Penetration Testing mailing list archives
Re: Volatile Worm
From: p1g <killfactory () gmail com>
Date: Thu, 14 Feb 2008 20:00:11 -0500
Am i only one that is hesitant to execute a worm on a customers network? I noticed that no one has replied. On 2/11/08, Rafael Silva <listas () geekworld com br> wrote:
Hello everyone, I'm here to publish a tool that exploits the concept of web application worms. It's not a brand new thing but I hope to help sysadmins and the security community. Volatine Worm is a web worm for MSSQL web applications vulnerable to SQL Injection and forces them into executing store procedures like xp_cmdshell. The concept of this worm is pretty simple: Find vulnerable hosts in an automated fashion searching in Google for URLs like: news.asp noticias.asp comments.asp ... When the worm finds a potential vulnerable application it tests if it is flawed by simply appending a single quote in the URL. It analyzes the error code returned to determine if it is running MSSQL. If it succedes to find a MSSQL, the worm issues a 'ping' command using xp_cmdshell, performing a phone home. Then you can test a lot of things like setup a ftp server and send any file to the vulnerable host. Feel free to improve the code. Download: http://www.rfdslabs.com.br/volatile.txt rfds@gland:~/codes/volatile$ perl volatile.pl -h Volatile [Automatic SQL Injection Exploit] Written by rfds and hash use volatile.pl [-h|-q <query>|-w <walk>|-d <device>|-i <ip>] -h: print this help -q: the magic query string [required] -w: rounds per search [required] -d: external device [required] -i: the device's ip [required] happy hacking rfds@gland:~/codes/volatile$ Cheers, -Rafael Silva ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- -p1g SnortCP, C|HFI, TNCP, TECP, NACP, A+ ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Volatile Worm Rafael Silva (Feb 11)
- Re: Volatile Worm p1g (Feb 14)
- Re: Volatile Worm Kish Pent (Feb 15)
- Re: Volatile Worm p1g (Feb 14)