Tag: Linux

• SQLiPy: A SQLMap Plugin for Burp

  I perform quite a few web app assessments throughout the year. Two of the primary tools in my handbag for a web app assessment are Burp Suite Pro and SQLMap. Burp Suite is a great general purpose web app assessment tool, but if you perform web app assessments you probably already know because you are…

  Josh Berry

  September 22, 2014

  Burp, Linux, Penetration Testing, Python, Unix, Windows

  Burp Suite Pro, Java, Jython, Linux, Python, sqlmap, Web App Pentesting, Windows

• Dirscalate Tool Update – NTLM, Basic, Digest, and Cookie Auth

  I have updated my dirscalate tool to now include support for NTLM, BASIC, Digest, or cookie based authentication to the web application with the directory traversal vulnerability. If you are unfamiliar with the tool, see my post here. Previously, if the site required authentication, you would have had to proxy dirscalate through something like Burp…

  Josh Berry

  September 16, 2014

  Linux, Penetration Testing, Python, Unix

  Burp Suite Pro, Linux, Unix

• Directory Traversal to Root

  I’ve had some success in the past when finding directory traversal vulnerabilities on Linux/Unix hosts and thought I would share a little post on what I’ve found. The vulnerabilities are often found in the unauthenticated portions (convenient) of management applications such as Webmin or ColdFusion and are frequently running with elevated privileges. The first step…

  Josh Berry

  December 28, 2013

  Linux, Metasploit, Penetration Testing, Python, Unix

  DotDotPwn, Linux, Metasploit, Panoptic, Python, Unix