Blog | Tools

Fun With PSEXEC Scanner Metasploit Module

Posted on August 03, 2012Link 

So you have a meterpreter session on some Windows machine remotely or internally. One of the first things a lot of folks will do is escalate to SYSTEM (getsystem or post/windows/escalate/getsystem in meterpreter) and dump the server's password hashes (hashdump or post/windows/gather/hashdump). The logical thing to do next is to begin cracking the hashes...Continue reading 

Tool Review - Fierce by RSnake

Posted on September 27, 2011Link 

rce is a simple but very useful DNS reconnaissance tool written by Robert Hansen (RSnake) that I use on virtually every pentest, vuln assessment, or application security assessment I'm involved in. There's nothing fancy or super-technical about this tool; it's just useful and deserves some mention. It combines the functionality of a handful of recon tools into one. It's original...Continue reading 

Blind SQL Injection & BurpSuite - Like a Boss

Posted on April 22, 2011Link 

SQL injection used to be a lot easier a few years ago when it was less known, web application security was less mature, and errors were often exposed. It's very easy to use a variety of methods to cause errors to display database names, table names, column names, and even row values... when errors are enabled. These days, the SQL...Continue reading 

Have Questions?
Get Answers