Yaptest Update: v0.1.9

Release 0.1.9 of yaptest is now available.  Download here. This release includes enumeration of users via the finger service (using finger-user-enum) and gathering of usernames and password hashes via rexd (Linux rexd client).  There are also important improvments to the gathering of topology information, which should make network diagrams generated in YaptestFE look nicer. See […]

Rexd Client For Linux

I recently encountered the rexd service running on a host I was testing.  This is a really old-school UNIX service which you don’t see much on modern networks (in my experience at least).  It’s well know that it’s insecure: It basically lets you run any command on the host as any user you like with […]

SQL Injection Cheat Sheets Updated

I had some really detailed feedback from Bernardo Damele A. G. on the SQL Injection Cheat Sheets.  I’ve just finished updating the cheat sheets for MSSQL, Oracle, MySQL and PostgreSQL . Thanks a lot Bernardo. If anyone else has suggestions, feel free to mail pentestmonkey at pentestmonkey dot net.

Yaptest Update: v0.1.7

Version 0.1.7 of Yaptest is now available for download. This release parses additional issues into the backend database, along with Network Topology information (so YaptestFE can draw a network diagram for you).  There is also support for exporting data in XML format so you can import Yaptest’s findings into 3rd party tools. The complete changlog […]

ident-user-enum

ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system. This can help to prioritise target service during a pentest (you might want to attack services running as root first).  Alternatively, the list of usernames […]

YaptestFE Update: v1.0

A new version of the Yaptest Frontend is available.  Download it here. The release fixes a couple of bugs pointed out by Deanx when running YaptestFE on Mac. I’ve added new Network Map item to the left-hand menu bar.  This reads in topology information gathered by yaptest (from “ping -R”, traceroutes, TTL information, SNMP) and […]

Yaptest Update: v0.1.6

I just released a pretty big update to yaptest.  You can download the new version from the project page.  There are lots of bug fixes and some new feature and optimisations too. Deanx contributed a module to runs vessl (which I blogged about recently) against SSL services.  It even parses out lots of SSL releated […]

Checking the Validity of SSL Certs with Vessl

Deanx has release a tool called Vessl (Verify SSL).  It’s a command-line tool which performs a large number of checks on the validity of SSL certificates. It can check for lots of mundane issue likes expired certs, self signed certificates, etc.  The killer feature for me, though is that it uses a database of PEM […]

Abusing Hardlinks Via NFS

If you’ve been doing network pentesting for a while, you’ll no doubt be aware that there are plenty of ways to configure NFS insecurely.  Here are a few examples: If you export /home and allow read-write access: Attackers can read everyone’s home directories, alter them and probably log in as any user. If an attacker […]

Yaptest Update: v0.1.5

Version 1.5 of Yaptest is now available.  This release contains a couple of bug fixes and automatically enters more security issues into the backend databse.  The schema has changed significantly to support the new Yaptest Frontend . Here’s the Changelog:  * The following scripts now insert more “issues”: yaptest-parse-yapscan-icmp.pl yaptest-issues.pl yaptest-parse-enum4linux.pl yaptest-parse-sslscan.pl (new script) yaptest-parse-dcetest.pl […]