2FA, email scan notifications & more updatesHere are 5 platform improvements we’ve built into the current update to make Pentest-Tools.com a helpful asset for your pentesting toolstack.Author(s)Ioana RijnetuPublished at27 Jul 2020Updated at07 Jul 2022
[New scanner] Detect vulnerable F5 BIG-IP devices with Pentest-Tools.comVulnerability scanners are powerful pentesting tools that help you discover critical flaws in your systems quickly and effectively. The more specific the tools, the more useful!Author(s)Ioana RijnetuPublished at20 Jul 2020Updated at07 Jul 2022
The 17-year-old DNS vulnerability that leads to RCE in WindowsPreviously on our blog, we unpacked vulnerabilities in web applications, firewalls, SMB protocols… and now we have a DNS one.Author(s)Cristian CorneaPublished at17 Jul 2020Updated at17 Jul 2023
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.Author(s)Cristian CorneaPublished at08 Jul 2020Updated at13 Apr 2023
How to chain SMBleed and SMBGhost to get RCE in Windows 10Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.Author(s)Cristian CorneaPublished at07 Jul 2020Updated at13 Apr 2023
New filters for Findings, Import targets with descriptions & more updatesHere are 3 platform improvements we’ve deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting tasks.Author(s)Ioana RijnetuPublished at19 Jun 2020Updated at07 Jul 2022
How to exploit the DotNetNuke Cookie DeserializationWe looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.Author(s)Cristian CorneaPublished at10 Jun 2020Updated at13 Apr 2023
[New feature] Scan internal networks with the VPN AgentTo enhance the way you scan your internal networks, we added a new way to perform this on Pentest-Tools.com. It is a lot easier and does not require any special configuration. All you need to do is run the VPN Agent and start scanning!Author(s)Ioana RijnetuPublished at05 Jun 2020Updated at26 Jul 2022
How to exploit the PHAR Deserialization VulnerabilityAt Blackhat US-18, Sam Thomas introduced a new way to exploit PHAR Deserialization Vulnerabilities in PHP. See which stream wrapper this new type of attack abuses and how it works.Author(s)Alexandru PostolachePublished at29 May 2020Updated at13 Apr 2023
Jira integration, Export results as JSON & more platform updatesHere are 4 platform updates we’ve deployed in the current update to make Pentest-Tools.com a stronger asset for your pentesting needs.Author(s)Ioana RijnetuPublished at17 Apr 2020Updated at18 Jul 2023
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.comFor the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.Author(s)Ioana RijnetuPublished at23 Mar 2020Updated at13 Apr 2023
[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.comVulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.Author(s)Ioana RijnetuPublished at18 Mar 2020Updated at19 May 2023