Relik
you doing wonderful work keep it up
3.3
~~~~~~~~~~~~~
version 3.3
~~~~~~~~~~~~~
* Well, considering this a major revision since I added Ettercap custom filters to the mass client
attack. You can now specify if you want to poison a specific victim, when they go to a site, it
replaces all hrefs and when they click a link it launches a slew of exploits at the victim. Its
pretty slick. Special thanks to "BigMac" from the remote-exploit forum, he did all the hard work,
I just incorporated it into this.
* Added the Ettercap Mass Client Attack to interactive, command line, and GUI mode.
* Beware, it may be a little bit buggy, I scratch coded this after getting back from a poker game
and a few beers, I'll clean everything up next release.
* Added a quick ftgui executable, simply ./ftgui and you should be rocking and rolling in the
Fast-Track gui in the root folder.
* Changed the licensing agreement, thanks HDM for turning me to the dark side on the licensing
Fast-Track now uses the BSD licensing for everything.
* Changed the main index page around a little bit.
* Added an apt-get install for ettercap in the setup.py file, only for Ubuntu installations only
so far. If your using BT3, its already in there, no worries.
Relik
you doing wonderful work keep it up
How you spend your time is more important than how you spend your money. Money mistakes can be corrected, but time is gone forever. David Norris
!!! *ERROR* PyMills is NOT installed...This is needed for SQLPwnage. *ERROR* !!!
Would you like to install it now? yes or no: yes
Installing PyMills Python Module
python: can't open file 'setuptools.py': [Errno 2] No such file or directory
--02:55:01-- hxxp://pypi.python.org/packages/source/p/pymills/pymills-3.4.tar.gz
=> `pymills-3.4.tar.gz'
...
Installed /usr/lib/python2.5/site-packages/pymills-3.4-py2.5.egg
Processing dependencies for pymills==3.4
PyMills Installed..
Re-checking dependency
Something went wrong during the installation process, try installing PyMills manually...
Also ensure ProFTP, WinEXE, and SQLite3 is installed from
the Updates/Installation menu.
*WARNING* Your system is missing some components required for Fast-Track.. *WARNING*
I am aware of how SQL injection works and I have studied SQL in college for the last 4 years.
My question is how does the sql pawnage work to get shell code to run on a vulnerable server?
If someone could shed some light on theses details, it would help me understand this better. It could also be a nice addition to the thread for other people.
We use the debug method to convert hexadecimal into binary, but this is only a fraction of it. We first pop a stager on the system that is basically a hex to binary conversion tool that we echo into a file and convert it using our stager.
version
What operating system are you using, is this on BackTrack??Originally Posted by SBerry
Good morning relik, think you wanted to Quote badboycc's post (Only for appreciation)
Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:
* post your question to a forum where it's off topic
* post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
* cross-post to too many different newsgroups
* post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem
fair play Relik,
Just wanted to get the idea of what I was doing when running it. I understand the concepts of heap and buffer attacks just was wondering how it worked under the hood.
I am aware it only works on mssql
If you were to run it on lets say an Oracle SQL server, what would be the outcome? Would it crash the server?
Nothing should happen at all since the xp_cmdshell stored proc is windows only..
~~~~~~~~~~~~~
version 3.4
~~~~~~~~~~~~~
* Well, had a nice nine hour flight to Italy for business, figured this was as good of a time as
any to finally tackle the horrible looking output from a shell generated through SQL bruter. In
older versions the output from the shell was spitting out raw SQL data from the underlying operating
system. It looked pretty bad, almost unreadable. I finally cleaned it up and looks like a normal
shell now. This wasn't an easy feat, I had to break up the array to a string then use regular
expressions to parse through each line and replace bogus characters and do normal formatting. This
has been a known issue since the birth of Fast-Track, I'm very excited that its finally looking
great. Enjoy.
* Small change, I dynamically generate the version numbers now in menu and command line mode, before
you may have noticed it said Version 3 and never changed with different versions. Now its showing
the correct version numbers every update.
* Changed the changelog.txt and credits.txt to CREDITS and CHANGELOG. Also modified credits to be
up to date.
* Fixed a bug where going to About in menu mode would cause Fast-Track to crash.
* Added error handling if Fast-Track Web GUI if the port was already in use.
* Removed the Shikata Ga Nai encoding from Fast-Track's SQLPWANGE, it was causing issues
on some systems with corruptable executabls.
* Added better cleanup in SQLPwnage to remove H2B files as soon as the conversion to binary
is completed.
* Added a "browse" button to the wordlist specification in sql bruter and in binary to hex generator.
Before you had to manually specify the wordlist or file to convert, now you just hit the browse button
and navigate to it.
* Changed the timeout with no internet connection for identifying an IP address to 2 seconds instead of
the default of 8 on SQLPwnage.
* Changed the directories where SQLPwnage does its conversions from binary to hex to the appdata folder.
My plan is to make all information go into the appdata folder and noowhere else. A lot easier for cleanup.
* Created a "version" directory in bin that handles what version number Fast-Track is on for the menu mode
and command line mode.
* Added some cool stuff to the SQL Bruter, once a system gets popped with the "sa" account, Fast-Track will
now allow you to specify what type of payload you want. For example, you can use the normal command shell
but we also incorporated the 64kb debug bypass attack that uploads a metasploit reverse vnc or reverse
meterpreter to the system without having to upload anything. Pretty slick feature that I haven't seen in
any SQL bruters before.
Posting Permissions