SSH Cheat Sheet

SSH has several features that are useful during pentesting and auditing.  This page aims to remind us of the syntax for the most useful features. NB: This page does not attempt to replace the man page for pentesters, only to supplement it with some pertinent examples. SOCKS Proxy Set up a SOCKS proxy on 127.0.0.1:1080 that lets […]

Exploiting A Tricky SQL Injection With sqlmap

Like many pentesters, I’m a fan of sqlmap.  It’s often the first and last tool I reach for when exploiting boolean or time-based SQL injection vulnerabilities. I wanted to briefly document a slightly tricky SQL injection issue I encountered recently and a few of the sqlmap features that impressed me most. I initially noticed that […]

The Ultimate Unix Cheat Sheet

I just stumbled across Rosetta Stone for Unix, a brilliant page that lists how to do a large number of tasks in a variety of unix-like operating systems.  I wish I’d found this years ago. It should be very handy for pentesting or auditing those less familiar unix flavours. I’ll definitely taking a copy with […]

John The Ripper Hash Formats

John the Ripper is a favourite password cracking tool of many pentesters.  There is plenty of documentation about its command line options. I’ve encountered the following problems using John the Ripper.  These are not problems with the tool itself, but inherent problems with pentesting and password cracking in general. Sometimes I stumble across hashes on a […]

Twitter

My twitter account is @pentestmonkey.

Updated CMS

I recently converted the site to WordPress from Mambo.  Joomla/Mambo To WordPress Migrator did most of the conversion for me.  I’d recommend trying it if you ever need to convert a site to WordPress. The difficult part was keeping the URLs the same.  Hopefully I’ve kept most of them. Anyway, if you notice any problems with […]

New Web Application Scanner: Netsparker

I’ve been involved in the beta testing of Netsparker for some time now.  Now that it’s publicly available, I wanted to write a brief blog post to recommend that you try it out… If you can’t be bothered reading this post, make sure you at least check out the videos of Netsparker in action (particularly […]

Cross-Site Request Forgery For POST Requests With An XML Body

I recently had cause to create a proof-of-concept for a site that seemed to be vulnerable to Cross-Site Request Forgery (CSRF).  I say “seemed” because there was no CSRF protection, but I was finding the XML POST body really hard to forge (It was a SOAP / XMLRPC type request). Eventually Sid from notsosecure.com pointed […]

exploit-suggester Update: v0.3

Minor update to exploit suggester.  It now suggests the raptor sploits for Netscape Portable Runtime vulnerability.  Download it here.

YaptestFE Update: v1.1

Version 1.1 of the Yaptest Frontend is now available.  Download it here. There are three main improvements to the interface: The “Ports” page now displays Nmap version and service information when it’s available. The “Windows Info” page displays a list of Windows hosts along with various information about each: Domain name, whether the host is […]