lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 26 Mar 2008 15:33:51 -0300 (BRT)
From: "Ricardo Giorgi" <skydiver@...ldata.com.br>
To: mastahflank@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Pangolin v1.2.590 - The best
 SQLinjector	you've ever seen



Hi Folks, 
Just for curiosity, did anyone of this list already tried to do a reverse engineering
of the Pangolin's code ?
Ricardo> Not me, although I did looked at it. I thought great, kiddies
are going to love this > Sent from my BlackBerry® smartphone with
SprintSpeed > > -----Original Message----- > From: davidrook
<david.rook@...lexpayments.com> > > Date: Wed, 26 Mar 2008
17:23:03 > To:Razi Shaban <razishaban@...il.com> >
Cc:full-disclosure@...ts.grok.org.uk, webappsec@...urityfocus.com > Subject:
Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL > injector you've ever
seen > > > I wonder how many readers of this list now have a
backdoor on their > machine........... > > Razi Shaban wrote:
>> Hmm... >> Backdoors eh? >> >> Nice
try. >> >> -- >> razi >> >>
On 3/26/08, A. Ramos <aramosf@...ec.net> wrote: >> >>>
Take a look over: >>>
http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c >>>
>>> >>> >>> 2008/3/26
<zwell@...u.com>: >>> >>> >>> >
>>> > >>> > >>> > Pangolin is a
GUI tool running on Windows to perform as more as possible >>> >
pen-testing through SQL injection. This version now supports following >>> > databases and operations: >>> > >>>
> * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, >>> > Download file, Read file, File Browser... >>> > *
MYSQL : Server informations, Datas, Read file, Write file... >>> > *
ORACLE : Server informations, Datas, Accounts cracking... >>> > *
PGSQL : Server informations, Datas, Read file... >>> > * DB2 : Server
informations, Datas, ... >>> > * INFORMIX : Server informations,
Datas, ... >>> > * SQLITE : Server informations, Datas, ... >>> > * ACCESS : Server informations, Datas, ... >>> > *
SYBASE : Server informations, Datas, ... >>> > etc. >>>
> >>> > And supports: >>> > * HTTPS support >>> > * Pre-Login >>> > * Proxy >>> >
* Specify any HTTP headers(User-agent, Cookie, Referer and so on) >>>
> * Bypass firewall setting >>> > * Auto-analyzing keyword >>> > * Detailed check optio ns >>> > *
Injection-points management >>> > etc. >>> > >>> > What's the differents to the others? >>> > *
Easy-of-use : What I try to do is making pen-tester more care about >>>
> result, not the process. All you should do is clicking the buttons. >>> > * Amazing Speed : so many people told you things about brute sql
injection, >>> > is it really necessary? Forget char-by-char, we can
row-by-row(of cource, >>> > not every injection-point can do this)?
>>> > * The exact check mothod : do you really think automated tools
like >>> > AWVS,APPSCAN can find all injection-points? >>> > >>> > So, whatever, just check it out, and then
enjoy your feeling ;) >>> > More information :
http://www.nosec.org/web/index.php?q=pangolin >>> > Download :
http://seclab.nosec.org/security/pangolin_bin.rar >>> > >>> > Declare: Pangolin is designed for security testing by
pen-tester when he has >>> > been authorized. DO NOT attack any
website viciously or accept the >>> > consequences!!! >>> > >>> > >>> > >>>
> ________________________________ >>> > >>> >
2008å¹´è&ndash;ªæ°´ç¿»å&euro;æ&Scaron;&euro;å·§
>>> >
*ç&rdquo;¨æ&oelig;ç&lsaquo;&mdash;æ&lsaquo;¼é&Yuml;³å&dagger;&trade;é&sbquo;®ä»¶ï¼&OElig;ä½&ldquo;éª&OElig;æ&rsaquo;´æµç&bull;&hellip;ç&scaron;&bdquo;中æ&ndash;&Dagger;è¾&ldquo;å&hellip;¥>>
>>> >>> >>>>
_______________________________________________ >>>> >>> > Full-Disclosure - We believe in it. >>> > Charter:
http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and
sponsored by Secunia - http://secunia.com/ >>> > >>>
>>> >>> >>> >>> -- >>> Alejandro Ramos / Alex -- (aramosf@...ec.net) >>>
molling://CISSP/GWAS/CISA >>> http://www.unsec.net >>> >>> _______________________________________________ >>>
Full-Disclosure - We believe in it. >>> Charter:
http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and
sponsored by Secunia - http://secunia.com/ >>> >>> >>> ------------------------------------------------------------------------
>>> >>> _______________________________________________
>>> Full-Disclosure - We believe in it. >>> Charter:
http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and
sponsored by Secunia - http://secunia.com/ > > -- > David
Rook | david.rook@...lexpayments.com > Information Security Analyst >
> Realex Payments > Enabling thousands of businesses to sell online.
> > Realex Payments, Dublin, www.realexpayments.com >
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland > Tel:             +353 (0)1 2808 559        Fax: +353 (0)1 2808 538 > > Realex Payments, London, www.realexpayments.co.uk > 1 Hammersmith Grove,
London W6 0NB, England > Tel:             +44 (0)203 178 5370        Fax: +44 (0)207 691 7264 > > Pay and Shop Limited, trading as Realex Payments has its registered office at > Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in
Ireland, > company number 324929. > > This mail and any
documents attached are classified as confidential and > are intended for use by
the addressee(s) only unless otherwise > indicated. If you are not an intended
recipient of this email, you must > not use, disclose, copy, distribute or
retain this message or any part > of it. If you have received this email in
error, please notify us > immediately and delete all copies of this email from
your computer > system(s). > -- > >
_______________________________________________ > Full-Disclosure - We believe
in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ > Full-Disclosure - We believe
in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ 

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ