ClsHack:Computer Security Blog    

[How-to]HULK:Web Server DoS Tool

Thursday, May 17th, 2012

HULK , as many other tools to make dos attacks allows to make a web site inaccessible.
HULK è opensource e scritto in python :D

What does HULK ?

HULK, is to generate Unique requests for each and every request generated, thus avoiding/bypassing caching engines and effecting directly on the server’s load itself.

So do we say bypassing the cache commits in the server resource allocation.
(more…)

Posted in Articles on GNU/Linux, GNU/Linux, Hacking, Programming, Software | No Comments »

MS12-020 && Metasploit: Windows <= 8 Remote Dos

Wednesday, March 21st, 2012

It’ released by metasploit the much discussed bug microsoft RDP weblog: MS12-020.
For now it is only a remote dos.
The original author of this exploit is Luigi Auriemma.
Description exploits:

This module exploits the MS12-002 RDP vulnerability originally discovered and reported by Luigi Auriemma.
The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result
an invalid pointer being used, therefore causing a denial-of-service condition.

(more…)

Posted in Hacking | No Comments »

[CVE-2012-0754] Metasploit && Flash Player <11.1.102.55 Remote code Execution

Thursday, March 8th, 2012

New security flaw for Adobe Flash Player less than or equal to the whisker version 11.1.102.55 .

The following versions are not vulnerable:

Adobe Flash Player 11.1.115.6
Adobe Flash Player 11.1.111.6
Adobe Flash Player 11.1.102.62

(more…)

Posted in Hacking, Software, Windows | 2 Comments »

[CVE-2011-2140 && Metasploit]Remote code Execution Flash Player

Friday, February 10th, 2012

New module added to metasploit :D that exploits bugs in a further Flash Player.

Vulnerability indicated by the CVE-2011-2140, Here are the details:

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.

Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

Let's see how to use Metasploit :D
(more…)

Posted in GNU/Linux, Hacking, Software | 36 Comments »

[XSS]Reflected Cross Site Scripting vulnerability in wordpress 3.3

Tuesday, January 3rd, 2012

New bugs for wordpress, 2 “Indian Security Experts” have found a Reflected Cross Site Scripting vulnerability in the latest version of wordpress 3.3 :P

The problem is to write the same comment twice ;)
Vulnerability exploit the comment feature of WordPress Blog. Following two Steps mentioned in Exploit.
(more…)

Posted in Hacking | 4 Comments »

« Previous Entries