|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Aitel (dave
kof.immunityinc.com)
Date: Fri Jul 03 2009 - 22:09:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To sum up the paper: You base64 a callback executable into a VBS script and
then send it over to be executed by xp.cmdshell.
What would be more useful, since DB servers are rarely routable to the
internet, is something that injects into SQL Server and then can be talked
to with MOSDEF or some other ping-pong protocol via the initial SQL
Injection so you can get real access to the DB layer. This wouldn't be that
hard really.
-dave
On Fri, Jul 3, 2009 at 6:49 AM, Ferruh Mavituna <ferruhmavituna.com> wrote:
> This is a different and more practical approach to get a reverse shell or
> code execution in SQL Injections (*particularly in MSSQL*). The idea is
> simple. Getting a reverse shell from an SQL Injection with one HTTP request
> without using an extra channel such as TFTP, FTP to upload the initial
> payload.
>
> White paper explains the steps and the details of the attack. Scripts got
> all the tools you need to create your HTTP request with your own payload.
>
>
> *White Paper:
> *http://ferruh.mavituna.com/papers/oneclickownage.pdf
>
> *Scripts:
> *http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
>
> *Presentation (IT Underground 2009):
> *http://www.slideshare.net/fmavituna/one-click-ownage-1660539
>
>
>
> Regards,
>
>
> --
> http://ferruh.mavituna.com
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]