Feb 16, 2011
Feb 8, 2011
XSS Shell Zombie Manager
XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by "XSS-Proxy - http://xss-proxy.sourceforge.net/". Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page.
You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.
You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.
# ITS ©
# 2009 - 2011
Jan 11, 2011
Metasploit and VNC Password Bruteforcing
You probably missed it but jduck recently snuck in a VNC mixin and vnc_login module to the trunk.
This is awesome because before that I had to use Immunity's VAAseline to do VNC bruteforcing. But now you can just use vnc_login.
So the scenario is you find yourself on the other end of a VNC server.
Its tedious to password guess like this
Instead let's use the metasploit module
and throw a dictionary attack against the VNC server
Looks like the VNC no auth module had been ported and stuck in there too :-)
# ITS ©
# 2009 - 2011
This is awesome because before that I had to use Immunity's VAAseline to do VNC bruteforcing. But now you can just use vnc_login.
So the scenario is you find yourself on the other end of a VNC server.
Its tedious to password guess like this
Instead let's use the metasploit module
and throw a dictionary attack against the VNC server
Looks like the VNC no auth module had been ported and stuck in there too :-)
# 2009 - 2011
Subscribe to:
Posts (Atom)