Re: [Full-disclosure] Ip address and mac address hardcoded
it could be the default config after reset to factory default El 16/11/2013 15:10, escribió: > Hi all, > > I've been doing some investigation, and I come acrosss an ip address and > a mac address hardcoded in some libraries of a firmware for a vendor. Why > should it be there this kind of hardcode? > > MRA > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Using QR tags to Attack SmartPhones (Attaging)
I'd like to share this paper with all. English version http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones_10.html Version en español http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones.html Thanks to all ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Passive PenTesting
http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Main_Page 2010/12/3 Robin : > Mak, > > Network Miner is a Windows tool that can pull a lot of information from > pcap files. It gives you a list of hosts, known information about them > (open ports, OS, etc), and also extracts files and text from the capture. > > http://networkminer.sourceforge.net/ > > ~Robin >> Hi All, >> I was wondering if there is any free tool available to do >> penetrationtesting/banner grabbing from the packet capture file. >> Thanks >> MAK >> >> >> This list is sponsored by: Information Assurance Certification Review Board >> >> Prove to peers and potential employers without a doubt that you can actually >> do a proper penetration test. IACRB CPT and CEPT certs require a full >> practical examination in order to become certified. >> >> http://www.iacertification.org >> >> >> >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LFIMAP
Problem fixed. Thanks 2010/12/1 netinfinity : > I had to use hex editor to extract test.dat and lfimap-1.4.py. > > > > > On Wed, Dec 1, 2010 at 9:07 PM, netinfinity > wrote: >> >> And your archives sucks also. Please use standard ones. >> >> On Wed, Dec 1, 2010 at 12:44 PM, Augusto Pereyra >> wrote: >>> >>> Hi i'd like to share with the community this tool developed by me. >>> This tool is very usefull when you find some site with the >>> vulnerability called local file include. >>> This is a list of functionalities of the tool: >>> >>> Can find automatically the root of the file system. >>> Detect default files outside of the web folder >>> It will try detect passwords inside the files >>> Support basic authentication >>> Can use null byte to bypass some controls >>> Write a report of the scan to a file >>> >>> The tool can be downloaded from: >>> http://code.google.com/p/lfimap/downloads/list >>> >>> Please download the last version >>> >>> My English sucks, sorry >>> Thanks to www.artsweb.com.ar >>> Best regard >>> Augusto Pereyra >>> >>> >>> This list is sponsored by: Information Assurance Certification Review >>> Board >>> >>> Prove to peers and potential employers without a doubt that you can >>> actually do a proper penetration test. IACRB CPT and CEPT certs require a >>> full practical examination in order to become certified. >>> >>> http://www.iacertification.org >>> >>> >> >> >> >> -- >> www.google.com > > > > -- > www.google.com > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] LFImap
Hi i'd like to share with the community this tool developed by me. This tool is very usefull when you find some site with the vulnerability called local file include. This is a list of functionalities of the tool: Can find automatically the root of the file system. Detect default files outside of the web folder It will try detect passwords inside the files Support basic authentication Can use null byte to bypass some controls Write a report of the scan to a file Support proxy The tool can be downloaded from: http://code.google.com/p/lfimap/downloads/list Please download the last version My English sucks, sorry Thanks to www.artsweb.com.ar Augusto Pereyra ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
I think this service is fake. To make some portal like this only you need a php form with the following fields: Account to Hack, Account to send password Some client fill this form and three days later the server send a spoofed mail acting like they have the password of the account requested in previous form. When the client put his fait in this kind of cheat pay the cash and maybe some kind of trash is sended to his account. When the client in cheated is too late. Now the owners of the site have his 20 buck. I was tested it and the mail doesn't become from yahoo server. The mail become from bebobox.com My english sucks! Sorry On Mon, Sep 14, 2009 at 7:43 PM, maxigas wrote: > From: mamo > Subject: Re: [Full-disclosure] Hack-Mail.net or similar site > Date: Mon, 14 Sep 2009 23:20:24 +0200 > >> On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer wrote: >>> >>> So, in other words, they're spoofing From addresses for profit. Clever. >> >> I never tried them. I will just for fun (with my email address). >> Perhaps they are doing something more smart (like brute forcing with >> dictionary, use some virus or web attack or something else). >> >> Mamo > > tell us how it went, my guess was also that they are just setting that from= > address and that's > it, so you don't get a working password after all. but i have no 20$ to test > it. :f > > maxigas > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/