0days – Page 3

Chaos Computer Club breaks Apple TouchID

September 22, 2013September 22, 2013 admin No Comments

0days, cracking

Using a technique he outlined over 10 years ago, starbug from CCC has broken the biometric lock on the new iPhone. Source: ccc.de

Plesk Apache 0day by KingCope

June 5, 2013 admin No Comments

0days

KingCope’s 0day perl scripts for Parallels Plesk :: pleskwwwzeroday :: Affected and tested: Plesk 9.5.4 — remote PHP Code Execution

WCE v1.4beta x32/x64/universal has been released.

May 31, 2013September 22, 2013 admin No Comments

0days, cracking

Download links: wce_v1_4beta_universal.zip wce_v1_4beta_x64.zip wce_v1_4beta_x32.zip Changelog: version 1.4beta: May 30, 2013 * Several Bug Fixes * Windows 8 support * “Universal Binary” (single executable with both versions. Detects at runtime if it is running on a 32 bit or 64 bit version of Windows, dumps the appropriate version of WCE and executes it)

MySQL, FreeSSHD , FreeFTPD 0days

December 1, 2012December 1, 2012 admin No Comments

0days

Kingcope was busy today dropping some new 0days for MySQL, FreeSSHD, & FreeFTPD check em out MySQL 5.1/5.5 WiNDOWS REMOTE R00T MySQL Windows Remote System Level Exploit (Stuxnet technique) MySQL (Linux) Database Privilege Elevation MySQL (Linux) Heap Based Overrun FreeSSHD Remote Authentication Bypass FreeFTPD Remote Authentication Bypass

x64 Sysret Vulnerability POC

August 26, 2012August 26, 2012 admin 1 Comment

0days

@ponez released his POC code for the MS12-042 flaw on his website You can snag the POC source and exe ::HERE::

RDP Nuke

March 21, 2012March 21, 2012 admin 3 Comments

0days, Our Tools

Just a little tool that will BSOD a machine vulnerable to MS12-020. Tested on XP sp3 & Win2k3 Sp2. Download ::HERE::

New Startup Method?

June 27, 2011June 27, 2011 admin No Comments

0days, sploits

Nick Harbour wrote on his blog about new spyware using fxsst.dll which is present on the system when the system is running as a Fax server. Seems the explorer.exe automatically loads the dll when logging on. Mubix decided to test this out with a .dll generated in Metasploit and it worked every time on his … Read More “New Startup Method?” »

bitcoin_jacker.rb

June 20, 2011June 20, 2011 admin No Comments

0days, Our Tools

Just submitted my first attempt to write something for Metasploit @ dev.metasploit.com. It jacks victim’s bitcoin wallets on windows boxes and sends them back to attacker on meterpreter. saves wallet in your loot folder, on windows it would be %userprofile%\.msf3\loot on nix it would be /root/.msf3/loot

Hidden Comcast Modem User

February 7, 2011February 7, 2011 illwill No Comments

0days

Seems Comcast has a hidden admin user account on their business class modems other than the usual user:cusadmin-pw:highspeed. You can log in locally using the username mso and password: D0nt4g3tme . Furthermore you can also use Cross Site Request Forgery in iframes to set the modem to open up its remote admin ports to all … Read More “Hidden Comcast Modem User” »

Stuxnet exploit code released

January 13, 2011January 13, 2011 illwill No Comments

0days

Used by Stuxnet to escalate privs in win2k and XP Explanation of the code ::here:: and source code ::here::