Blog

unix-privesc-check Update: v1.4

The next version of unix-privesc-check has just been released.  Download it here. This version checks the file permissions of SUID programs.  It should catch issue like the recent Ingres privesc where and SUID programs used a shared object file that could be modified by a non-root user.

unix-privesc-check Update: v1.3

I just updated unix-privesc-check.  Download it here. This release fixes a couple of minor bugs in the reporting of cron-related issues and some problem while running under /bin/sh (as opposed to /bin/bash).

exploit-suggester Update: v0.2

I just released an important update to exploit-suggester.  Download it here. It seems that “showrev -p” sometimes lists multiple revisions for the same patch.  This caused exploit-suggester to return false-positives.

Preventing Web-based Directory Enumeration Attacks Against IIS

I received an interesting tip from Munish about how to prevent directories from being easily identified in IIS.  I’ve updated my original post about directory enumeration with the following info: Setting the “Hidden” Attribute to Hide Files in IIS Hiding directories in IIS seems to be as easy as setting the “hidden” attribute: cd c:\Inetpub\wwwroot […]

Yaptest Update: v0.2.0

Yaptest v0.2.0 is now avaialble.  Download it here. The main improvements are support for udp-proto-scanner to improve UDP service detection and support for ms08-067_check to automatically check for the most recent pentester-friendly MS vulnerability. There are also minor improvements including DNS tests and more automatic issue-parsing.  Remember that you can use YaptestFE to view collected […]

Yaptest Update: v0.1.9

Release 0.1.9 of yaptest is now available.  Download here. This release includes enumeration of users via the finger service (using finger-user-enum) and gathering of usernames and password hashes via rexd (Linux rexd client).  There are also important improvments to the gathering of topology information, which should make network diagrams generated in YaptestFE look nicer. See […]

Rexd Client For Linux

I recently encountered the rexd service running on a host I was testing.  This is a really old-school UNIX service which you don’t see much on modern networks (in my experience at least).  It’s well know that it’s insecure: It basically lets you run any command on the host as any user you like with […]

SQL Injection Cheat Sheets Updated

I had some really detailed feedback from Bernardo Damele A. G. on the SQL Injection Cheat Sheets.  I’ve just finished updating the cheat sheets for MSSQL, Oracle, MySQL and PostgreSQL . Thanks a lot Bernardo. If anyone else has suggestions, feel free to mail pentestmonkey at pentestmonkey dot net.

Yaptest Update: v0.1.7

Version 0.1.7 of Yaptest is now available for download. This release parses additional issues into the backend database, along with Network Topology information (so YaptestFE can draw a network diagram for you).  There is also support for exporting data in XML format so you can import Yaptest’s findings into 3rd party tools. The complete changlog […]

YaptestFE Update: v1.0

A new version of the Yaptest Frontend is available.  Download it here. The release fixes a couple of bugs pointed out by Deanx when running YaptestFE on Mac. I’ve added new Network Map item to the left-hand menu bar.  This reads in topology information gathered by yaptest (from “ping -R”, traceroutes, TTL information, SNMP) and […]