Full Disclosure mailing list archives
Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen
From: Tim Kunschke <tim () timmey homelinux com>
Date: Wed, 26 Mar 2008 19:43:20 +0100
With firefox - URL: *http://www.nosec.org/a.exe* <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>??????</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=GB2312"> <STYLE type="text/css"> BODY { font: 9pt/12pt ?? } H1 { font: 12pt/15pt ?? } H2 { font: 9pt/12pt ?? } A:link { color: red } A:visited { color: maroon } </STYLE> </HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD> <h1>??????</h1> ???????????????????????? <hr> <p>???????:</p> <ul> <li>????????????????????????????</li> <li>???????????????,?????????,?????????????? </li> <li>??<a href="javascript:history.back(1)">??</a>??????????</li> </ul> <h2>HTTP ?? 404 - ?????????<br>Internet ???? (IIS)</h2> <hr> <p>????(?????????)</p> <ul> <li>?? <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft ??????</a>?????“HTTP”?“404”????</li> <li>??“IIS ??”(?? IIS ??? (inetmgr) ???),???????“????”?“??????”?“?????????”????</li> </ul> </TD></TR></TABLE></BODY></HTML> ---------------- EOF ----------------- wget http://www.nosec.org/a.exe --19:39:40-- http://www.nosec.org/a.exe => `a.exe' Auflösen des Hostnamen »www.nosec.org«.... 218.92.8.74 Verbindungsaufbau zu www.nosec.org|218.92.8.74|:80... verbunden. HTTP Anforderung gesendet, warte auf Antwort... 404 Not Found 19:40:26 FEHLER 404: Not Found. :P woooah °°°°snake°°°° Micheal Cottingham schrieb:
C:\Users\Micheal\Research>..\bin\upx\upx -d pangolin_bin\out\pangolin.exe Ultimate Packer for eXecutables Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007 UPX 3.02w Markus Oberhumer, Laszlo Molnar & John Reiser Dec 16th 2007 File size Ratio Format Name -------------------- ------ ----------- ----------- 2834944 <- 879616 31.03% win32/pe pangolin.exe Unpacked 1 file. C:\Users\Micheal\Research\pangolin_bin\out>strings pangolin.exe | find "http://" http://www.nosec.org/web/index.php?q=ua_collection&id= http://www.nosec.org/web/index.txt http:// http://%s http://www.nosec.org 2pangolin -- Maded By ZwelL -- http://www.nosec.org 0Check http://www.nosec.org for more information. http://www.nosec.org/a.exe (http://192.168.0.5/access/get.asp?id=295 (http://192.168.0.5/access/get.asp?id=295 'http://192.168.0.5/mysql/get.php?id=295 %http://192.168.0.5/sql/get.asp?id=295 &http://192.168.0.5/sql0/get.asp?id=295 C:\Users\Micheal\Research\pangolin_bin\out> Interesting. On Wed, Mar 26, 2008 at 1:54 PM, josh <mastahflank () gmail com> wrote:Not me, although I did looked at it. I thought great, kiddies are going to love this Sent from my BlackBerry(R) smartphone with SprintSpeed -----Original Message----- From: davidrook <david.rook () realexpayments com> Date: Wed, 26 Mar 2008 17:23:03 To:Razi Shaban <razishaban () gmail com> Cc:full-disclosure () lists grok org uk, webappsec () securityfocus com Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen I wonder how many readers of this list now have a backdoor on their machine........... Razi Shaban wrote: > Hmm... > Backdoors eh? > > Nice try. > > -- > razi > > On 3/26/08, A. Ramos <aramosf () unsec net> wrote: > >> Take a look over: >> http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c >> >> >> >> 2008/3/26 <zwell () sohu com>: >> >> >> > >> > >> > >> > Pangolin is a GUI tool running on Windows to perform as more as possible >> > pen-testing through SQL injection. This version now supports following >> > databases and operations: >> > >> > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, >> > Download file, Read file, File Browser... >> > * MYSQL : Server informations, Datas, Read file, Write file... >> > * ORACLE : Server informations, Datas, Accounts cracking... >> > * PGSQL : Server informations, Datas, Read file... >> > * DB2 : Server informations, Datas, ... >> > * INFORMIX : Server informations, Datas, ... >> > * SQLITE : Server informations, Datas, ... >> > * ACCESS : Server informations, Datas, ... >> > * SYBASE : Server informations, Datas, ... >> > etc. >> > >> > And supports: >> > * HTTPS support >> > * Pre-Login >> > * Proxy >> > * Specify any HTTP headers(User-agent, Cookie, Referer and so on) >> > * Bypass firewall setting >> > * Auto-analyzing keyword >> > * Detailed check optio ns >> > * Injection-points management >> > etc. >> > >> > What's the differents to the others? >> > * Easy-of-use : What I try to do is making pen-tester more care about >> > result, not the process. All you should do is clicking the buttons. >> > * Amazing Speed : so many people told you things about brute sql injection, >> > is it really necessary? Forget char-by-char, we can row-by-row(of cource, >> > not every injection-point can do this)? >> > * The exact check mothod : do you really think automated tools like >> > AWVS,APPSCAN can find all injection-points? >> > >> > So, whatever, just check it out, and then enjoy your feeling ;) >> > More information : http://www.nosec.org/web/index.php?q=pangolin >> > Download : http://seclab.nosec.org/security/pangolin_bin.rar >> > >> > Declare: Pangolin is designed for security testing by pen-tester when he has >> > been authorized. DO NOT attack any website viciously or accept the >> > consequences!!! >> > >> > >> > >> > ________________________________ >> > >> > 2008??????? >> > *????????,??????????>> >> >> >>> _______________________________________________ >>> >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> >> >> >> -- >> Alejandro Ramos / Alex -- (aramosf () unsec net) >> molling://CISSP/GWAS/CISA >> http://www.unsec.net >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ -- David Rook | david.rook () realexpayments com Information Security Analyst Realex Payments Enabling thousands of businesses to sell online. Realex Payments, Dublin, www.realexpayments.com Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538 Realex Payments, London, www.realexpayments.co.uk 1 Hammersmith Grove, London W6 0NB, England Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264 Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in Ireland, company number 324929. This mail and any documents attached are classified as confidential and are intended for use by the addressee(s) only unless otherwise indicated. If you are not an intended recipient of this email, you must not use, disclose, copy, distribute or retain this message or any part of it. If you have received this email in error, please notify us immediately and delete all copies of this email from your computer system(s). -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Pangolin v1.2.590 - The best SQL injector you've ever seen zwell (Mar 26)
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen A. Ramos (Mar 26)
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen Razi Shaban (Mar 26)
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen davidrook (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen josh (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Micheal Cottingham (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Tim Kunschke (Mar 26)
- Message not available
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Ricardo Giorgi (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Micheal Cottingham (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Tim Kunschke (Mar 26)
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen Razi Shaban (Mar 26)
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen A. Ramos (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Russ McRee (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Micheal Cottingham (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Luther D. Anderson (Mar 27)