php-reverse-shell
This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP. Upload this script to somewhere in the web root then run it by accessing the...
View Articlephp-findsock-shell
This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP, you want an interactive shell, but the Firewall is doing proper egress and...
View Articleexploit-suggester
This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try. It currently focusses on local exploitation of Solaris 8 on SPARC, but other...
View Articleunix-privesc-check
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivilged users to...
View Articleident-user-enum
ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system. This can help to prioritise...
View ArticleRexd Client For Linux
Full details about “on”, the rexd client can be found on this blog post.
View ArticleBootparamd Client for Linux
See this blog post for download link and installation instructions.
View Articletiming-attack-checker
timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond...
View Articlegateway-finder
Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal...
View Articlewindows-privesc-check
A long time ago, I started writing a tool to look for local privilege escalation vectors on Windows systems – e.g. weak permissions on files, directories, service registy keys. I never quite got round...
View Article
More Pages to Explore .....