lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200511191215.jAJCFrvs012970@bluebottle-fe4.bluebottle.com>
Date: Sat Nov 19 12:16:01 2005
From: dave at northern-monkee.co.uk (Dave)
Subject: Framework for the aid of exploiting SQL
	injection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apologies to any one who experienced a problem with running this tool.
I have been made aware that since the latest .net framework BobCat won't
run.  It seems the problem is with M$ making
System.Windows.Forms.RaftingSides obsolete.

I wasn't able to build it in the latest C# Express.  Or run it on a
machine that had the latest .net framework patches applied.

I being lazy decided just to re-write the GUI from scratch and add a
bunch of new features (v0.2 ETA 1/2 weeks).

This morning I have gone through Alphav0.1 code and removed the
offending items.  If you experienced problems please re-download and
give it another try.  Apologies for your problems.

A few people had it running, but without checking I don't know when M$
upgraded the controls from depreciated to obsolete.

Hope this helps.

If you need any more help or have any bugs to report always happy to
help or hear.  It will always improve the program!

Dave wrote:
> BobCat -- Automated SQL Injection Tool
> 
> URL: http://www.northern-monkee.co.uk
> 
> Download from:
> 
> http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.zip
> 
> Or
> 
> http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.rar
> 
> I've had a few late nights lately re-working BobCat.  Upgraded
> to latest C# and .net libs and SP's. I originally wrote the tool a year
> or more ago and now M$ have made a bunch of system.form controls
> obsolete  :-(
> 
> I took it as an opportunity to re-write the GUI from scratch and it also
> meant I didn't have to juggle things around to fit some of the new
> features in.
> 
> I haven't had a local MSSQL DB or APP to test against so can't say with
> certainty that bugs are ironed out, however making progress for
> Alphav0.2 release soon.
> 
> Features:
> 
> 1. Return Data via:
> 
> 	a) OPENROWSET [alpha v0.1]
> 	b) Create Table Method [alpha v0.2]
> 	c) CAST method [alpha v0.2]
> 
> 2. Interactive shell via:
> 
> 	a) OPENROWSET [alpha v0.2]
> 	b) Create Table [alpha v0.2]
> 	c) CAST method [alpha v0.2]
> 
> 3. Port Scanner
> 
> 	a) OPENROWSET (TCP Only) [alpha v0.1]
> 	b) TCP and UDP (port scanner file upload via XP_CMDSHELL) [alpha v0.2]
> 
> 4. File Upload {custom files}
> 
> 	a) Debug [alpha v0.2]
> 	b) BCP [alpha v0.2]
> 
> 5. Password Cracking/ Brute Forcing
> 
> 	a) Dictionary Attack [alpha v0.1]
> 
> 6. Interactive Query Analyzer [alpha v0.2]
> 
> 7. Custom XP_CMDSHELL
> 
> 	a) re-add it as long as .DLL is present [alpha v0.2]
> 	b) custom XP_CMDSHELL if no .DLL present [alpha v0.2]
> 
> 8. Reverse TCP & UDP Shell upload via
> 
> 	a) Debug [alpha v0.2]
> 	b) BCP [alpha v0.2]
> 
> 9. Browser Window/Control
> 
> 	a) To help with debugging output [alpha v0.2]
> 
> 
> Thanks to Gary for his excellent perl SQL injection tool (AUTOMAGICAL)
> available from http://scoobygang.org/uncon.zip and Ollies NetCat hacks
> for the reverse shell.
> 
> Without their contributions v0.2 would not be as interesting  ;-)
> 
> If anyone is interested in testing and reporting bugs then drop me a mail.
> 
> Cheers
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDfxdkCq8ddNLLSusRAgOFAJ90KOeRmIY25hrb9S+DoGHiLE2HfgCglzQW
eCggAOeTMa4YHRZzFOJB3cc=
=ldZS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ