Penetration Testing mailing list archives
Re: Volatile Worm
From: Kish Pent <kish_pent () yahoo com>
Date: Fri, 15 Feb 2008 06:31:48 -0800 (PST)
Hey p1g, You're not the only one who's hesitant to do so, lot of pen-testers are ... it really depends on the scope laid out basically, and Rafael's concept of volatile worm is not something new. You guys might have to check out Dave Aitel's presentation called Nematodes. It's a different vantage point for everyone in different situations and I have to say, Dave's idea during his period was nice. I think he presented in 05 he updated it around 2006 iirc, given below is the resources section of ImmunitySec. URL : http://www.immunitysec.com/resources-papers.shtml The idea of using botnet, worm, trojans, and malicious code on client networks is best avoided to spare downtime, but if you know how to use them carefully, it's equally a good idea to test their AV / Firewall and other defenses, after all that's what a pen-tester is supposed to simulate (a real attack). There are two ways to looking at it, and as mentioned earlier it depends on the scope. Basically, Rafael's point is to use it like a automated tool to pwn boxes, and Dave's idea to just assess, and patch using a beneficial worm. Cheers, Kish --- p1g <killfactory () gmail com> wrote:
Am i only one that is hesitant to execute a worm on a customers network? I noticed that no one has replied. On 2/11/08, Rafael Silva <listas () geekworld com br> wrote:Hello everyone, I'm here to publish a tool that exploits theconcept of webapplication worms. It's not a brand new thing but I hope to helpsysadmins and thesecurity community. Volatine Worm is a web worm for MSSQL webapplications vulnerable toSQL Injection and forces them into executing store procedures likexp_cmdshell.The concept of this worm is pretty simple: Findvulnerable hosts in anautomated fashion searching in Google for URLs like: news.asp noticias.asp comments.asp ... When the worm finds a potential vulnerableapplication it tests if itis flawed by simply appending a single quote in the URL. It analyzes the errorcode returned todetermine if it is running MSSQL. If it succedes to find a MSSQL, the worm issues a'ping' command usingxp_cmdshell, performing a phone home. Then you can test a lot of thingslike setup a ftpserver and send any file to the vulnerable host. Feel free to improve the code. Download: http://www.rfdslabs.com.br/volatile.txt rfds@gland:~/codes/volatile$ perl volatile.pl -h Volatile [Automatic SQL Injection Exploit] Written by rfds and hash use volatile.pl [-h|-q <query>|-w <walk>|-d<device>|-i <ip>]-h: print this help -q: the magic query string [required] -w: rounds per search [required] -d: external device [required] -i: the device's ip [required] happy hacking rfds@gland:~/codes/volatile$ Cheers, -Rafael Silva
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solutionFREE today!http://www.cenzic.com/downloads
------------------------------------------------------------------------
-- -p1g SnortCP, C|HFI, TNCP, TECP, NACP, A+ ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads
------------------------------------------------------------------------
-- Kishore Parthasarathy, Penetration Tester, Smart Security, 17/1,Upstairs, Sarojini St,T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Volatile Worm Rafael Silva (Feb 11)
- Re: Volatile Worm p1g (Feb 14)
- Re: Volatile Worm Kish Pent (Feb 15)
- Re: Volatile Worm p1g (Feb 14)