Page 1 of 6 123 ... LastLast
Results 1 to 10 of 52

Thread: Fast-Track Version 3.2.1

  1. #1
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default Fast-Track Version 3.2.1

    Some awesome stuff released since 3.1, heres an update (btw we presented on some new additions at Defcon)

    ~~~~~~~~~~~~~
    version 3.2
    ~~~~~~~~~~~~~
    * Some major updates, two of the guys here from SecureState "Leroy" and "Sasquatch" and myself wrote
    some pretty awesome stuff and added a new tool called SQLPwnage. It's pretty amazing, auto crawl an
    entire site or subnet, identify SQL Injection, both error based and blind based, and drop a payload.
    Even better, we bypass the debug 64kb limit by dropping a tiny payload that is essentially just a straight
    hex to raw binary converter that allows us to bypass the filesize limit we ran into before. So now theres
    multiple payloads i.e. Metasploit reverse tcp VNC Injection, Meterpreter, our own newly customized Reverse
    TCP Payload which has a custom packer by Whipsmack of SecureState and doesn't get picked up by AV yet, all
    through SQL Injection. It has been added to all menus, including the web GUI. This is the tool we are demoing
    at Defcon and not releasing until after. So if your reading this, its in the future!
    * Just note that SQLPwnage is SUPER buggy, we have spent a long time developing this but it still may have
    massive bugs. Please send feedback to dkennedy@securestate.com with any issues you might have.
    ~~~~~~~~~~~~~
    version 3.2.1
    ~~~~~~~~~~~~~
    * Fixed keyboard interrupt errors when crawling in SQLPwnage
    * Fixed major bug when converting using debug
    * Rewrote how the web front-end handles menus and displays it
    dynamically now so I don't have to manually go through each web
    page and change the menus when I add a new tool.
    * Converted menu mode autopwn to use ftsrc centralized source code
    * Converted SQL Injector Binary Payload Menu Mode to centralized source code
    * Converted SQL FTP Payload Menu Mode to centralized source code
    * Converted SQL Manual Setup Menu Mode to centralized source code
    * Converted SQL Injector Binary Payload POST Menu Mode to centralized source code
    * Converted Metasploit Mass Client Attack Menu Mode to centralized source code
    * Converted BinaryPayloadGen Menu Mode to centralized source code
    * Set Socket Connect timeouts when trying to get interface IP address to 2 seconds
    instead of default 15 seconds.
    * Set H2B 64KB Bypass and Payload Delivery through SQLInjector to split chunks every
    100 chars to fix GET methods when attacking form parameters.
    * Added a breakpoint after exploitation for cleanup in SQLPwnage
    * Rewrote changelog in web gui to dynamically pull changes from changelog.txt in README
    instead of having to enter in two spots.
    * Update script extracts tarball into a fasttrack folder instead of extracting all
    files inside the same folder.
    * Fixed a small error message in SQLPwnage when files were not there
    * Fixed version info in setup.py for pymills 3.4, thanks jgor!

  2. #2
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by relik View Post
    Some awesome stuff released since 3.1, heres an update (btw we presented on some new additions at Defcon)

    ~~~~~~~~~~~~~
    version 3.2
    ~~~~~~~~~~~~~
    * Some major updates, two of the guys here from SecureState "Leroy" and "Sasquatch" and myself wrote
    some pretty awesome stuff and added a new tool called SQLPwnage. It's pretty amazing, auto crawl an
    entire site or subnet, identify SQL Injection, both error based and blind based, and drop a payload.
    Even better, we bypass the debug 64kb limit by dropping a tiny payload that is essentially just a straight
    hex to raw binary converter that allows us to bypass the filesize limit we ran into before. So now theres
    multiple payloads i.e. Metasploit reverse tcp VNC Injection, Meterpreter, our own newly customized Reverse
    TCP Payload which has a custom packer by Whipsmack of SecureState and doesn't get picked up by AV yet, all
    through SQL Injection. It has been added to all menus, including the web GUI. This is the tool we are demoing
    at Defcon and not releasing until after. So if your reading this, its in the future!
    * Just note that SQLPwnage is SUPER buggy, we have spent a long time developing this but it still may have
    massive bugs. Please send feedback to dkennedy@securestate.com with any issues you might have.
    ~~~~~~~~~~~~~
    version 3.2.1
    ~~~~~~~~~~~~~
    * Fixed keyboard interrupt errors when crawling in SQLPwnage
    * Fixed major bug when converting using debug
    * Rewrote how the web front-end handles menus and displays it
    dynamically now so I don't have to manually go through each web
    page and change the menus when I add a new tool.
    * Converted menu mode autopwn to use ftsrc centralized source code
    * Converted SQL Injector Binary Payload Menu Mode to centralized source code
    * Converted SQL FTP Payload Menu Mode to centralized source code
    * Converted SQL Manual Setup Menu Mode to centralized source code
    * Converted SQL Injector Binary Payload POST Menu Mode to centralized source code
    * Converted Metasploit Mass Client Attack Menu Mode to centralized source code
    * Converted BinaryPayloadGen Menu Mode to centralized source code
    * Set Socket Connect timeouts when trying to get interface IP address to 2 seconds
    instead of default 15 seconds.
    * Set H2B 64KB Bypass and Payload Delivery through SQLInjector to split chunks every
    100 chars to fix GET methods when attacking form parameters.
    * Added a breakpoint after exploitation for cleanup in SQLPwnage
    * Rewrote changelog in web gui to dynamically pull changes from changelog.txt in README
    instead of having to enter in two spots.
    * Update script extracts tarball into a fasttrack folder instead of extracting all
    files inside the same folder.
    * Fixed a small error message in SQLPwnage when files were not there
    * Fixed version info in setup.py for pymills 3.4, thanks jgor!
    Sounds very exciting brother! Can't wait to try out SQLPwnage, that's going to be a massive tool on any tester's toolbelt.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  3. #3
    Junior Member azagorath's Avatar
    Join Date
    Mar 2008
    Posts
    44

    Default

    nice tool reliK , SQLPwnage is working only on MSSQL correct?

  4. #4
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default correct

    Quote Originally Posted by azagorath View Post
    nice tool reliK , SQLPwnage is working only on MSSQL correct?
    Yep the whole attack is based on MSSQL back-ends with the xp_cmdshell stored proc.

  5. #5
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    ~~~~~~~~~~~~~
    version 3.2.2
    ~~~~~~~~~~~~~
    * Changed dependency check to include PyMills and BeautifulSoup
    * Added BeautifulSoup installation to setup.py install script
    * Changed setup.py install script around a bit, cleaned it up, etc.
    * Added a dependency check on SQLPwnage to check for PyMills and BeautifulSoup or it will exit.
    * Changed some things around in SQLPwnage, added some more information.

  6. #6
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Yesterday I did a update from whatever came with BT3F to 3.2.1. I just did a update from 3.2.1 to 3.2.2. fast-track still says version 3
    #cd /pentest/fast-track
    #./fast-track -i
    Fast-Track Main Menu:

    Fast-Track - Where speed really does matter...
    Version: 3
    Written by: David Kennedy (ReL1K)
    http://www.securestate.com

    1. Fast-Track Updates
    2. External Hacking
    3. Internal Hacking
    4. Exploits
    5. SQLPwnage (NEW)
    6. BackTrack Server Services
    7. Tutorials
    8. Changelog
    9. Credits
    10. About
    11. Exit

    Enter the number:

    Shouldn't version be 3.2.2?
    I like the bleeding edge, but I don't like blood loss

  7. #7
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default not yet

    Quote Originally Posted by bofh28 View Post
    Yesterday I did a update from whatever came with BT3F to 3.2.1. I just did a update from 3.2.1 to 3.2.2. fast-track still says version 3
    #cd /pentest/fast-track
    #./fast-track -i
    Fast-Track Main Menu:

    Fast-Track - Where speed really does matter...
    Version: 3
    Written by: David Kennedy (ReL1K)
    http://www.securestate.com

    1. Fast-Track Updates
    2. External Hacking
    3. Internal Hacking
    4. Exploits
    5. SQLPwnage (NEW)
    6. BackTrack Server Services
    7. Tutorials
    8. Changelog
    9. Credits
    10. About
    11. Exit

    Enter the number:

    Shouldn't version be 3.2.2?
    I haven't started putting specific versioning information in the menu/gui/command line mode, it still technically is version 3, just an updated version of it. It has been on the plans to do that, and is easy just haven't gotten around to it yet... I need to centralize it so i only change it once and it pushes it to all the menus and stuff...I'll get around to it!

  8. #8
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by relik View Post
    I haven't started putting specific versioning information in the menu/gui/command line mode, it still technically is version 3, just an updated version of it. It has been on the plans to do that, and is easy just haven't gotten around to it yet... I need to centralize it so i only change it once and it pushes it to all the menus and stuff...I'll get around to it!
    Not a problem. I just thought it should be something you know.

    Thanks for some great software.
    I like the bleeding edge, but I don't like blood loss

  9. #9
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default more change

    ~~~~~~~~~~~~~
    version 3.2.3
    ~~~~~~~~~~~~~
    * Removed the killing of anti-virus during SQL Injection, all of our attacks get past any AV
    anyways so no need to kill something that doesn't block us
    * Fixed a bug with SQL Bruter if the IP address was completely full like 192.168.233.232 it would
    attack .23 instead of .232.
    * Fixed a bug where SQL Bruter would display a blank "sa" account twice, in the small brute
    force list I had two spaces specified instead of one.
    * Fixed a bug in SQLPwnage where strange characters being passed in the URL field would cause
    SQLPwange to crash and throw an exception.
    * Fixed a bug in SQLPwnage where unhandled parameters would cause an exception string error and
    cause SQLPwnage to crash.
    * Added some cool stuff with the Metasploit Mass Client Attack, added payloads so you can now
    specify meterpreter, reverse vnc injects, reverse tcp shells, and bind shells, really cool stuff.
    Its all in the interactive mode, command line mode and web gui now, enjoy and test out.

  10. #10
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    ~~~~~~~~~~~~~
    version 3.2.4
    ~~~~~~~~~~~~~
    * Fixed an UnIndexed Error exception in SQLPwnage that would cause a crash.
    * Fixed once SQLPwnage was finished in menu mode, by hitting enter, would cause Fast-Track to hang.
    * Fixed in menu mode where if you ran one of the tools in the menu, you would have to exit out and
    restart Fast-Track to use the same tool again.
    * Added better error handling in SQLPwnage
    * Fixed in SQL Bruter where if no SQL Servers were found, it would exit the menu mode completely and
    the user would be required to restart Fast-Track.
    * Cleaned up menu mode some more and moved some code to centralized ftsrc library

Page 1 of 6 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •