[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <9cbe94660803272050v6306b9cbr9fa91a4bf2d7dab5@mail.gmail.com>
Date: Fri, 28 Mar 2008 11:50:11 +0800
From: "Luther D. Anderson" <ld0x41@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Pangolin v1.2.590 - The best SQLinjector
you've ever seen
Mike and the Twinkies,
You're a genius. To the other security twinkies that are very well
versed in strings analysis please get another job at the local
newspaper co.
So if it went clear through VirusTotal you would run it on your
machines? I'd be happy to provide a DumbassTotal service for all of
you.
-- LDA
On 3/27/08, Micheal Cottingham <techie.micheal@...il.com> wrote:
> Just some interesting strings and such:
>
> pdf_poc.exe:
> http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1
>
> ..\\..\\..\\..\\windows\\system32\\cmd.exe
> ..\\..\\..\\..\\windows\\system32\\tftp.exe
> -i zwell.3322.org
> a.bat
> Cpdf_poc.txt
> Cpdf_poc.txt
> Cpdf_poc.txt
> www.w3.org
> ns.adobe.com
> purl.org
> Cpdf_poc.txt
> ns.adobe.com
> ns.adobe.com
> Cpdf_poc.txt
> Cpdf_poc.txt
>
> http://www.w3.org/1999/02/22-rdf-syntax-ns#">
> http://ns.adobe.com/xap/1.0/">
> http://purl.org/dc/elements/1.1/">
> http://ns.adobe.com/xap/1.0/mm/">
> http://ns.adobe.com/pdf/1.3/">
>
> zps.exe:
> http://analysis.seclab.tuwien.ac.at/result.php?taskid=f43b645dd1308b141193037d163a0731&refresh=1
>
> demon.exe:
> http://analysis.seclab.tuwien.ac.at/result.php?taskid=8af6928a2eb9de7439fe869984ab1583&refresh=1
>
> DnsQuery_A
>
> So much for not doing anything illegal with the software, this guy
> goes and does illegal things for you.
>
>
> 2008/3/26 Russ McRee <holisticinfosec@...il.com>:
>
> > http://www.nosec.org/web/files/demon.exe
> > http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3
> >
> > http://www.nosec.org/web/files/pdf_poc.exe
> > http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559
> >
> > http://www.nosec.org/web/files/zps.exe
> > http://www.virustotal.com/analisis/26d6e7ff7aa79d20331906543a73d458
> >
> >
> >
> > On Wed, Mar 26, 2008 at 10:54 AM, josh <mastahflank@...il.com> wrote:
> > > Not me, although I did looked at it. I thought great, kiddies are going to
> > love this
>
> > > Sent from my BlackBerry(R) smartphone with SprintSpeed
>
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: davidrook <david.rook@...lexpayments.com>
> > >
> > > Date: Wed, 26 Mar 2008 17:23:03
> > > To:Razi Shaban <razishaban@...il.com>
> > > Cc:full-disclosure@...ts.grok.org.uk, webappsec@...urityfocus.com
> > > Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL
> > > injector you've ever seen
> > >
> > >
> > > I wonder how many readers of this list now have a backdoor on their
> > > machine...........
> > >
> > > Razi Shaban wrote:
> > > > Hmm...
> > > > Backdoors eh?
> > > >
> > > > Nice try.
> > > >
> > > > --
> > > > razi
> > > >
> > > > On 3/26/08, A. Ramos <aramosf@...ec.net> wrote:
> > > >
> > > >> Take a look over:
> > > >> http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
> > > >>
> > > >>
> > > >>
> > > >> 2008/3/26 <zwell@...u.com>:
> > > >>
> > > >>
> > > >> >
> > > >> >
> > > >> >
> > > >> > Pangolin is a GUI tool running on Windows to perform as more as
> > possible
> > > >> > pen-testing through SQL injection. This version now supports
> > following
> > > >> > databases and operations:
> > > >> >
> > > >> > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write
> > file,
> > > >> > Download file, Read file, File Browser...
> > > >> > * MYSQL : Server informations, Datas, Read file, Write file...
> > > >> > * ORACLE : Server informations, Datas, Accounts cracking...
> > > >> > * PGSQL : Server informations, Datas, Read file...
> > > >> > * DB2 : Server informations, Datas, ...
> > > >> > * INFORMIX : Server informations, Datas, ...
> > > >> > * SQLITE : Server informations, Datas, ...
> > > >> > * ACCESS : Server informations, Datas, ...
> > > >> > * SYBASE : Server informations, Datas, ...
> > > >> > etc.
> > > >> >
> > > >> > And supports:
> > > >> > * HTTPS support
> > > >> > * Pre-Login
> > > >> > * Proxy
> > > >> > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
> > > >> > * Bypass firewall setting
> > > >> > * Auto-analyzing keyword
> > > >> > * Detailed check optio ns
> > > >> > * Injection-points management
> > > >> > etc.
> > > >> >
> > > >> > What's the differents to the others?
> > > >> > * Easy-of-use : What I try to do is making pen-tester more care
> > about
> > > >> > result, not the process. All you should do is clicking the buttons.
> > > >> > * Amazing Speed : so many people told you things about brute sql
> > injection,
> > > >> > is it really necessary? Forget char-by-char, we can row-by-row(of
> > cource,
> > > >> > not every injection-point can do this)?
> > > >> > * The exact check mothod : do you really think automated tools like
> > > >> > AWVS,APPSCAN can find all injection-points?
> > > >> >
> > > >> > So, whatever, just check it out, and then enjoy your feeling ;)
> > > >> > More information : http://www.nosec.org/web/index.php?q=pangolin
> > > >> > Download : http://seclab.nosec.org/security/pangolin_bin.rar
> > > >> >
> > > >> > Declare: Pangolin is designed for security testing by pen-tester
> > when he has
> > > >> > been authorized. DO NOT attack any website viciously or accept the
> > > >> > consequences!!!
> > > >> >
> > > >> >
> > > >> >
> > > >> > ________________________________
> > > >> >
> > > >> > 2008年薪水翻倍技巧
> > > >> > *用搜狗拼音写邮件,体验更流畅的中文输入>>
> > > >>
> > > >>
> > > >>> _______________________________________________
> > > >>>
> > > >> > Full-Disclosure - We believe in it.
> > > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> > Hosted and sponsored by Secunia - http://secunia.com/
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Alejandro Ramos / Alex -- (aramosf@...ec.net)
> > > >> molling://CISSP/GWAS/CISA
> > > >> http://www.unsec.net
> > > >>
> > > >> _______________________________________________
> > > >> Full-Disclosure - We believe in it.
> > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > >>
> > > >>
> > > >>
> > ------------------------------------------------------------------------
> > > >>
> > > >> _______________________________________________
> > > >> Full-Disclosure - We believe in it.
> > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > > --
> > > David Rook | david.rook@...lexpayments.com
> > > Information Security Analyst
> > >
> > > Realex Payments
> > > Enabling thousands of businesses to sell online.
> > >
> > > Realex Payments, Dublin, www.realexpayments.com
> > > Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
> > > Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538
> > >
> > > Realex Payments, London, www.realexpayments.co.uk
> > > 1 Hammersmith Grove, London W6 0NB, England
> > > Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264
> > >
> > > Pay and Shop Limited, trading as Realex Payments has its registered office
> > at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is
> > registered in Ireland, company number 324929.
> > >
> > > This mail and any documents attached are classified as confidential and
> > > are intended for use by the addressee(s) only unless otherwise
> > > indicated. If you are not an intended recipient of this email, you must
> > > not use, disclose, copy, distribute or retain this message or any part
> > > of it. If you have received this email in error, please notify us
> > > immediately and delete all copies of this email from your computer
> > > system(s).
> > > --
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > --
> > Russ McRee, GCIH, GCFA, CISSP
> > 425-518-6998 cell
> > holisticinfosec.org
> > blog.holisticinfosec.org
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists