Blog
Time-Based Blind SQL Injection with Heavy Queries
Chema Alonso sent me a link to this Microsoft paper which is based on his PhD thesis. It explores how to exploit time-based SQL injection on any database backend without the use of usual “delay functions” like waitfor delay, benchmark, DBMS_LOCK, etc. Well worth a read.
MS Access SQL Injection Cheat Sheet
Luca from webapptest.org just published an MS Access cheat sheet. It’s one of the best of seen for MS Access. Check it out: http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
Linux Local Privilege Escalation for x86_64
Wojciech Purczynski found an interesting vulnerability which allows non-priv users on Linux x86_64 systems to escalate privileges to root: user@linux64 /tmp $ uname -a Linux ws 2.6.22-gentoo-r5 #1 SMP Mon Sep 24 00:24:36 BST 2007 x86_64 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz GenuineIntel GNU/Linux user@linux64 /tmp $ gcc -o 4460 4460.c user@linux64 /tmp $ […]
Google Desktop For Linux Released
Google Desktop for Linux was released recently. It doesn't seem to be in the Gentoo portage tree yet, but there's a working ebuild for it here. It's been indexing for 24 hours or so. It'll be a few more days before I can try it out properly. This should be a useful tool for onsite […]
Yaptest v0.0.4 Released
Usernames and passwords found during testing are now automatically entered into the credentials database (e.g. windows usernames from SNMP or RID cycling, passwords guessed by hydra). Yaptest is now also able to call John the Ripper to crack password hashes from the credentials database that haven’t already been cracked. I’ve update the Managing Login Credentails […]
Owning Firefox on Windows
I just read Thor’s great write-up of the recent Firefox vulnerability. Well worth a read.
Yaptest Update: v0.0.3
I just released a new version of Yaptest. The biggest enhancement is being able to store the login credentials in the database. The yaptest-credentials.pl script can be used to list the systems that you’ve found logins for. See here for a proper explanation of yaptest’s new password management features. The CHANGELOG lists the new tools […]
Minor update: Yapscan v0.7.2
I just fixed a bug that caused yapscan to crash intermittently during ICMP scans. Download page.
Stealing Usernames and Passwords from SSHD
I just read a really cool blog post by Sebastian Krahmer. He discusses a post-exploitation technique to snoop on incomming SSH sessions – including the username and password used to authenticate.
Cracking Postgres Password Hashes with MDCrack
As far as I’m aware there are aren’t many good password crackers around for PostgreSQL database password hashes. Here are a few notes on how to crack postgres password hashes quickly using MDCrack. Even though MDCrack is a Windows program, it works well enough under WINE for our purposes. Linux users can therefore benefit from […]