hash_parser

This is a hash parser that will export a rc file compatible with Metasploit. This is useful when compromising a seperate domain and want to see if any of the credentials work on another domain or other systems.

The first input is the filename that contains the hashes ex: Admin:500:LM:NTLM. The second input is the remote IP address you want to use smb_logins on to validate if the creds work. The third is the domain to attempt this on, leave this blank for workgroup

Download How to Get hash_parser
Option 1
To download hash_parser, type the following command in Linux:
Copied
Options 2
View on Git
help How to Get Help with hash_parser

For bug reports or enhancements, please open an issue on this project’s github page.

What Spring Data can teach us about API misconfiguration

A security researcher (Joel Noguera @niemand_sec) discovered a ‘critical’ misconfiguration bug in Spring Data’s Application Level Profile Semantics (ALPS). This bug allows unauthenticated users to perform an Application Programming Interface (API) request, which responds with sensitive user data that can be utilized, manipulated, or even deleted. What is ALPS? “ALPS [is] a data format for defining...
Read More