perl

timing-attack-checker

timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond to a valid username than to an invalid username.  This can be handy for bruteforcing a list of valid usernames.  I’ll work [...]

Tags: , , ,

Posted in: Misc, Tools

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding [...]

Tags: , , , , , , , , ,

Posted in: Shells

Post-Exploitation Without A TTY

This is a follow-up to a topic I touched on breifly before when I talked about the problem of trying to use the SSH client when you don’t have a TTY.  I was recently in a position where I got an interactive shell on a box, discovered the root password but was unable to get [...]

Tags: , , , ,

Posted in: Blog

Scapy in PERL

Scaperl is basically scapy in PERL.  Kinda useful for  PERL-geeks like me who have yet to even write “Hello World” in Python.

Tags: ,

Posted in: Blog

Breaking Out of a Chroot Jail Using PERL

I had cause to want to break out of a chroot’d environment recently.  It is well known that if you’re root within the chroot environment you can break out of it. I set about learning how to break out of chroot and came across an excellent description by Simes from 2002.  It contains a well [...]

Tags: , ,

Posted in: Blog

perl-reverse-shell

This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PERL.  Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser.  The script will open an outbound TCP connection from the webserver to a host [...]

Tags: , ,

Posted in: Web Shells