Blog

Yaptest Update: v0.1.6

I just released a pretty big update to yaptest.  You can download the new version from the project page.  There are lots of bug fixes and some new feature and optimisations too. Deanx contributed a module to runs vessl (which I blogged about recently) against SSL services.  It even parses out lots of SSL releated […]

Checking the Validity of SSL Certs with Vessl

Deanx has release a tool called Vessl (Verify SSL).  It’s a command-line tool which performs a large number of checks on the validity of SSL certificates. It can check for lots of mundane issue likes expired certs, self signed certificates, etc.  The killer feature for me, though is that it uses a database of PEM […]

Abusing Hardlinks Via NFS

If you’ve been doing network pentesting for a while, you’ll no doubt be aware that there are plenty of ways to configure NFS insecurely.  Here are a few examples: If you export /home and allow read-write access: Attackers can read everyone’s home directories, alter them and probably log in as any user. If an attacker […]

Yaptest Update: v0.1.5

Version 1.5 of Yaptest is now available.  This release contains a couple of bug fixes and automatically enters more security issues into the backend databse.  The schema has changed significantly to support the new Yaptest Frontend . Here’s the Changelog:  * The following scripts now insert more “issues”: yaptest-parse-yapscan-icmp.pl yaptest-issues.pl yaptest-parse-enum4linux.pl yaptest-parse-sslscan.pl (new script) yaptest-parse-dcetest.pl […]

Web Frontend for Yaptest Released: YaptestFE v0.9

I just released the first version of YaptestFE , a web frontend that allows you to browse the backend database used by Yaptest.  Visit the YaptestFE Project Page for the download and further information. Here’s a screenshot so you can see what it’s all about:

Update to Postgres SQL Injection Cheat Sheet

Reiners spotted that I hadn’t included any info about writing files via SLQ injection in PostgreSQL.  I’ve update the Postgres Cheat Sheet accordingly.  Thanks Reiners. He’s also written some detailed blogs about SQL injection in MySQL that are worth reading: MySQL Table and Column Names MySQL Into Outfile  

Yaptest Update: v0.1.4

Version 0.1.4 of Yaptest is now available.  This release adds a couple of new features and fixes some bugs and usability problems (a big thanks to deanx for reporting these). It’s now possible for the run_test API to filter based on the host_info table.  This feature is used by yaptest-nmap-udp.pl to run a full UDP […]

Unix-privesc-check Update: v1.2

I’ve just released version 1.2 of unix-privesc-check.  Download it here. The following improvements have been made over version 1.1: * Added check of library dirs (/etc/ld.so.conf) for Linux * Crude check of programs called from shell scripts * Check of libraries used by each binary program (using ldd) * Check of hard-coded paths within binaries […]

Yaptest Update: v0.1.3

The new version of yaptest can be downloaded here. Here’s the change log: * Global settings (for all users) can now be configured in /etc/yaptest.conf – useful if lots of pentesters use a shared server. * Lines in config files starting with # are treated as comments. * Included some example dictionaries. These get installed […]

Tennable to Charge for Nessus from August 2008

It seems that Tennable are going to start charging to use Nessus commercially.  The Carnal0wnage blog does a good job of highlighting the pros and cons to this, so I won’t repeat those views here. Maybe now would be a good time for the pentest community to get behind OpenVAS – an open source fork […]