Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Tor Browser 7.0.8 Information Disclosure

      Recommended Posts

      This write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What IS Moriarty?
              Advanced Information Gathering And Osint Tool
              Moriarty is a tool that tries to find good information about the phone number that you provieded;
          ->Tries To Find Owner Of The Number
          ->Tries To Find Risk Level Of The Number
          ->Tries To Find Location,Time Zone Of The Number,Carrier
          ->Tries To Find Social Media Platforms That The Number Is Registered
          ->Tries To Find Links About Phone Number
          ->Tries To Find Comments About Phone Number
          ->Sends Sms To Phone Number With Amazon Aws

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.     The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile
          The information includes:
              [ profile ] : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined Recently, etc
              [ tags & mentions ] : most used hashtags and mentioned accounts
              [ email ] : if any email is used any where it'll be displayed
              [ posts ] : accessability caption, location, timestamp, caption, picture url, etc
                  ( yet not working correctly with posts instagram marks as 'sensitive cotent' )

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in waybackmachine.
          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exist and accessible
              Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
               Search S3 buckets in source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.5.9
              Start: Code optimization Update: Change changelog.md + Readme.md

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. An engine to make Tor network your default gateway
          Summary
          The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking groups, criminal activities and even ordinary users who care about their privacy in the digital world.
          Nipe is an engine, developed in Perl, that aims on making the Tor network your default network gateway. Nipe can route the traffic from your machine to the Internet through Tor network, so you can surf the Internet having a more formidable stance on privacy and anonymity in cyberspace.
          Currently, only IPv4 is supported by Nipe, but we are working on a solution that adds IPv6 support. Also, only traffic other than DNS requests destined for local and/or loopback addresses is not trafficked through Tor. All non-local UDP/ICMP traffic is also blocked by the Tor project.

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. The all-in-one Red Team browser extension for Web Pentesters
          HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more.
          Current functions:
              Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
              Shell Spawning (TTY Shell Spawning)
              XSS Payloads
              Basic SQLi payloads
              Local file inclusion payloads (LFI)
              Base64 Encoder / Decoder
              Hash Generator (MD5, SHA1, SHA256, SHA512)
              Useful Linux commands (Port Forwarding, SUID)
          Changelog v0.2.1
              Adding SM3 hash support! 👍
              Adding new RSS Feeds from CXSECURITY ✅
              New button for the fullscreen mode 👀

          Hidden Content
          Give reaction to this post to see the hidden content.