Yaptest Configuration Wizard
Some users commented that the creation of new tests (i.e. databases and “test area”) was unnecessarily difficult. Version 0.0.5 of yaptest now includes a interactive Wizard, yaptest-wizard.pl that takes users step by step through setting up a new test. The old method using yaptest-new.pl and yaptest-new-test-area.pl is still supported. Thanks to all those who have […]
Time-Based Blind SQL Injection with Heavy Queries
Chema Alonso sent me a link to this Microsoft paper which is based on his PhD thesis. It explores how to exploit time-based SQL injection on any database backend without the use of usual “delay functions” like waitfor delay, benchmark, DBMS_LOCK, etc. Well worth a read.
MS Access SQL Injection Cheat Sheet
Luca from webapptest.org just published an MS Access cheat sheet. It’s one of the best of seen for MS Access. Check it out: http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
exploit-suggester
This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try. It currently focusses on local exploitation of Solaris 8 on SPARC, but other version of Solaris are partially supported. Features The current version of exploit-suggester has the following features: Restrict search to […]
Linux Local Privilege Escalation for x86_64
Wojciech Purczynski found an interesting vulnerability which allows non-priv users on Linux x86_64 systems to escalate privileges to root: user@linux64 /tmp $ uname -a Linux ws 2.6.22-gentoo-r5 #1 SMP Mon Sep 24 00:24:36 BST 2007 x86_64 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz GenuineIntel GNU/Linux user@linux64 /tmp $ gcc -o 4460 4460.c user@linux64 /tmp $ […]
php-findsock-shell
This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP, you want an interactive shell, but the Firewall is doing proper egress and ingress filtering – so bindshells and reverse shells won’t work. Upload php-findsock-shell to somewhere in the web root then run it […]
Google Desktop For Linux Released
Google Desktop for Linux was released recently. It doesn't seem to be in the Gentoo portage tree yet, but there's a working ebuild for it here. It's been indexing for 24 hours or so. It'll be a few more days before I can try it out properly. This should be a useful tool for onsite […]
Yaptest v0.0.4 Released
Usernames and passwords found during testing are now automatically entered into the credentials database (e.g. windows usernames from SNMP or RID cycling, passwords guessed by hydra). Yaptest is now also able to call John the Ripper to crack password hashes from the credentials database that haven’t already been cracked. I’ve update the Managing Login Credentails […]
Owning Firefox on Windows
I just read Thor’s great write-up of the recent Firefox vulnerability. Well worth a read.
Yaptest Update: v0.0.3
I just released a new version of Yaptest. The biggest enhancement is being able to store the login credentials in the database. The yaptest-credentials.pl script can be used to list the systems that you’ve found logins for. See here for a proper explanation of yaptest’s new password management features. The CHANGELOG lists the new tools […]