Tools
windows-privesc-check
Tuesday, December 20th, 2011
A long time ago, I started writing a tool to look for local privilege escalation vectors on Windows systems – e.g. weak permissions on files, directories, service registy keys. I never quite got round to finishing it, but the project could still be useful to pentesters and auditors in its current part-finished state. I’d suggest giving it a [...]
Tags: audit, pentest, windows
Posted in: Audit, Tools
gateway-finder
Sunday, October 9th, 2011
Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal pentests when you want to quickly check for unauthorised routes to the Internet (e.g. rogue wireless access points) or routes to other [...]
Tags: discovery, gateway, network, pentest, tool
Posted in: Misc, Tools
timing-attack-checker
Sunday, September 25th, 2011
timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond to a valid username than to an invalid username. This can be handy for bruteforcing a list of valid usernames. I’ll work [...]
Tags: pentest, perl, tool, userenumeration
Posted in: Misc, Tools
Bootparamd Client for Linux
Sunday, November 2nd, 2008
See this blog post for download link and installation instructions.
Tags: bootparamd, linux, tool
Posted in: Misc
Rexd Client For Linux
Saturday, November 1st, 2008
Full details about “on”, the rexd client can be found on this blog post.
Tags: linux, rexd, tool
Posted in: Misc
ident-user-enum
Saturday, September 6th, 2008
ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system. This can help to prioritise target service during a pentest (you might want to attack services running as root first). Alternatively, the list of usernames [...]
Tags: identuserenum, pentest, tool
Posted in: User Enumeration
unix-privesc-check
Friday, February 1st, 2008
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be [...]
Tags: audit, pentest, tool, unixprivesccheck
Posted in: Audit
exploit-suggester
Saturday, September 29th, 2007
This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try. It currently focusses on local exploitation of Solaris 8 on SPARC, but other version of Solaris are partially supported. Features The current version of exploit-suggester has the following features: Restrict search to [...]
Tags: exploitsuggester, pentest, tool
Posted in: Audit
php-findsock-shell
Sunday, September 2nd, 2007
This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP, you want an interactive shell, but the Firewall is doing proper egress and ingress filtering – so bindshells and reverse shells won’t work. Upload php-findsock-shell to somewhere in the web root then run it [...]
Tags: findsockshell, pentest, php, tool
Posted in: Web Shells
php-reverse-shell
Saturday, May 26th, 2007
This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP. Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser. The script will open an outbound TCP connection from the webserver to a host [...]
Tags: pentest, php, reverseshell, tool
Posted in: Web Shells
Categories
- Blog (78)
- Cheat Sheets (10)
- Shells (1)
- SQL Injection (7)
- Contact (2)
- Site News (3)
- Tools (17)
- Audit (3)
- Misc (7)
- User Enumeration (4)
- Web Shells (3)
- Uncategorized (3)
- Yaptest (15)
- Front End (1)
- Installing (2)
- Overview (2)
- Using (8)