reaction to this post to see the hidden content.