Hakan Yavuz

icon indicating a website link http://lodos2005.com

icon location turkey

Results 36 comments of Hakan Yavuz

Benzer işler yapan araçların farkları?

Konu senindir, istersen makaleyle ilgili gelişmeleri buraya yorum olarak girebilirsin, kendin içinde bir çalışma tablosu oluşturmuş olursun.

CAPTCHA nedir ? nasıl çalışır ? olası güvenlik zafiyetlerinin etkileri nelerdir ?

Konu senindir, istersen makaleyle ilgili gelişmeleri buraya yorum olarak girebilirsin, kendin içinde bir çalışma tablosu oluşturmuş olursun.

Add coerce_plus Module

I have updated the PR to include a method parameter. Now, users can specify -o METHOD=petitpotam to test only the PetitPotam vulnerability. As a security researcher, I want to see...

Add coerce_plus Module

> Nice addition, but it would be better to have the right name for the option imo :) > > -METHOD=petitpotam -METHOD=dfscoerce -METHOD=printerbug actually i want supports shorthand method names....

Add coerce_plus Module

@Marshall-Hallenbeck i guess its fixed.

coerce_plus cannot detect ShadowCoerce

I have two possible explanations for this issue: ### 1. Differences in `binding_params` within `coerce_plus` There are minor discrepancies between the original code and `coerce_plus`: https://github.com/Pennyw0rth/NetExec/blob/da8ef0f0fb37c1a6d73bb841b675f64d9d68b3c6/nxc/modules/coerce_plus.py#L222-L227 - In `stringBinding`, the...

New module : drop-library-ms

> Note for future me: we should probably merge all the "drop stuff on share" modules (slinky, scuffy, drop-sc, drop-library-ms) into one, similar to coerce_plus. ahaha its already on the...

coerce_plus: MS-EVEN not working

If you do not see the message “Exploit Success, eventlog\ElfrOpenBELW” when using the LISTENER parameter, [NetExec coerce_plus.py - Line 923](https://github.com/Pennyw0rth/NetExec/blob/main/nxc/modules/coerce_plus.py#L923C46-L923C83), it means the MSEven vulnerability has been fixed. if host...

SQL Injection Security Issue

unfixed code is ```php if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } DBQuery("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values ('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') ....

eventlog_creds Module

> Hey dude! > > Really nice PR! Is there a way you can retrieve the event log files without running additional execute() operation ? Hm, maybe we use even/even6,...