Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen

["Micheal Cottingham" <techie.micheal () gmail com>]

Just some interesting strings and such:

pdf_poc.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1

..\\..\\..\\..\\windows\\system32\\cmd.exe
..\\..\\..\\..\\windows\\system32\\tftp.exe
 -i zwell.3322.org
a.bat
Cpdf_poc.txt
Cpdf_poc.txt
Cpdf_poc.txt
www.w3.org
ns.adobe.com
purl.org
Cpdf_poc.txt
ns.adobe.com
ns.adobe.com
Cpdf_poc.txt
Cpdf_poc.txt

http://www.w3.org/1999/02/22-rdf-syntax-ns#";>
http://ns.adobe.com/xap/1.0/";>
http://purl.org/dc/elements/1.1/";>
http://ns.adobe.com/xap/1.0/mm/";>
http://ns.adobe.com/pdf/1.3/";>

zps.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=f43b645dd1308b141193037d163a0731&refresh=1

demon.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=8af6928a2eb9de7439fe869984ab1583&refresh=1

DnsQuery_A

So much for not doing anything illegal with the software, this guy
goes and does illegal things for you.


2008/3/26 Russ McRee <holisticinfosec () gmail com>:
> http://www.nosec.org/web/files/demon.exe
> http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3
>
> http://www.nosec.org/web/files/pdf_poc.exe
> http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559
>
> http://www.nosec.org/web/files/zps.exe
> http://www.virustotal.com/analisis/26d6e7ff7aa79d20331906543a73d458
>
>
>
> On Wed, Mar 26, 2008 at 10:54 AM, josh <mastahflank () gmail com> wrote:
> > Not me, although I did looked at it. I thought great, kiddies are going to
> love this
> > Sent from my BlackBerry(R) smartphone with SprintSpeed
> >
> >
> >
> >
> > -----Original Message-----
> > From: davidrook <david.rook () realexpayments com>
> >
> > Date: Wed, 26 Mar 2008 17:23:03
> > To:Razi Shaban <razishaban () gmail com>
> > Cc:full-disclosure () lists grok org uk, webappsec () securityfocus com
> > Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL
> >  injector       you've ever seen
> >
> >
> > I wonder how many readers of this list now have a backdoor on their
> > machine...........
> >
> > Razi Shaban wrote:
> > > Hmm...
> > > Backdoors eh?
> > >
> > > Nice try.
> > >
> > > --
> > > razi
> > >
> > > On 3/26/08, A. Ramos <aramosf () unsec net> wrote:
> > >
> > > > Take a look over:
> > > >  http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
> > > >
> > > >
> > > >
> > > >  2008/3/26  <zwell () sohu com>:
> > > >
> > > >
> > > >  >
> > > >  >
> > > >  >
> > > >  > Pangolin is a GUI tool running on Windows to perform as more as
> possible
> > > >  > pen-testing through SQL injection. This version now supports
> following
> > > >  > databases and operations:
> > > >  >
> > > >  > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write
> file,
> > > >  > Download file, Read file, File Browser...
> > > >  > * MYSQL : Server informations, Datas, Read file, Write file...
> > > >  > * ORACLE : Server informations, Datas, Accounts cracking...
> > > >  > * PGSQL : Server informations, Datas, Read file...
> > > >  > * DB2 : Server informations, Datas, ...
> > > >  > * INFORMIX : Server informations, Datas, ...
> > > >  > * SQLITE : Server informations, Datas, ...
> > > >  > * ACCESS : Server informations, Datas, ...
> > > >  > * SYBASE : Server informations, Datas, ...
> > > >  > etc.
> > > >  >
> > > >  > And supports:
> > > >  > * HTTPS support
> > > >  > * Pre-Login
> > > >  > * Proxy
> > > >  > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
> > > >  > * Bypass firewall setting
> > > >  > * Auto-analyzing keyword
> > > >  > * Detailed check optio ns
> > > >  > * Injection-points management
> > > >  > etc.
> > > >  >
> > > >  > What's the differents to the others?
> > > >  > * Easy-of-use : What I try to do is making pen-tester more care
> about
> > > >  > result, not the process. All you should do is clicking the buttons.
> > > >  > * Amazing Speed : so many people told you things about brute sql
> injection,
> > > >  > is it really necessary? Forget char-by-char, we can row-by-row(of
> cource,
> > > >  > not every injection-point can do this)?
> > > >  > * The exact check mothod : do you really think automated tools like
> > > >  > AWVS,APPSCAN can find all injection-points?
> > > >  >
> > > >  > So, whatever, just check it out, and then enjoy your feeling ;)
> > > >  > More information : http://www.nosec.org/web/index.php?q=pangolin
> > > >  > Download : http://seclab.nosec.org/security/pangolin_bin.rar
> > > >  >
> > > >  > Declare: Pangolin is designed for security testing by pen-tester
> when he has
> > > >  > been authorized. DO NOT attack any website viciously or accept the
> > > >  > consequences!!!
> > > >  >
> > > >  >
> > > >  >
> > > >  > ________________________________
> > > >  >
> > > >  >  2008年薪水翻倍技巧
> > > >  > *用搜狗拼音写邮件，体验更流畅的中文输入>>
> > > >
> > > >
> > > > > _______________________________________________
> > > >  >  Full-Disclosure - We believe in it.
> > > >  >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >  >  Hosted and sponsored by Secunia - http://secunia.com/
> > > >  >
> > > >
> > > >
> > > >
> > > >
> > > >  --
> > > >  Alejandro Ramos / Alex -- (aramosf () unsec net)
> > > >  molling://CISSP/GWAS/CISA
> > > >  http://www.unsec.net
> > > >
> > > > _______________________________________________
> > > >  Full-Disclosure - We believe in it.
> > > >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >  Hosted and sponsored by Secunia - http://secunia.com/
> ------------------------------------------------------------------------
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > --
> > David Rook | david.rook () realexpayments com
> > Information Security Analyst
> >
> > Realex Payments
> > Enabling thousands of businesses to sell online.
> >
> > Realex Payments, Dublin, www.realexpayments.com
> > Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
> > Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538
> >
> > Realex Payments, London, www.realexpayments.co.uk
> > 1 Hammersmith Grove, London W6 0NB, England
> > Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264
> >
> > Pay and Shop Limited, trading as Realex Payments has its registered office
> at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is
> registered in Ireland, company number 324929.
> > This mail and any documents attached are classified as confidential and
> > are intended for use by the addressee(s) only unless otherwise
> > indicated. If you are not an intended recipient of this email, you must
> > not use, disclose, copy, distribute or retain this message or any part
> > of it. If you have received this email in error, please notify us
> > immediately and delete all copies of this email from your computer
> > system(s).
> > --
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> Russ McRee, GCIH, GCFA, CISSP
> 425-518-6998 cell
> holisticinfosec.org
>  blog.holisticinfosec.org
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/