«
Expand/Collapse
64 items tagged "domain"
Related tags:
domain admin [+],
flaw [+],
domain account [+],
full disclosure [+],
cross [+],
emc [+],
adobe download manager [+],
webkit [+],
valid domain [+],
urlcrazy [+],
unix domain socket [+],
unix [+],
typo generator [+],
typo [+],
tool [+],
shop [+],
protocol [+],
nos [+],
microsoft [+],
local privilege escalation [+],
freebsd unix [+],
freebsd [+],
downloader [+],
domain validation [+],
domain shop [+],
domain issues [+],
common misspellings [+],
android [+],
admins [+],
validation [+],
txt [+],
target domain [+],
real [+],
read [+],
name [+],
microsystems ltd [+],
idefense security advisory [+],
hacking [+],
google [+],
domain names [+],
domain administrators [+],
domain administrator [+],
cross site scripting [+],
baidu [+],
avamar [+],
autostart [+],
adobe [+],
administrivia [+],
Tools [+],
Pentesting [+],
zdi [+],
windows [+],
verkaufs [+],
username [+],
traget [+],
top level domain [+],
top [+],
terminal services [+],
target host [+],
target [+],
sues [+],
subdomains [+],
shop index [+],
rpcclient [+],
registrar [+],
privileges [+],
phppool [+],
penetration testers [+],
null sessions [+],
null [+],
ncrack [+],
nbsp [+],
multiple buffer overflow [+],
media domain [+],
mayhem [+],
maximum number [+],
level [+],
lawsuit [+],
ipv [+],
index [+],
hacker attack [+],
goofile [+],
gain [+],
filetype [+],
file [+],
explosion [+],
dril [+],
domain tool [+],
domain registrar [+],
domain name server [+],
dnssec [+],
darknet [+],
d test [+],
cvv [+],
code execution [+],
check domain [+],
cain [+],
buffer overflow vulnerabilities [+],
brute force [+],
bing api [+],
Newbie [+],
Area [+],
security extensions [+],
security [+],
opendnssec [+],
domain name system security [+],
domain name system [+],
vulnerability [+]
-
-
14:59
»
Packet Storm Security Recent Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
14:59
»
Packet Storm Security Misc. Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
-
5:00
»
Carnal0wnage
Post [5] Honorable Mention: Null Sessions
Null sessions are old school. they used to be useful for pretty much every host in a domain. Unfortunately, I very rarely run into an environment where all workstations let you connect anonymously AND get data.
Where they can come in useful is
- Against mis-configured servers
- Against domain controllers to pull info
Low? actually a medium...
More than once I've had a PT where a master_browser was exposed to the Internet. We were able to connect to the server using
rpcclient and enumerate users. After that we had a full list of the users in the domain to conduct external brute forcing attacks with.
If you like pretty pictures, it kinda looks like this, there are command line utilities as well...
Cain uses null sessions by default to try to pull information. On modern systems this will fail.
But domain controllers/
master_browsers do allow this, so if you find yourself in the position to be able to speak with one you can a list of users for the domain
You can then take that list of users and do brute force attacks against various services. I rarely don't find at least one username/username in an environment.
-
-
19:49
»
Packet Storm Security Recent Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
19:49
»
Packet Storm Security Tools
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
19:49
»
Packet Storm Security Misc. Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
-
21:03
»
Packet Storm Security Recent Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
21:03
»
Packet Storm Security Tools
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
21:03
»
Packet Storm Security Misc. Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
-
16:34
»
Packet Storm Security Recent Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
16:34
»
Packet Storm Security Tools
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
16:34
»
Packet Storm Security Misc. Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
-
12:23
»
Packet Storm Security Recent Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
12:23
»
Packet Storm Security Tools
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
12:23
»
Packet Storm Security Misc. Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
-
4:11
»
Carnal0wnage
little post on using ncrack to brute/check domain creds
user@ubuntu:~/pentest/msf3$ ncrack 192.168.1.52:3389,CL=2 --user=username@domain --pass=myl33tpassword -vvv -d7
Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-09-29 14:48 PDT
rdp://192.168.1.52:3389 Account credentials are valid, however, the maximum number of terminal services connections has been reached.
Discovered credentials on rdp://192.168.1.52:3389 'username@domain' 'myl33tpassword'
rdp://192.168.1.52:3389 (EID 1) Attempts: total 1 completed 1 supported 1 --- rate 0.90
rdp://192.168.1.52:3389 finished.
-
-
11:49
»
Packet Storm Security Recent Files
URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
-
11:49
»
Packet Storm Security Tools
URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
-
11:49
»
Packet Storm Security Misc. Files
URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
-
-
13:22
»
Packet Storm Security Recent Files
EMC Avamar software contains a potential privilege enforcement bypass vulnerability. This could allow a domain administrator or operator to restore data from and/or to clients in another domain to which the administrator or operator is not intended to have access rights. This flaw may also allow domain administrators or operators to view information about backup, restore and replication activities associated within another domain. Versions 4.x, 5.0.x, and 6.0.x are affected.
-
13:22
»
Packet Storm Security Misc. Files
EMC Avamar software contains a potential privilege enforcement bypass vulnerability. This could allow a domain administrator or operator to restore data from and/or to clients in another domain to which the administrator or operator is not intended to have access rights. This flaw may also allow domain administrators or operators to view information about backup, restore and replication activities associated within another domain. Versions 4.x, 5.0.x, and 6.0.x are affected.
-
-
11:22
»
Packet Storm Security Recent Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
11:22
»
Packet Storm Security Tools
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
11:22
»
Packet Storm Security Misc. Files
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
-
-
12:00
»
SecurityFocus Vulnerabilities
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
-
12:00
»
SecurityFocus Vulnerabilities
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
-
12:00
»
SecurityFocus Vulnerabilities
Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privilegesand Login as Cached Domain Admin Accounts (2010-M$-002)
-
11:01
»
SecurityFocus Vulnerabilities
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
-
11:01
»
SecurityFocus Vulnerabilities
RE: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
-
11:01
»
SecurityFocus Vulnerabilities
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
-
11:01
»
SecurityFocus Vulnerabilities
RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllowsLocal Workstation Admins to Temporarily EscalatePrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002)
-
-
11:04
»
SecurityFocus Vulnerabilities
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
-
-
6:31
»
remote-exploit & backtrack
hi all;
i would like to ask about an automated tool that could list all subdomains for a target domain and not duplicate results :confused:
example:.edu.*
i tried goorecon but it displayed only 60 subdomains while i found manually through google 200 subdomains :rolleyes:
-
6:21
»
remote-exploit & backtrack
HI all;
i need help. i am searching a tool that could list all subdomains for a target domain :confused: ex : .edu.* , i would like to collect all subdomains of this target for example i tried goorecon but it result only 60 subdomains for my target :rolleyes: at the other hand when searching manually through google i found 200 subdomains
-
12:00
»
Packet Storm Security Advisories
getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
-
-
0:00
»
Packet Storm Security Recent Files
iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.
-
-
23:00
»
Packet Storm Security Advisories
iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution
