Dailydave mailing list archives
Re: One Click Ownage [White Paper and Scripts]
From: Dave Aitel <dave () kof immunityinc com>
Date: Fri, 3 Jul 2009 23:09:47 -0400
To sum up the paper: You base64 a callback executable into a VBS script and then send it over to be executed by xp.cmdshell. What would be more useful, since DB servers are rarely routable to the internet, is something that injects into SQL Server and then can be talked to with MOSDEF or some other ping-pong protocol via the initial SQL Injection so you can get real access to the DB layer. This wouldn't be that hard really. -dave On Fri, Jul 3, 2009 at 6:49 AM, Ferruh Mavituna <ferruh () mavituna com> wrote:
This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (*particularly in MSSQL*). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial payload. White paper explains the steps and the details of the attack. Scripts got all the tools you need to create your HTTP request with your own payload. *White Paper: *http://ferruh.mavituna.com/papers/oneclickownage.pdf *Scripts: *http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip *Presentation (IT Underground 2009): *http://www.slideshare.net/fmavituna/one-click-ownage-1660539 Regards, -- http://ferruh.mavituna.com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- One Click Ownage [White Paper and Scripts] Ferruh Mavituna (Jul 03)
- Re: One Click Ownage [White Paper and Scripts] Dave Aitel (Jul 03)
- Re: One Click Ownage [White Paper and Scripts] Ferruh Mavituna (Jul 04)
- Re: One Click Ownage [White Paper and Scripts] Dave Aitel (Jul 03)