Quantcast
Channel: pentestmonkey » Tools
Browsing all 10 articles
Browse latest View live

php-reverse-shell

This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP.  Upload this script to somewhere in the web root then run it by accessing the...

View Article



Image may be NSFW.
Clik here to view.

php-findsock-shell

This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP, you want an interactive shell, but the Firewall is doing proper egress and...

View Article

exploit-suggester

This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.  It currently focusses on local exploitation of Solaris 8 on SPARC, but other...

View Article

Image may be NSFW.
Clik here to view.

unix-privesc-check

Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).  It tries to find misconfigurations that could allow local unprivilged users to...

View Article

ident-user-enum

ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system. This can help to prioritise...

View Article


Rexd Client For Linux

Full details about “on”, the rexd client can be found on this blog post.

View Article

Bootparamd Client for Linux

See this blog post for download link and installation instructions.

View Article

timing-attack-checker

timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond...

View Article


gateway-finder

Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal...

View Article


Image may be NSFW.
Clik here to view.

windows-privesc-check

A long time ago, I started writing a tool to look for local privilege escalation vectors on Windows systems – e.g. weak permissions on files, directories, service registy keys.  I never quite got round...

View Article
Browsing all 10 articles
Browse latest View live




Latest Images