[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Framework for the aid of exploiting SQL injection

To: Roman Medina-Heigl Hernandez <roman@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
From: Dave <dave@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Nov 2005 21:19:26 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BobCat -- Automated SQL Injection Tool

URL: http://www.northern-monkee.co.uk

Download from:

http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.zip

Or

http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.rar

I've had a few late nights lately re-working BobCat.  Upgraded
to latest C# and .net libs and SP's. I originally wrote the tool a year
or more ago and now M$ have made a bunch of system.form controls
obsolete  :-(

I took it as an opportunity to re-write the GUI from scratch and it also
meant I didn't have to juggle things around to fit some of the new
features in.

I haven't had a local MSSQL DB or APP to test against so can't say with
certainty that bugs are ironed out, however making progress for
Alphav0.2 release soon.

Features:

1. Return Data via:

        a) OPENROWSET [alpha v0.1]
        b) Create Table Method [alpha v0.2]
        c) CAST method [alpha v0.2]

2. Interactive shell via:

        a) OPENROWSET [alpha v0.2]
        b) Create Table [alpha v0.2]
        c) CAST method [alpha v0.2]

3. Port Scanner

        a) OPENROWSET (TCP Only) [alpha v0.1]
        b) TCP and UDP (port scanner file upload via XP_CMDSHELL) [alpha v0.2]

4. File Upload {custom files}

        a) Debug [alpha v0.2]
        b) BCP [alpha v0.2]

5. Password Cracking/ Brute Forcing

        a) Dictionary Attack [alpha v0.1]

6. Interactive Query Analyzer [alpha v0.2]

7. Custom XP_CMDSHELL

        a) re-add it as long as .DLL is present [alpha v0.2]
        b) custom XP_CMDSHELL if no .DLL present [alpha v0.2]

8. Reverse TCP & UDP Shell upload via

        a) Debug [alpha v0.2]
        b) BCP [alpha v0.2]

9. Browser Window/Control

        a) To help with debugging output [alpha v0.2]


Thanks to Gary for his excellent perl SQL injection tool (AUTOMAGICAL)
available from http://scoobygang.org/uncon.zip and Ollies NetCat hacks
for the reverse shell.

Without their contributions v0.2 would not be as interesting  ;-)

If anyone is interested in testing and reporting bugs then drop me a mail.

Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDfjdOCq8ddNLLSusRAtmpAJ0d16WCEbxWpsucfXw2b2dhaPM0kwCgqVLl
qB4Q06K4/VR9NkJ6meT7ImE=
=QN9y
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
  - From: Dave

References:
- [Full-disclosure] Framework for the aid of exploiting SQL injection
  - From: Roman Medina-Heigl Hernandez
- Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
  - From: David Litchfield

Prev by Date: Re: [Full-disclosure] Windows 2003 Logging/Log Analysis Tool
Next by Date: [Full-disclosure] ExoPHPDesk is helpdesk written in PHP/SQL.
Previous by thread: Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
Next by thread: Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
Index(es):
- Date
- Thread