lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200511182019.jAIKJT9R009633@bluebottle-fe4.bluebottle.com>
Date: Fri Nov 18 20:19:49 2005
From: dave at northern-monkee.co.uk (Dave)
Subject: Framework for the aid of exploiting
	SQL	injection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BobCat -- Automated SQL Injection Tool

URL: http://www.northern-monkee.co.uk

Download from:

http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.zip

Or

http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.rar

I've had a few late nights lately re-working BobCat.  Upgraded
to latest C# and .net libs and SP's. I originally wrote the tool a year
or more ago and now M$ have made a bunch of system.form controls
obsolete  :-(

I took it as an opportunity to re-write the GUI from scratch and it also
meant I didn't have to juggle things around to fit some of the new
features in.

I haven't had a local MSSQL DB or APP to test against so can't say with
certainty that bugs are ironed out, however making progress for
Alphav0.2 release soon.

Features:

1. Return Data via:

	a) OPENROWSET [alpha v0.1]
	b) Create Table Method [alpha v0.2]
	c) CAST method [alpha v0.2]

2. Interactive shell via:

	a) OPENROWSET [alpha v0.2]
	b) Create Table [alpha v0.2]
	c) CAST method [alpha v0.2]

3. Port Scanner

	a) OPENROWSET (TCP Only) [alpha v0.1]
	b) TCP and UDP (port scanner file upload via XP_CMDSHELL) [alpha v0.2]

4. File Upload {custom files}

	a) Debug [alpha v0.2]
	b) BCP [alpha v0.2]

5. Password Cracking/ Brute Forcing

	a) Dictionary Attack [alpha v0.1]

6. Interactive Query Analyzer [alpha v0.2]

7. Custom XP_CMDSHELL

	a) re-add it as long as .DLL is present [alpha v0.2]
	b) custom XP_CMDSHELL if no .DLL present [alpha v0.2]

8. Reverse TCP & UDP Shell upload via

	a) Debug [alpha v0.2]
	b) BCP [alpha v0.2]

9. Browser Window/Control

	a) To help with debugging output [alpha v0.2]


Thanks to Gary for his excellent perl SQL injection tool (AUTOMAGICAL)
available from http://scoobygang.org/uncon.zip and Ollies NetCat hacks
for the reverse shell.

Without their contributions v0.2 would not be as interesting  ;-)

If anyone is interested in testing and reporting bugs then drop me a mail.

Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDfjdOCq8ddNLLSusRAtmpAJ0d16WCEbxWpsucfXw2b2dhaPM0kwCgqVLl
qB4Q06K4/VR9NkJ6meT7ImE=
=QN9y
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ