[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200511191215.jAJCFrvs012970@bluebottle-fe4.bluebottle.com>
Date: Sat Nov 19 12:16:01 2005
From: dave at northern-monkee.co.uk (Dave)
Subject: Framework for the aid of exploiting SQL
injection
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apologies to any one who experienced a problem with running this tool.
I have been made aware that since the latest .net framework BobCat won't
run. It seems the problem is with M$ making
System.Windows.Forms.RaftingSides obsolete.
I wasn't able to build it in the latest C# Express. Or run it on a
machine that had the latest .net framework patches applied.
I being lazy decided just to re-write the GUI from scratch and add a
bunch of new features (v0.2 ETA 1/2 weeks).
This morning I have gone through Alphav0.1 code and removed the
offending items. If you experienced problems please re-download and
give it another try. Apologies for your problems.
A few people had it running, but without checking I don't know when M$
upgraded the controls from depreciated to obsolete.
Hope this helps.
If you need any more help or have any bugs to report always happy to
help or hear. It will always improve the program!
Dave wrote:
> BobCat -- Automated SQL Injection Tool
>
> URL: http://www.northern-monkee.co.uk
>
> Download from:
>
> http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.zip
>
> Or
>
> http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.rar
>
> I've had a few late nights lately re-working BobCat. Upgraded
> to latest C# and .net libs and SP's. I originally wrote the tool a year
> or more ago and now M$ have made a bunch of system.form controls
> obsolete :-(
>
> I took it as an opportunity to re-write the GUI from scratch and it also
> meant I didn't have to juggle things around to fit some of the new
> features in.
>
> I haven't had a local MSSQL DB or APP to test against so can't say with
> certainty that bugs are ironed out, however making progress for
> Alphav0.2 release soon.
>
> Features:
>
> 1. Return Data via:
>
> a) OPENROWSET [alpha v0.1]
> b) Create Table Method [alpha v0.2]
> c) CAST method [alpha v0.2]
>
> 2. Interactive shell via:
>
> a) OPENROWSET [alpha v0.2]
> b) Create Table [alpha v0.2]
> c) CAST method [alpha v0.2]
>
> 3. Port Scanner
>
> a) OPENROWSET (TCP Only) [alpha v0.1]
> b) TCP and UDP (port scanner file upload via XP_CMDSHELL) [alpha v0.2]
>
> 4. File Upload {custom files}
>
> a) Debug [alpha v0.2]
> b) BCP [alpha v0.2]
>
> 5. Password Cracking/ Brute Forcing
>
> a) Dictionary Attack [alpha v0.1]
>
> 6. Interactive Query Analyzer [alpha v0.2]
>
> 7. Custom XP_CMDSHELL
>
> a) re-add it as long as .DLL is present [alpha v0.2]
> b) custom XP_CMDSHELL if no .DLL present [alpha v0.2]
>
> 8. Reverse TCP & UDP Shell upload via
>
> a) Debug [alpha v0.2]
> b) BCP [alpha v0.2]
>
> 9. Browser Window/Control
>
> a) To help with debugging output [alpha v0.2]
>
>
> Thanks to Gary for his excellent perl SQL injection tool (AUTOMAGICAL)
> available from http://scoobygang.org/uncon.zip and Ollies NetCat hacks
> for the reverse shell.
>
> Without their contributions v0.2 would not be as interesting ;-)
>
> If anyone is interested in testing and reporting bugs then drop me a mail.
>
> Cheers
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDfxdkCq8ddNLLSusRAgOFAJ90KOeRmIY25hrb9S+DoGHiLE2HfgCglzQW
eCggAOeTMa4YHRZzFOJB3cc=
=ldZS
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists