Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Volatile Worm

From: p1g <killfactory () gmail com>
Date: Thu, 14 Feb 2008 20:00:11 -0500
Am i only one that is hesitant to execute a worm on a customers network?

I noticed that no one has replied.

On 2/11/08, Rafael Silva <listas () geekworld com br> wrote:

Hello everyone,

I'm here to publish a tool that exploits the concept of web
application worms.
It's not a brand new thing but I hope to help sysadmins and the
security community.
Volatine Worm is a web worm for MSSQL web applications vulnerable to
SQL Injection and forces
them into executing store procedures like xp_cmdshell.

The concept of this worm is pretty simple: Find vulnerable hosts in an
automated fashion searching
in Google for URLs like:

news.asp
noticias.asp
comments.asp
...

When the worm finds a potential vulnerable application it tests if it
is flawed by simply appending
a single quote in the URL. It analyzes the error code returned to
determine if it is running MSSQL.
If it succedes to find a MSSQL, the worm issues a 'ping' command using
xp_cmdshell, performing
a phone home. Then you can test a lot of things like setup a ftp
server and send any file to the
vulnerable host.

Feel free to improve the code.

Download: http://www.rfdslabs.com.br/volatile.txt





rfds@gland:~/codes/volatile$ perl volatile.pl  -h

Volatile [Automatic SQL Injection Exploit]
Written by rfds and hash

use volatile.pl [-h|-q <query>|-w <walk>|-d <device>|-i <ip>]

       -h:     print this help
       -q:     the magic query string  [required]
       -w:     rounds per search       [required]
       -d:     external device         [required]
       -i:     the device's ip         [required]

happy hacking
rfds@gland:~/codes/volatile$


Cheers,
-Rafael Silva


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------





-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: