Blog
Yaptest Update: v0.1.0
This update to yaptest includes a few bug fixes and features to better support Mac users. Download v0.1.0 here. * #!/usr/bin/perl changed to #!/usr/bin/env perl. This allows users to change to a different perl interpreter just by changing their path. * Cheers to deanx for the following bug reports / feature requests: […]
Tool for Cracking Passphrases on Encrypted SSH Keys
Phrasen|drescher is a tool for those pentests when you’re having trouble owning those last few *nix boxes. It was released in 2007 but I hadn’t had cause to try it out until recently. If you’ve already gained access to a few *nix boxes, but can’t get into the rest you’ll naturally start trying to enumerate […]
Yaptest Update: v0.0.9
Yaptest v0.0.9 is ready for download. The big changes in this release are: The addition of yaptest-issues.pl to allow you to associate hosts with security issues . yaptest-dns-grind.pl is now called to find hostnames from DNS PTR records and store them in the database. Finally, oscanner is now called on each Oracle TNS listener identified […]
Yaptest Update: v0.0.8
This is a relatively minor yaptest update. Version 0.0.8 is available for download here. The install scripts have been updated to be more compatible with OSX. The incompabilities are better documented in comments. I’ve also update the original notes from Deanx with some more of his wisdom. I’ve completely rewritten yaptest-nmap-tcp.pl so that people who […]
Yaptest Update: v0.0.7
Yaptest has had a lot of new features added over the last few months and I’m stuggling to get them all written up and released. v0.0.7 is the first of several releases. Download yaptest v0.0.7 here . It is now possible to interrupt scans and resume them later. This is really handy for big multi-day […]
Importing OSVDB into a Postgres Database
I was looking at the Open Source Vulnerbility Database (OSVDB) recently. If you haven’t come across it before, it’s a source vulnerability information, similar to bugtraq or secunia. OSVDB has a good web frontend which is easy to search. I was investigating if the database could be downloaded and searched offline during onsite pentests when […]
Updated Postgres SQL Injection Cheat Sheet
I just put some finishing touches to the PostgreSQL Injection Cheat Sheet . All the TODO items have been removed now. Let me know if you have any extra info you think should be included on the cheat sheet.
Another Blog For Your RSS Reader: John Heasman
John Heasman's just started a blog over at blogspot.com. Topics so far have been centered around bug-hunting. Interesting stuff if you're more of a pentester than a vulnerability researcher (like me). Add it to your RSS reader now!
Update: smtp-user-enum v1.1
Guy Harper sent me a patch for smtp-user-enum. It can now enumerate email addresses on vulnerable servers as well as OS-level usernames. Cheers Guy. The project page has been updated with example of how the use the new -D option.
Post-Exploitation Without A TTY
This is a follow-up to a topic I touched on breifly before when I talked about the problem of trying to use the SSH client when you don’t have a TTY. I was recently in a position where I got an interactive shell on a box, discovered the root password but was unable to get […]