pentest

Getting RSH on Linux to work like RSH on Solaris

If you’ve tried setting up rsh/rlogin based hacker challenges on Linux over the last few years you’ve probably noticed that Linux (I tried Redhat and Debian) doesn’t behave like Solaris.  This makes either for really bad hacker challenges, or for ones involving lots of Solaris boxes. I finally found the answer recently so thought I’d […]

Using SSH Without A TTY

I recently received a mail asking how to get SSH to work from within a reverse shell (see php-reverse-shell , php-findsock-shell and perl-reverse-shell ).  I thought I’d write a brief description of the problems I’ve seen and how to work round them. I’d be very interested if anyone has any better solutions.  Drop me a […]

Breaking Out of a Chroot Jail Using PERL

I had cause to want to break out of a chroot’d environment recently.  It is well known that if you’re root within the chroot environment you can break out of it. I set about learning how to break out of chroot and came across an excellent description by Simes from 2002.  It contains a well […]

Oracle SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into Oracle databases…

MySQL SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into MySQL databases…

Postgres SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into PostgreSQL databases…

Yaptest

Full details about Yaptest can be found on its project page .  If you’re after the download link, it’s on the installation page.

MS Access SQL Injection Cheat Sheet

Luca from webapptest.org just published an MS Access cheat sheet.  It’s one of the best of seen for MS Access.  Check it out: http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html

exploit-suggester

This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.  It currently focusses on local exploitation of Solaris 8 on SPARC, but other version of Solaris are partially supported. Features The current version of exploit-suggester has the following features: Restrict search to […]

Linux Local Privilege Escalation for x86_64

Wojciech Purczynski found an interesting vulnerability which allows non-priv users on Linux x86_64 systems to escalate privileges to root: user@linux64 /tmp $ uname -a Linux ws 2.6.22-gentoo-r5 #1 SMP Mon Sep 24 00:24:36 BST 2007 x86_64 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz GenuineIntel GNU/Linux user@linux64 /tmp $ gcc -o 4460 4460.c user@linux64 /tmp $ […]