[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fec013240803261630v7973aab9qc2f54abc39ce387c@mail.gmail.com>
Date: Wed, 26 Mar 2008 19:30:20 -0400
From: "Micheal Cottingham" <techie.micheal@...il.com>
To: "Russ McRee" <holisticinfosec@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Pangolin v1.2.590 - The best SQLinjector
you've ever seen
Just some interesting strings and such:
pdf_poc.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1
..\\..\\..\\..\\windows\\system32\\cmd.exe
..\\..\\..\\..\\windows\\system32\\tftp.exe
-i zwell.3322.org
a.bat
Cpdf_poc.txt
Cpdf_poc.txt
Cpdf_poc.txt
www.w3.org
ns.adobe.com
purl.org
Cpdf_poc.txt
ns.adobe.com
ns.adobe.com
Cpdf_poc.txt
Cpdf_poc.txt
http://www.w3.org/1999/02/22-rdf-syntax-ns#">
http://ns.adobe.com/xap/1.0/">
http://purl.org/dc/elements/1.1/">
http://ns.adobe.com/xap/1.0/mm/">
http://ns.adobe.com/pdf/1.3/">
zps.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=f43b645dd1308b141193037d163a0731&refresh=1
demon.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=8af6928a2eb9de7439fe869984ab1583&refresh=1
DnsQuery_A
So much for not doing anything illegal with the software, this guy
goes and does illegal things for you.
2008/3/26 Russ McRee <holisticinfosec@...il.com>:
> http://www.nosec.org/web/files/demon.exe
> http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3
>
> http://www.nosec.org/web/files/pdf_poc.exe
> http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559
>
> http://www.nosec.org/web/files/zps.exe
> http://www.virustotal.com/analisis/26d6e7ff7aa79d20331906543a73d458
>
>
>
> On Wed, Mar 26, 2008 at 10:54 AM, josh <mastahflank@...il.com> wrote:
> > Not me, although I did looked at it. I thought great, kiddies are going to
> love this
> > Sent from my BlackBerry(R) smartphone with SprintSpeed
> >
> >
> >
> >
> > -----Original Message-----
> > From: davidrook <david.rook@...lexpayments.com>
> >
> > Date: Wed, 26 Mar 2008 17:23:03
> > To:Razi Shaban <razishaban@...il.com>
> > Cc:full-disclosure@...ts.grok.org.uk, webappsec@...urityfocus.com
> > Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL
> > injector you've ever seen
> >
> >
> > I wonder how many readers of this list now have a backdoor on their
> > machine...........
> >
> > Razi Shaban wrote:
> > > Hmm...
> > > Backdoors eh?
> > >
> > > Nice try.
> > >
> > > --
> > > razi
> > >
> > > On 3/26/08, A. Ramos <aramosf@...ec.net> wrote:
> > >
> > >> Take a look over:
> > >> http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
> > >>
> > >>
> > >>
> > >> 2008/3/26 <zwell@...u.com>:
> > >>
> > >>
> > >> >
> > >> >
> > >> >
> > >> > Pangolin is a GUI tool running on Windows to perform as more as
> possible
> > >> > pen-testing through SQL injection. This version now supports
> following
> > >> > databases and operations:
> > >> >
> > >> > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write
> file,
> > >> > Download file, Read file, File Browser...
> > >> > * MYSQL : Server informations, Datas, Read file, Write file...
> > >> > * ORACLE : Server informations, Datas, Accounts cracking...
> > >> > * PGSQL : Server informations, Datas, Read file...
> > >> > * DB2 : Server informations, Datas, ...
> > >> > * INFORMIX : Server informations, Datas, ...
> > >> > * SQLITE : Server informations, Datas, ...
> > >> > * ACCESS : Server informations, Datas, ...
> > >> > * SYBASE : Server informations, Datas, ...
> > >> > etc.
> > >> >
> > >> > And supports:
> > >> > * HTTPS support
> > >> > * Pre-Login
> > >> > * Proxy
> > >> > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
> > >> > * Bypass firewall setting
> > >> > * Auto-analyzing keyword
> > >> > * Detailed check optio ns
> > >> > * Injection-points management
> > >> > etc.
> > >> >
> > >> > What's the differents to the others?
> > >> > * Easy-of-use : What I try to do is making pen-tester more care
> about
> > >> > result, not the process. All you should do is clicking the buttons.
> > >> > * Amazing Speed : so many people told you things about brute sql
> injection,
> > >> > is it really necessary? Forget char-by-char, we can row-by-row(of
> cource,
> > >> > not every injection-point can do this)?
> > >> > * The exact check mothod : do you really think automated tools like
> > >> > AWVS,APPSCAN can find all injection-points?
> > >> >
> > >> > So, whatever, just check it out, and then enjoy your feeling ;)
> > >> > More information : http://www.nosec.org/web/index.php?q=pangolin
> > >> > Download : http://seclab.nosec.org/security/pangolin_bin.rar
> > >> >
> > >> > Declare: Pangolin is designed for security testing by pen-tester
> when he has
> > >> > been authorized. DO NOT attack any website viciously or accept the
> > >> > consequences!!!
> > >> >
> > >> >
> > >> >
> > >> > ________________________________
> > >> >
> > >> > 2008年薪水翻倍技巧
> > >> > *用搜狗拼音写邮件,体验更流畅的中文输入>>
> > >>
> > >>
> > >>> _______________________________________________
> > >>>
> > >> > Full-Disclosure - We believe in it.
> > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > >> > Hosted and sponsored by Secunia - http://secunia.com/
> > >> >
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> Alejandro Ramos / Alex -- (aramosf@...ec.net)
> > >> molling://CISSP/GWAS/CISA
> > >> http://www.unsec.net
> > >>
> > >> _______________________________________________
> > >> Full-Disclosure - We believe in it.
> > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > >> Hosted and sponsored by Secunia - http://secunia.com/
> > >>
> > >>
> > >>
> ------------------------------------------------------------------------
> > >>
> > >> _______________________________________________
> > >> Full-Disclosure - We believe in it.
> > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> > --
> > David Rook | david.rook@...lexpayments.com
> > Information Security Analyst
> >
> > Realex Payments
> > Enabling thousands of businesses to sell online.
> >
> > Realex Payments, Dublin, www.realexpayments.com
> > Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
> > Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538
> >
> > Realex Payments, London, www.realexpayments.co.uk
> > 1 Hammersmith Grove, London W6 0NB, England
> > Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264
> >
> > Pay and Shop Limited, trading as Realex Payments has its registered office
> at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is
> registered in Ireland, company number 324929.
> >
> > This mail and any documents attached are classified as confidential and
> > are intended for use by the addressee(s) only unless otherwise
> > indicated. If you are not an intended recipient of this email, you must
> > not use, disclose, copy, distribute or retain this message or any part
> > of it. If you have received this email in error, please notify us
> > immediately and delete all copies of this email from your computer
> > system(s).
> > --
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> Russ McRee, GCIH, GCFA, CISSP
> 425-518-6998 cell
> holisticinfosec.org
> blog.holisticinfosec.org
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists