unix-privesc-check
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be […]
Updated Postgres SQL Injection Cheat Sheet
I just put some finishing touches to the PostgreSQL Injection Cheat Sheet . All the TODO items have been removed now. Let me know if you have any extra info you think should be included on the cheat sheet.
Another Blog For Your RSS Reader: John Heasman
John Heasman's just started a blog over at blogspot.com. Topics so far have been centered around bug-hunting. Interesting stuff if you're more of a pentester than a vulnerability researcher (like me). Add it to your RSS reader now!
Update: smtp-user-enum v1.1
Guy Harper sent me a patch for smtp-user-enum. It can now enumerate email addresses on vulnerable servers as well as OS-level usernames. Cheers Guy. The project page has been updated with example of how the use the new -D option.
Post-Exploitation Without A TTY
This is a follow-up to a topic I touched on breifly before when I talked about the problem of trying to use the SSH client when you don’t have a TTY. I was recently in a position where I got an interactive shell on a box, discovered the root password but was unable to get […]
Updated Postgres SQL Injection Cheat Sheet
I just read Nico Leidecker’s Having Fun With Postgres paper. He mostly talks about the dblink function which is sometimes enabled in Postgres – it’s a bit like MSSQL’s openrowset . There’s also some good generic advice on what to do when you get DBA access – like exeucting OS-level commands. I’ve updated the cheat […]
Scapy in PERL
Scaperl is basically scapy in PERL. Kinda useful for PERL-geeks like me who have yet to even write “Hello World” in Python.
Getting RSH on Linux to work like RSH on Solaris
If you’ve tried setting up rsh/rlogin based hacker challenges on Linux over the last few years you’ve probably noticed that Linux (I tried Redhat and Debian) doesn’t behave like Solaris. This makes either for really bad hacker challenges, or for ones involving lots of Solaris boxes. I finally found the answer recently so thought I’d […]
Update to MySQL Injection Cheat Sheet
I just added some more notes to the MySQL Injection Cheat Sheet about command executation, file upload, privilege enumeration, casting, avoiding quotes and more. The cheat sheet is reasonably complete now.
Minor Update: Yapscan v0.7.3
I just updated yapscan . It no longer crashes when two debug flags are used for TCP scans.