Hello everyone,
Red Dragon and I have been working on this for a while and here it is, a working NTP Amplification DoS Attack Python Script that is well tied up and that works perfectly. It has been tested on Linux only. There’s 2 versions; the official one works with python 2.x and the second one was Tweaked by Tea, a close friend and a member of Team Prophetic, and it should work with python 3.x.
Continue reading “NTP Amplification DoS Attack – by dotcppfile and Red Dragon (Python Script)”
Hello everyone,
So I’ve been checking ESET’s Official Website and I came across something really interesting related to some of their Forms such as:
http://www.eset.com/us/business/contact/
http://www.eset.com/me/support/contact/
http://www.eset.com/int/support/contact/
http://www.eset.com/kh/about/contact/
http://www.eset.com/ci/acheter/formulaire-de-contact/
https://store.esetme.com/ (What’s in it)
These forms have no Email Checker, IP Checker or Captcha, which means that anyone have the capability of using them over and over again and the problem is that ESET’s Automatic Replier will send a Message straight to your inbox whenever you use one of these Forms.
So, I have decided to write a simple script in Python that uses one of these forms threw a Loop which will, literally, transform ESET’s Mail Server to a “Mail Bombing Tool”.
There’s only one requirement for this Script and that would be the victim’s email address.
Continue reading “Vulnerability in ESET’s Forms – Explained and Revealed”
Hey everyone,
Well I just found a simple vulnerability in ESET’s Official Website which allows anyone to use their Servers as a Mail Bombing tool that is actually Really Fast and that Bypasses Junk Mail.
Check this out if you’re looking for more info about this Vulnerability: https://dotcppfile.wordpress.com/2014/06/25/vulnerability-in-esets-forms-explained-and-revealed/
dotcppfile's Blog 