Jump to content

Havoc updated


Recommended Posts

  • 2 weeks later...

I had a look after you posted this and found a fairly serious vulnerability in the service authentication mechanism. The author was good to talk to and already fixed the bug.

From my quick review of the codebase, it's in a very early release stage so I wouldn't use it for anything except playing around with locally yet. For instance it has default credentials and binds to all interfaces by default, so merely running it on a public server could get you pwned.

Edited by hyperreality
  • Like 1
Link to comment
Share on other sites

Yeah, I didn't think it would be used in a actually used in a pentest engagement, but I've seen a lot of people make videos and talk about it.

Link to comment
Share on other sites

  • 3 months later...

Late to the party

The author of the tool is a teenager, pretty cool project I must say.
It has the potential of becoming a go-to open source C2.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...