Exploiting Windows PC using Malicious Contact VCF file

A huge shoutout to cybersecurity researcher John Page for bringing this vulnerability into the internet’s eye on 15th January 2019. This was a 0 day exploit and of course, works with the latest Windows 10 too. It is categorized under “Insufficient UI warning remote code execution” vulnerability. Introduction: Basically what John discovered was that if we replaced […]

Exploiting Windows using Contact File HTML Injection/RCE

After the 0 day exploit on malicious VCF file in windows, cybersecurity researcher John Page deserves another round of applause for bringing this vulnerability onto exploit-db’s eye on 23rd January 2019. This vulnerability further exploits the RCE vulnerability present in VCF with HTML injections. To read the previous article follow the link here. Introduction: The idea here is […]

Windows Firewall Post Exploitation with Netsh

This article is will provide an in-depth post exploitation guide to gather all the information about the victim’sFirewall and network settings. Table of Content : Introduction to Firewall Rules of Firewall Advantages of Firewall Types of Firewall Importance of firewall Introduction to netsh How to block a TCP Port on remote PC How to block multiple TCP ports […]

Microsoft Edge Remote Code Execution

(CVE-2018-8495) Chaining a few bugs in Edge I was able to achieve remote code execution by mainly abusing custom URI schemes.(CVE-2018-8495) Xâu chuỗi một vài lỗi trong Edge Tôi có thể thực hiện mã từ xa bằng cách chủ yếu lạm dụng các lược đồ URI tùy chỉnh Launching External Applications Many of you are […]

Jenkins Pentest Lab Setup

Hey! You all know that we have performed so many CTF challenges and we got to know about Jenkins there. So let’s know about Jenkins better. For this, we are here with the new challenges which you will face while performing CTF challenges. To do it in an easier way we are here with a […]

GandCrab Ransomware decryption tool

Update February 2019: Our collaboration with the Romanian Police, Europol and other law enforcement agencies has yielded another new decryptor for all GandCrab ransomware versions released since October. If you need to decrypt versions 1, 4, 5.0.1 through 5.1, then download and run our new tool linked below. In February 2018, Bitdefender released the world’s […]

Hack the Kioptrix 5 (CTF Challenge)

Trong bài này, chúng ta sẽ tìm hiểu về cách thâm nhập Kioptrix 5, phiên bản cuối cùng trong seri khá thú vị của Kioptrix, một bài tập hay đến nỗi mà OSCP Exam Lab đưa vào trong bài test của mình Link download https://www.vulnhub.com/entry/kioptrix-2014-5,62/ Network Scanning (Nmap, netdiscover) Dò xét các công HTTP service […]

Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets

Microsoft Office files can be password-protected in order to prevent tampering and ensure data integrity. But password-protected documents from earlier versions of Office are susceptible to having their hashes extracted with a simple program called office2john. Those extracted hashes can then be cracked using John the Ripper and Hashcat. Extracting the hash from a password-protected […]

Easily Detect CVEs with Nmap Scripts

Nmap is possibly the most widely used security scanner of its kind, in part because of its appearances in films such as The Matrix Reloaded and Live Free or Die Hard. Still, most of Nmap’s best features are under-appreciated by hackers and pentesters, one of which will improve one’s abilities to quickly identify exploits and vulnerabilities when scanning servers. […]

How to Exfiltrate WPA2 Wi-Fi Passwords Using Android & PowerShell

It’s easier than you might think to hack into Wi-Fi routers using just one unrooted Android phone. This method doesn’t require brute-forcing the password, a Windows OS for converting PowerShell scripts into EXE format, a reliable VPS for intercepting hacked Wi-Fi passwords, or Metasploit for post-exploitation tricks. How This Wi-Fi Hack Works UserLAnd is a free Android app that makes it […]