Category: blacktrack

Joomscan updated – now can identify 673 joomla vulnerabilities

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities


Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Read More

PwnStar latest version with new Exploits released

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

Changes and New Features

  • “hotspot_3″ is a simple phishing web page, used with basic menu option 4.
  • “portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
  • “portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
  • “portal_pdf” forces the client to download a malicious pdf in order to pass through the portal

Updated feature list: Read More

Web-sorrow v1.4.7B Released

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. Web-Sorrow is a “safe to run” program. meaning it is not designed attempt to exploit or preform any kind of injection, DDoS/DoS, CSRF, XSS, or any harmful attacks. It’s entirely focused on Enumeration and collecting Info on the target server.

Basic overview of capabilities:
  1. Web Services: a CMS and it’s version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints
  2. Authentication areas: logins, admin logins, email webapps
  3. Bruteforce: Subdomains, Files and Directories
  4. Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host
  5. AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities) Read More

HOWTO : Back|Track 5 r3 on Gigabyte TouchNote T1028X/M1028

Gigabyte TouchNote T1028X/M1028 equipped with Intel Atom N280 and eGalax touch screen. It runs Back|Track 5 r3 flawlessly except touchpad. This tutorial is telling you how to overcome this problem.

The kernel version of Back|Track 5 r3 is 3.2.6 and the touch screen is functioning flawlessly.

Touchscreen Hardware

lsusb” shows the following :

Bus 005 Device 002: ID 0eef:0001 D-WAV Scientific Co., Ltd eGalax TouchScreen

Step 1 :

Boot up the 32-bit version of Back|Track 5 r3 USB stick which is created by Unetbootin or DVD-ROM. On the menu screen, press “Tab” and append the following to the end of the line.

i8042.noloop=1 reboot=b

Then install as usual and then reboot. Read More

Social Engineer Toolkit 4.0 Released

Social Engineer Toolkit or SET updated to V4.0 . The latest version code named is “Balls of Steel.” The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.

It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.
In New version the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. Additionally, all of the payloads have been heavily encrypted with a number of heavy anti-debugging tools.The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). Read More