[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

C:\Users\Micheal\Research>..\bin\upx\upx -d pangolin_bin\out\pangolin.exe
                      Ultimate Packer for eXecutables
 Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007
UPX 3.02w       Markus Oberhumer, Laszlo Molnar & John Reiser   Dec 16th 2007

       File size         Ratio      Format      Name
  --------------------   ------   -----------   -----------
  2834944 <-    879616   31.03%    win32/pe     pangolin.exe

Unpacked 1 file.

C:\Users\Micheal\Research\pangolin_bin\out>strings pangolin.exe | find "http://";

http://www.nosec.org/web/index.php?q=ua_collection&id=
http://www.nosec.org/web/index.txt
http://
http://%s
http://www.nosec.org
2pangolin -- Maded By ZwelL -- http://www.nosec.org
0Check http://www.nosec.org for more information.
http://www.nosec.org/a.exe
(http://192.168.0.5/access/get.asp?id=295
(http://192.168.0.5/access/get.asp?id=295
'http://192.168.0.5/mysql/get.php?id=295
%http://192.168.0.5/sql/get.asp?id=295
&http://192.168.0.5/sql0/get.asp?id=295

C:\Users\Micheal\Research\pangolin_bin\out>

Interesting.

On Wed, Mar 26, 2008 at 1:54 PM, josh <mastahflank@xxxxxxxxx> wrote:
> Not me, although I did looked at it. I thought great, kiddies are going to 
> love this
>  Sent from my BlackBerry(R) smartphone with SprintSpeed
>
>  -----Original Message-----
>  From: davidrook <david.rook@xxxxxxxxxxxxxxxxxx>
>
>  Date: Wed, 26 Mar 2008 17:23:03
>  To:Razi Shaban <razishaban@xxxxxxxxx>
>  Cc:full-disclosure@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx
>  Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL
>   injector       you've ever seen
>
>
>  I wonder how many readers of this list now have a backdoor on their
>  machine...........
>
>  Razi Shaban wrote:
>  > Hmm...
>  > Backdoors eh?
>  >
>  > Nice try.
>  >
>  > --
>  > razi
>  >
>  > On 3/26/08, A. Ramos <aramosf@xxxxxxxxx> wrote:
>  >
>  >> Take a look over:
>  >>  http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
>  >>
>  >>
>  >>
>  >>  2008/3/26  <zwell@xxxxxxxx>:
>  >>
>  >>
>  >>  >
>  >>  >
>  >>  >
>  >>  > Pangolin is a GUI tool running on Windows to perform as more as 
> possible
>  >>  > pen-testing through SQL injection. This version now supports following
>  >>  > databases and operations:
>  >>  >
>  >>  > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
>  >>  > Download file, Read file, File Browser...
>  >>  > * MYSQL : Server informations, Datas, Read file, Write file...
>  >>  > * ORACLE : Server informations, Datas, Accounts cracking...
>  >>  > * PGSQL : Server informations, Datas, Read file...
>  >>  > * DB2 : Server informations, Datas, ...
>  >>  > * INFORMIX : Server informations, Datas, ...
>  >>  > * SQLITE : Server informations, Datas, ...
>  >>  > * ACCESS : Server informations, Datas, ...
>  >>  > * SYBASE : Server informations, Datas, ...
>  >>  > etc.
>  >>  >
>  >>  > And supports:
>  >>  > * HTTPS support
>  >>  > * Pre-Login
>  >>  > * Proxy
>  >>  > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
>  >>  > * Bypass firewall setting
>  >>  > * Auto-analyzing keyword
>  >>  > * Detailed check optio ns
>  >>  > * Injection-points management
>  >>  > etc.
>  >>  >
>  >>  > What's the differents to the others?
>  >>  > * Easy-of-use : What I try to do is making pen-tester more care about
>  >>  > result, not the process. All you should do is clicking the buttons.
>  >>  > * Amazing Speed : so many people told you things about brute sql 
> injection,
>  >>  > is it really necessary? Forget char-by-char, we can row-by-row(of 
> cource,
>  >>  > not every injection-point can do this)?
>  >>  > * The exact check mothod : do you really think automated tools like
>  >>  > AWVS,APPSCAN can find all injection-points?
>  >>  >
>  >>  > So, whatever, just check it out, and then enjoy your feeling ;)
>  >>  > More information : http://www.nosec.org/web/index.php?q=pangolin
>  >>  > Download : http://seclab.nosec.org/security/pangolin_bin.rar
>  >>  >
>  >>  > Declare: Pangolin is designed for security testing by pen-tester when 
> he has
>  >>  > been authorized. DO NOT attack any website viciously or accept the
>  >>  > consequences!!!
>  >>  >
>  >>  >
>  >>  >
>  >>  > ________________________________
>  >>  >
>  >>  >  2008年薪水翻倍技巧
>  >>  > *用搜狗拼音写邮件,体验更流畅的中文输入>>
>  >>
>  >>
>  >>> _______________________________________________
>  >>>
>  >>  >  Full-Disclosure - We believe in it.
>  >>  >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >>  >  Hosted and sponsored by Secunia - http://secunia.com/
>  >>  >
>  >>
>  >>
>  >>
>  >>
>  >>  --
>  >>  Alejandro Ramos / Alex -- (aramosf@xxxxxxxxx)
>  >>  molling://CISSP/GWAS/CISA
>  >>  http://www.unsec.net
>  >>
>  >> _______________________________________________
>  >>  Full-Disclosure - We believe in it.
>  >>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >>  Hosted and sponsored by Secunia - http://secunia.com/
>  >>
>  >>
>  >> ------------------------------------------------------------------------
>  >>
>  >> _______________________________________________
>  >> Full-Disclosure - We believe in it.
>  >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> Hosted and sponsored by Secunia - http://secunia.com/
>
>  --
>  David Rook | david.rook@xxxxxxxxxxxxxxxxxx
>  Information Security Analyst
>
>  Realex Payments
>  Enabling thousands of businesses to sell online.
>
>  Realex Payments, Dublin, www.realexpayments.com
>  Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
>  Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538
>
>  Realex Payments, London, www.realexpayments.co.uk
>  1 Hammersmith Grove, London W6 0NB, England
>  Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264
>
>  Pay and Shop Limited, trading as Realex Payments has its registered office 
> at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is 
> registered in Ireland, company number 324929.
>
>  This mail and any documents attached are classified as confidential and
>  are intended for use by the addressee(s) only unless otherwise
>  indicated. If you are not an intended recipient of this email, you must
>  not use, disclose, copy, distribute or retain this message or any part
>  of it. If you have received this email in error, please notify us
>  immediately and delete all copies of this email from your computer
>  system(s).
>  --
>
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/