Yaptest Update: v0.2.1

Version 0.2.1 of yaptest is now available.  Download it here. This is quite a major update.  The most notable improvements are support for running Nessus and/or OpenVAS.  At present Nessus and OpenVAS are automatically run against  any open ports with Safe Checks enabled. As with any major update one or two bugs might have crept [...]

Posted in Blog | Tags: ,

unix-privesc-check Update: v1.4

The next version of unix-privesc-check has just been released.  Download it here. This version checks the file permissions of SUID programs.  It should catch issue like the recent Ingres privesc where and SUID programs used a shared object file that could be modified by a non-root user.

Posted in Blog | Tags: , ,

Informix SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into Informix databases…

Posted in SQL Injection | Tags: , ,

unix-privesc-check Update: v1.3

I just updated unix-privesc-check.  Download it here. This release fixes a couple of minor bugs in the reporting of cron-related issues and some problem while running under /bin/sh (as opposed to /bin/bash).

Posted in Blog | Tags: , ,

exploit-suggester Update: v0.2

I just released an important update to exploit-suggester.  Download it here. It seems that “showrev -p” sometimes lists multiple revisions for the same patch.  This caused exploit-suggester to return false-positives.

Posted in Blog | Tags: , ,

Preventing Web-based Directory Enumeration Attacks Against IIS

I received an interesting tip from Munish about how to prevent directories from being easily identified in IIS.  I’ve updated my original post about directory enumeration with the following info: Setting the “Hidden” Attribute to Hide Files in IIS Hiding directories in IIS seems to be as easy as setting the “hidden” attribute: cd c:\Inetpub\wwwroot [...]

Posted in Blog | Tags:

Bootparamd Client for Linux

See this blog post for download link and installation instructions.

Posted in Misc | Tags: , ,

Rexd Client For Linux

Full details about “on”, the rexd client can be found on this blog post.

Posted in Misc | Tags: , ,

YaptestFE

Full details about YaptestFE can be found on its project page.  If you’re after the download link, it’s on the same page.

Posted in Yaptest | Tags: , , ,

Yaptest Update: v0.2.0

Yaptest v0.2.0 is now avaialble.  Download it here. The main improvements are support for udp-proto-scanner to improve UDP service detection and support for ms08-067_check to automatically check for the most recent pentester-friendly MS vulnerability. There are also minor improvements including DNS tests and more automatic issue-parsing.  Remember that you can use YaptestFE to view collected [...]

Posted in Blog | Tags: