timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond to a valid username than to an invalid username.  This can be handy for bruteforcing a list of valid usernames.  I’ll work […]

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding […]

Post-Exploitation Without A TTY

This is a follow-up to a topic I touched on breifly before when I talked about the problem of trying to use the SSH client when you don’t have a TTY.  I was recently in a position where I got an interactive shell on a box, discovered the root password but was unable to get […]

Scapy in PERL

Scaperl is basically scapy in PERL.  Kinda useful for  PERL-geeks like me who have yet to even write “Hello World” in Python.

Breaking Out of a Chroot Jail Using PERL

I had cause to want to break out of a chroot’d environment recently.  It is well known that if you’re root within the chroot environment you can break out of it. I set about learning how to break out of chroot and came across an excellent description by Simes from 2002.  It contains a well […]


This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PERL.  Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser.  The script will open an outbound TCP connection from the webserver to a host […]