| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Nov 18 20:19:49 2005
From: dave at northern-monkee.co.uk (Dave)
Subject: Framework for the aid of exploiting
SQL injection
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
BobCat -- Automated SQL Injection Tool
URL: http://www.northern-monkee.co.uk
Download from:
http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.zip
Or
http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.rar
I've had a few late nights lately re-working BobCat. Upgraded
to latest C# and .net libs and SP's. I originally wrote the tool a year
or more ago and now M$ have made a bunch of system.form controls
obsolete :-(
I took it as an opportunity to re-write the GUI from scratch and it also
meant I didn't have to juggle things around to fit some of the new
features in.
I haven't had a local MSSQL DB or APP to test against so can't say with
certainty that bugs are ironed out, however making progress for
Alphav0.2 release soon.
Features:
1. Return Data via:
a) OPENROWSET [alpha v0.1]
b) Create Table Method [alpha v0.2]
c) CAST method [alpha v0.2]
2. Interactive shell via:
a) OPENROWSET [alpha v0.2]
b) Create Table [alpha v0.2]
c) CAST method [alpha v0.2]
3. Port Scanner
a) OPENROWSET (TCP Only) [alpha v0.1]
b) TCP and UDP (port scanner file upload via XP_CMDSHELL) [alpha v0.2]
4. File Upload {custom files}
a) Debug [alpha v0.2]
b) BCP [alpha v0.2]
5. Password Cracking/ Brute Forcing
a) Dictionary Attack [alpha v0.1]
6. Interactive Query Analyzer [alpha v0.2]
7. Custom XP_CMDSHELL
a) re-add it as long as .DLL is present [alpha v0.2]
b) custom XP_CMDSHELL if no .DLL present [alpha v0.2]
8. Reverse TCP & UDP Shell upload via
a) Debug [alpha v0.2]
b) BCP [alpha v0.2]
9. Browser Window/Control
a) To help with debugging output [alpha v0.2]
Thanks to Gary for his excellent perl SQL injection tool (AUTOMAGICAL)
available from http://scoobygang.org/uncon.zip and Ollies NetCat hacks
for the reverse shell.
Without their contributions v0.2 would not be as interesting ;-)
If anyone is interested in testing and reporting bugs then drop me a mail.
Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDfjdOCq8ddNLLSusRAtmpAJ0d16WCEbxWpsucfXw2b2dhaPM0kwCgqVLl
qB4Q06K4/VR9NkJ6meT7ImE=
=QN9y
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists