Recent Posts



Pen Testing Windows Active Directory

July 28, 2007

I have put together some thoughts on conducting a penetration test on a windows active directory. Currently this article focus on these 2 scenarios:- 1. A pentester is allowed to plug his laptop into the target network. 2. A pentester is not allowed to plug his laptop and only has… Read More

SQL Injection In Oracle

July 11, 2007

1. Finding table names select table_name from+user_tables Example:- table_name+from+user_tables Blind Injection: and ascii(substr((select+table_name+from+user_tables where rownum=1),1,1))>100 ———————————————– 2. Iterating through the different rows: Unfortunately it is not as straight forward, there is no LIMIT command in oracle. Syntax:-select column_1, column_2 from (select rownum r_, column_1, column_2  from table_1, table_2  where… Read More

SQL Injection And UTF 7 encoding

July 5, 2007

Query:- There is a web application vulnerable to SQL Injection, but the web server has added protection like magic_quotes or the application calls the function add_slashes, which means i can't insert  a single quote and thus cant exploit a SQL Injection. The injection point is in a string field. Does… Read More

Recommended Books For Pentesting

June 30, 2007

Although, i don't have the habit of reading books, here are a few books which you may consider reading. ———–  Database Hackers Handbook.(David Litchfield) Oracle Hacker's handbook (David Litchfield)  Hacking Web Applications Exposed (TMH Publications) Essential PHP Security (Chris Shifflett) TCP/IP Illustrated (Comer). Hacking Linux Exposed.  ——-  As this list… Read More

Owning IIS 6.0 When Webserver Supports Put and Move HTTP Methods

June 14, 2007

Credits: ice  and ferruh In IIS 6.0 you can upload the backdoor scripts but u may not be able to execute the default cmd.exe present in the iis box, so u need to upload your own cmd.exe first and then make your asp backdoor point to the cmd.exe which you… Read More