Search • Page 7/10

Search the Pentest-Tools.com Blog

2FA, email scan notifications & more updates

Here are 5 platform improvements we’ve built into the current update to make Pentest-Tools.com a helpful asset for your pentesting toolstack.

Author(s)

Ioana Rijnetu

Published at: 27 Jul 2020

[New scanner] Detect vulnerable F5 BIG-IP devices with Pentest-Tools.com

Vulnerability scanners are powerful pentesting tools that help you discover critical flaws in your systems quickly and effectively. The more specific the tools, the more useful!

Author(s)

Ioana Rijnetu

Published at: 20 Jul 2020

The 17-year-old DNS vulnerability that leads to RCE in Windows

Previously on our blog, we unpacked vulnerabilities in web applications, firewalls, SMB protocols… and now we have a DNS one.

Author(s)

Cristian Cornea

Published at: 17 Jul 2020

How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)

Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.

Author(s)

Cristian Cornea

Published at: 08 Jul 2020

How to chain SMBleed and SMBGhost to get RCE in Windows 10

Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.

Author(s)

Cristian Cornea

Published at: 07 Jul 2020

New filters for Findings, Import targets with descriptions & more updates

Here are 3 platform improvements we’ve deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting tasks.

Author(s)

Ioana Rijnetu

Published at: 19 Jun 2020

How to exploit the DotNetNuke Cookie Deserialization

We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.

Author(s)

Cristian Cornea

Published at: 10 Jun 2020

[New feature] Scan internal networks with the VPN Agent

To enhance the way you scan your internal networks, we added a new way to perform this on Pentest-Tools.com. It is a lot easier and does not require any special configuration. All you need to do is run the VPN Agent and start scanning!

Author(s)

Ioana Rijnetu

Published at: 05 Jun 2020

How to exploit the PHAR Deserialization Vulnerability

At Blackhat US-18, Sam Thomas introduced a new way to exploit PHAR Deserialization Vulnerabilities in PHP. See which stream wrapper this new type of attack abuses and how it works.

Author(s)

Alexandru Postolache

Published at: 29 May 2020

Jira integration, Export results as JSON & more platform updates

Here are 4 platform updates we’ve deployed in the current update to make Pentest-Tools.com a stronger asset for your pentesting needs.

Author(s)

Ioana Rijnetu

Published at: 17 Apr 2020

How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com

For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.

Author(s)

Ioana Rijnetu

Published at: 23 Mar 2020

[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com

Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.

Author(s)

Ioana Rijnetu

Published at: 18 Mar 2020