MS10-070 ASP.NET Padding Oracle Attack to download web.config or other files
You can find it here: http://www.ampliasecurity.com/research/aspx_po_chotext_attack.rb A proof-of-concept attack against MS10-070, this PoC is an implementation in Ruby of a Padding Oracle attack...
View ArticleMS10-070 ASP.NET Padding Oracle attack PoC exploit video
Yesterday, Agustin Azubel from Amplia Security released a proof-of-concept exploit implementing a Padding Oracle attack against ASP.NET (MS10-070) that allows an attacker to download a file from the...
View ArticleMS10-070 ASP.NET Auto-Decryptor File Download PoC exploit
This is another exploit part of the MS10-070 saga :)It is not the same as our other previously released exploit, this one uses another information leak. On average, this exploit should allow you to do...
View ArticleContributing author of Hacking Exposed Web Applications 3rd. Edition
Shamless plug alert!Hacking Exposed Web Applications 3rd. Edition is out! and I'm a contributing author! Check it out!...
View ArticleClik here to view.
WCE v1.1 is out!
WCE v1.1 is out!http://www.ampliasecurity.com/research/wce_v1_1.tgzREADME:Windows Credentials Editor v1.1 (c) 2010, 2011 Amplia Security, Hernan Ochoa written by: hernan@ampliasecurity.com...
View ArticleRootedCON 2011 "WCE Internals" presentation available at slideshare
Check out my presentation on "WCE Internals" (based on WCEv1.1) available at slideshare (posted by RootedCON):http://www.slideshare.net/rootedcon/hernan-ochoa-wce-internals-rootedcon-2011I'll publish...
View ArticleWindows Credentials Editor (WCE) v1.2 released
Windows Credentials Editor v1.2New features in this version:-g Generate LM & NT Hash. Parameters: <password>.-K Dump Kerberos tickets to file (unix...
View ArticleWindows Credentials Editor (WCE) FAQ released
I find myself answering a lot of questions about WCE and related matters all the time; for this reason I decided to create a WCE FAQ to try to provide a centralized source of information and answers to...
View Article"Post-Exploitation with WCE" Presentation
This presentation describes the techniques WCE brings to penetration testers and how these can be used in different scenarios. Although originally targeted to college students studying information...
View ArticleWCE v1.2 64-bit version released
You can find the 64-bit version of WCE v1.2 hereAs always, all feedback is welcome, email me.Thank you!
View ArticleWCE v1.21 64-bit version released
I just released WCE v1.21 64bit. This is a minor release, only for the x64 version of WCE.It fixes some minor issues with the tool when run on Windows Server 2008.You can download it here. If you have...
View ArticleWCE v1.3beta 32bit released
WCE v1.3beta 32bit released. You can download it here. Changelog for Windows Credentials Editor (WCE) 32-bit versionversion 1.3beta:March 8, 2012 Bug fixesExtended support to obtain NTLM hashes without...
View ArticleWCE v1.3beta 64bit released
WCE v1.3beta 64bit released. You can download it here. The same functionality recently added to the 32bit version was added to the 64bit version.
View ArticleExploiting Apache Struts ExceptionDelegator Vulnerability (CVE-2012-0391)
via @ampliasecurity: This week in videos: Exploiting Apache Struts ExceptionDelegator Vulnerability (CVE-2012-0391) http://youtu.be/YGCSJEZ7kPk?hd=1
View ArticleExploiting MySQL Authentication Bypass Vulnerability (CVE-2012-2122)
via @ampliasecurity: This week in videos: Exploiting MySQL Authentication Bypass Vulnerability (CVE-2012-2122) http://youtu.be/Mg5iUjOpusE?hd=1Exploitation of this critical vulnerability is trivial and...
View ArticleJava 0-Day Vulnerability Exploit Demo (CVE-2012-4681)
This is a demo of the Java 0-Day Vulnerability made public on 08-26-2012 (now CVE-2012-4681): http://youtu.be/HO4yO7_5sEc?hd=1 (watch in HD) This vulnerability was found being exploited in the wild and...
View ArticleNew addition to the WCE FAQ: "How can I prevent WCE dumping my logon password...
New addition to the WCE FAQ: "How can I prevent WCE dumping my logon password in cleartext?" http://www.ampliasecurity.com/research/wcefaq.html#preventcleartextpwddump
View ArticleJava 7 Update 10 0-Day RCE Exploit Demo (CVE-2013-0422)
This is a demo of the Java 7 Update 10 0-Day Vulnerability made public on 01-10-2013 (CVE-2013-0422). Java 7 Update 10 0-Day RCE Exploit Demo (CVE-2013-0422)Exploit made public by...
View ArticleWCE v1.4beta released
WCE v1.4beta released. Includes several bug fixes and support for Windows 8.32bit version available at http://www.ampliasecurity.com/research/wce_v1_4beta_x32.zip64bit version available at...
View ArticleWCE v1.41beta released (minor release)
WCE 1.41beta released. This is a minor release. Universal binary: http://www.ampliasecurity.com/research/wce_v1_41beta_universal.zip32bit:...
View ArticleWCE v1.42beta released (32bit)
WCE v1.42beta released (32bit). This is a minor release.New in this version: bug fixes and improved support for unicode cleartext passwords. http://www.ampliasecurity.com/research/wce_v1_42beta_x32.zip
View ArticleWCE v1.42beta released (64bit)
WCE v1.42beta released (64bit)New in this version: improved support for unicode passwords, improved "safe mode" no code injection.http://www.ampliasecurity.com/research/wce_v1_42beta_x64.zip
View ArticleCVE-2014-6271: Exploiting Bash Remote Code Execution Vulnerability
Checkout ampliasecurity's exploit for the CVE-2014-6271 Bash Remote Code Execution Vulnerability against a simple #!/bin/bash CGI script running on Apache.(CVE-2014-6271) Exploiting Bash Remote Code...
View Article(CVE-2014-8826) OS X Gatekeeper Bypass Vulnerability
(CVE-2014-8826) OS X Gatekeeper Bypass Vulnerability (HTML) http://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html(TXT)...
View Article
