Select Page

Scanning SNMPv3 with nmap vs unicornscan

Many penetration testers rely on unicornscan’s speed to perform UDP portscans. Sometimes, a first pass is made with unicornscan to detect open UDP ports and then a second pass is made with nmap on those ports to find additional information about the service. In...

Exploiting MS09-004 via SQL injection

Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end...

Metasploit and SQL injection

SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios: When an attacker achieves command execution on a database via SQL injection, but he wants all the...

Cisco config retrieval tool and password reuse

The other day we were at a client site doing a penetration test. This was a very big deployment with almost 100 routers. At some point during the test we managed to get the read/write community string of one of the routers, as there was a script with the hard-coded...