lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47EA9948.9020307@timmey.homelinux.com>
Date: Wed, 26 Mar 2008 19:43:20 +0100
From: Tim Kunschke <tim@...mey.homelinux.com>
To: Micheal Cottingham <techie.micheal@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Pangolin v1.2.590 - The best SQLinjector
 you've ever seen



With firefox - URL: *http://www.nosec.org/a.exe*

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>??????</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=GB2312">
<STYLE type="text/css">
  BODY { font: 9pt/12pt ?? }
  H1 { font: 12pt/15pt ?? }
  H2 { font: 9pt/12pt ?? }
  A:link { color: red }
  A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>??????</h1>
????????????????????????
<hr>
<p>???????:</p>
<ul>
<li>????????????????????????????</li>

<li>???????????????,?????????,??????????????
</li>
<li>??<a href="javascript:history.back(1)">??</a>??????????</li>
</ul>
<h2>HTTP ?? 404 - ?????????<br>Internet ???? (IIS)</h2>
<hr>
<p>????(?????????)</p>
<ul>
<li>?? <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft ??????</a>?????&ldquo;HTTP&rdquo;?&ldquo;404&rdquo;????</li>

<li>??&ldquo;IIS ??&rdquo;(?? IIS ??? (inetmgr) ???),???????&ldquo;????&rdquo;?&ldquo;??????&rdquo;?&ldquo;?????????&rdquo;????</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

----------------
EOF
-----------------

wget http://www.nosec.org/a.exe
--19:39:40-- http://www.nosec.org/a.exe
=> `a.exe'
Auflösen des Hostnamen »www.nosec.org«.... 218.92.8.74
Verbindungsaufbau zu www.nosec.org|218.92.8.74|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 404 Not Found
19:40:26 FEHLER 404: Not Found.

:P woooah

°°°°snake°°°°


Micheal Cottingham schrieb:
> C:\Users\Micheal\Research>..\bin\upx\upx -d pangolin_bin\out\pangolin.exe
>                       Ultimate Packer for eXecutables
>  Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007
> UPX 3.02w       Markus Oberhumer, Laszlo Molnar & John Reiser   Dec 16th 2007
>
>        File size         Ratio      Format      Name
>   --------------------   ------   -----------   -----------
>   2834944 <-    879616   31.03%    win32/pe     pangolin.exe
>
> Unpacked 1 file.
>
> C:\Users\Micheal\Research\pangolin_bin\out>strings pangolin.exe | find "http://"
>
> http://www.nosec.org/web/index.php?q=ua_collection&id=
> http://www.nosec.org/web/index.txt
> http://
> http://%s
> http://www.nosec.org
> 2pangolin -- Maded By ZwelL -- http://www.nosec.org
> 0Check http://www.nosec.org for more information.
> http://www.nosec.org/a.exe
> (http://192.168.0.5/access/get.asp?id=295
> (http://192.168.0.5/access/get.asp?id=295
> 'http://192.168.0.5/mysql/get.php?id=295
> %http://192.168.0.5/sql/get.asp?id=295
> &http://192.168.0.5/sql0/get.asp?id=295
>
> C:\Users\Micheal\Research\pangolin_bin\out>
>
> Interesting.
>
> On Wed, Mar 26, 2008 at 1:54 PM, josh <mastahflank@...il.com> wrote:
>   
>> Not me, although I did looked at it. I thought great, kiddies are going to love this
>>  Sent from my BlackBerry(R) smartphone with SprintSpeed
>>
>>  -----Original Message-----
>>  From: davidrook <david.rook@...lexpayments.com>
>>
>>  Date: Wed, 26 Mar 2008 17:23:03
>>  To:Razi Shaban <razishaban@...il.com>
>>  Cc:full-disclosure@...ts.grok.org.uk, webappsec@...urityfocus.com
>>  Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL
>>   injector       you've ever seen
>>
>>
>>  I wonder how many readers of this list now have a backdoor on their
>>  machine...........
>>
>>  Razi Shaban wrote:
>>  > Hmm...
>>  > Backdoors eh?
>>  >
>>  > Nice try.
>>  >
>>  > --
>>  > razi
>>  >
>>  > On 3/26/08, A. Ramos <aramosf@...ec.net> wrote:
>>  >
>>  >> Take a look over:
>>  >>  http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
>>  >>
>>  >>
>>  >>
>>  >>  2008/3/26  <zwell@...u.com>:
>>  >>
>>  >>
>>  >>  >
>>  >>  >
>>  >>  >
>>  >>  > Pangolin is a GUI tool running on Windows to perform as more as possible
>>  >>  > pen-testing through SQL injection. This version now supports following
>>  >>  > databases and operations:
>>  >>  >
>>  >>  > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
>>  >>  > Download file, Read file, File Browser...
>>  >>  > * MYSQL : Server informations, Datas, Read file, Write file...
>>  >>  > * ORACLE : Server informations, Datas, Accounts cracking...
>>  >>  > * PGSQL : Server informations, Datas, Read file...
>>  >>  > * DB2 : Server informations, Datas, ...
>>  >>  > * INFORMIX : Server informations, Datas, ...
>>  >>  > * SQLITE : Server informations, Datas, ...
>>  >>  > * ACCESS : Server informations, Datas, ...
>>  >>  > * SYBASE : Server informations, Datas, ...
>>  >>  > etc.
>>  >>  >
>>  >>  > And supports:
>>  >>  > * HTTPS support
>>  >>  > * Pre-Login
>>  >>  > * Proxy
>>  >>  > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
>>  >>  > * Bypass firewall setting
>>  >>  > * Auto-analyzing keyword
>>  >>  > * Detailed check optio ns
>>  >>  > * Injection-points management
>>  >>  > etc.
>>  >>  >
>>  >>  > What's the differents to the others?
>>  >>  > * Easy-of-use : What I try to do is making pen-tester more care about
>>  >>  > result, not the process. All you should do is clicking the buttons.
>>  >>  > * Amazing Speed : so many people told you things about brute sql injection,
>>  >>  > is it really necessary? Forget char-by-char, we can row-by-row(of cource,
>>  >>  > not every injection-point can do this)?
>>  >>  > * The exact check mothod : do you really think automated tools like
>>  >>  > AWVS,APPSCAN can find all injection-points?
>>  >>  >
>>  >>  > So, whatever, just check it out, and then enjoy your feeling ;)
>>  >>  > More information : http://www.nosec.org/web/index.php?q=pangolin
>>  >>  > Download : http://seclab.nosec.org/security/pangolin_bin.rar
>>  >>  >
>>  >>  > Declare: Pangolin is designed for security testing by pen-tester when he has
>>  >>  > been authorized. DO NOT attack any website viciously or accept the
>>  >>  > consequences!!!
>>  >>  >
>>  >>  >
>>  >>  >
>>  >>  > ________________________________
>>  >>  >
>>  >>  >  2008???????
>>  >>  > *????????,??????????>>
>>  >>
>>  >>
>>  >>> _______________________________________________
>>  >>>
>>  >>  >  Full-Disclosure - We believe in it.
>>  >>  >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  >>  >  Hosted and sponsored by Secunia - http://secunia.com/
>>  >>  >
>>  >>
>>  >>
>>  >>
>>  >>
>>  >>  --
>>  >>  Alejandro Ramos / Alex -- (aramosf@...ec.net)
>>  >>  molling://CISSP/GWAS/CISA
>>  >>  http://www.unsec.net
>>  >>
>>  >> _______________________________________________
>>  >>  Full-Disclosure - We believe in it.
>>  >>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  >>  Hosted and sponsored by Secunia - http://secunia.com/
>>  >>
>>  >>
>>  >> ------------------------------------------------------------------------
>>  >>
>>  >> _______________________________________________
>>  >> Full-Disclosure - We believe in it.
>>  >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  >> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>  --
>>  David Rook | david.rook@...lexpayments.com
>>  Information Security Analyst
>>
>>  Realex Payments
>>  Enabling thousands of businesses to sell online.
>>
>>  Realex Payments, Dublin, www.realexpayments.com
>>  Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
>>  Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538
>>
>>  Realex Payments, London, www.realexpayments.co.uk
>>  1 Hammersmith Grove, London W6 0NB, England
>>  Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264
>>
>>  Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in Ireland, company number 324929.
>>
>>  This mail and any documents attached are classified as confidential and
>>  are intended for use by the addressee(s) only unless otherwise
>>  indicated. If you are not an intended recipient of this email, you must
>>  not use, disclose, copy, distribute or retain this message or any part
>>  of it. If you have received this email in error, please notify us
>>  immediately and delete all copies of this email from your computer
>>  system(s).
>>  --
>>
>>  _______________________________________________
>>  Full-Disclosure - We believe in it.
>>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  Hosted and sponsored by Secunia - http://secunia.com/
>>  _______________________________________________
>>  Full-Disclosure - We believe in it.
>>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  Hosted and sponsored by Secunia - http://secunia.com/
>>     
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ