Blog

mimikatz: Tool To Recover Cleartext Passwords From Lsass

I meant to blog about this a while ago, but never got round to it. Here’s a brief post about very cool feature of a tool called mimikatz. I’m very grateful to the tool’s author for bringing it to my attention. Until that point, I didn’t realise it was possible to recover the cleartext passwords [...]

Posted in: Blog

The Science of Safely Finding an Unused IP Address

During pentests you’re often allocated an IP by the client or can get one via DHCP. There are times, however when the client might expect you find a free IP on your own. Or you might want to check that the client hasn’t assigned you an IP address that’s already in use. I’m sure we’ve [...]

Tags:

Posted in: Blog

“Hackers for Charity” Needs You

This is a quick post to draw attention to the request for donations from Hackers for Charity. They need to raise about 785 USD / month to fund the good work they’re doing in Uganda. Netsparker recently tweeted that they’re donating 785 USD.  Rapid7 are giving 5000 USD.  There are many more on the Donate [...]

Posted in: Blog

Exploiting A Tricky SQL Injection With sqlmap

Like many pentesters, I’m a fan of sqlmap.  It’s often the first and last tool I reach for when exploiting boolean or time-based SQL injection vulnerabilities. I wanted to briefly document a slightly tricky SQL injection issue I encountered recently and a few of the sqlmap features that impressed me most. I initially noticed that [...]

Tags: ,

Posted in: Blog

The Ultimate Unix Cheat Sheet

I just stumbled across Rosetta Stone for Unix, a brilliant page that lists how to do a large number of tasks in a variety of unix-like operating systems.  I wish I’d found this years ago. It should be very handy for pentesting or auditing those less familiar unix flavours. I’ll definitely taking a copy with [...]

Tags: , ,

Posted in: Blog

New Web Application Scanner: Netsparker

I’ve been involved in the beta testing of Netsparker for some time now.  Now that it’s publicly available, I wanted to write a brief blog post to recommend that you try it out… If you can’t be bothered reading this post, make sure you at least check out the videos of Netsparker in action (particularly [...]

Tags: ,

Posted in: Blog

Cross-Site Request Forgery For POST Requests With An XML Body

I recently had cause to create a proof-of-concept for a site that seemed to be vulnerable to Cross-Site Request Forgery (CSRF).  I say “seemed” because there was no CSRF protection, but I was finding the XML POST body really hard to forge (It was a SOAP / XMLRPC type request). Eventually Sid from notsosecure.com pointed [...]

Tags: ,

Posted in: Blog

exploit-suggester Update: v0.3

Minor update to exploit suggester.  It now suggests the raptor sploits for Netscape Portable Runtime vulnerability.  Download it here.

Tags: ,

Posted in: Blog

YaptestFE Update: v1.1

Version 1.1 of the Yaptest Frontend is now available.  Download it here. There are three main improvements to the interface: The “Ports” page now displays Nmap version and service information when it’s available. The “Windows Info” page displays a list of Windows hosts along with various information about each: Domain name, whether the host is [...]

Tags: ,

Posted in: Blog

Yaptest Update: v0.2.1

Version 0.2.1 of yaptest is now available.  Download it here. This is quite a major update.  The most notable improvements are support for running Nessus and/or OpenVAS.  At present Nessus and OpenVAS are automatically run against  any open ports with Safe Checks enabled. As with any major update one or two bugs might have crept [...]

Tags: ,

Posted in: Blog