Monday, January 12, 2015

Introducing Kali Linux NetHunter and NetHunter supported devices

Read full details here: Introducing Kali Linux NetHunter and NetHunter supported devices


NetHunter is an Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

As an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. One way to achieve this trust is by having full transparency and familiarity with the code you are running. You are free to read, investigate, and change NetHunter protects build scripts for the NetHunter images. All of this goodness from the house of Offensive Security and developers of Kali Linux!





Read the rest of it here: Introducing Kali Linux NetHunter and NetHunter supported devices

Thursday, January 8, 2015

Denial of Service Attack Proof of Concept PHP Exploit for WordPress DoS Attack - CVE-2014-9034

Read full details here: Denial of Service Attack Proof of Concept PHP Exploit for <=4.0 WordPress DoS Attack - CVE-2014-9034

Proof of Concept PHP exploit for WordPress DoS Attack CVE-2014-9034 worked like a charm on my own WordPress website. Surprisingly, CVE-2014-9034 was published for sometime and it seems WordPress still hasn't fixed this issue. I will explain how to use this Proof of Concept tool and test your own WordPress website for vulnerabilities.

WordPress DoS Attack - CVE-2014-9034

Credit for WordPress DoS Attack (Denial of Service Proof of Concept PHP Exploit CVE-2014-9034: WordPress <=4.0) goes to John from http://secureli.com. I will explain how to use this Proof of Concept tool and test your own WordPress website for vulnerability.

Searching exploit using searchspoit

How many of you used searchsploit in Kali Linux? It's a nice tool that updates and downloads exploits often. I use it quite extensively along with MetaSploit.
Use searchsploit to search specific exploits. You can use it like this:
root@kali:~# searchsploit wordpress denial
---------------------------------------------|---------------------------------- 
 Description                                 |  Path
---------------------------------------------|----------------------------------
WordPress <=4.0 Denial of Service Exploit    | /php/webapps/35413.php
Wordpress < 4.0.1 - Denial of Service        | /php/webapps/35414.txt
---------------------------------------------|----------------------------------
root@kali:~#





Read the rest of it here: Denial of Service Attack Proof of Concept PHP Exploit for <=4.0 WordPress DoS Attack - CVE-2014-9034