Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 52

Thread: Fast-Track Version 3.2.1

  1. #11
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default 3.3

    ~~~~~~~~~~~~~
    version 3.3
    ~~~~~~~~~~~~~
    * Well, considering this a major revision since I added Ettercap custom filters to the mass client
    attack. You can now specify if you want to poison a specific victim, when they go to a site, it
    replaces all hrefs and when they click a link it launches a slew of exploits at the victim. Its
    pretty slick. Special thanks to "BigMac" from the remote-exploit forum, he did all the hard work,
    I just incorporated it into this.
    * Added the Ettercap Mass Client Attack to interactive, command line, and GUI mode.
    * Beware, it may be a little bit buggy, I scratch coded this after getting back from a poker game
    and a few beers, I'll clean everything up next release.
    * Added a quick ftgui executable, simply ./ftgui and you should be rocking and rolling in the
    Fast-Track gui in the root folder.
    * Changed the licensing agreement, thanks HDM for turning me to the dark side on the licensing
    Fast-Track now uses the BSD licensing for everything.
    * Changed the main index page around a little bit.
    * Added an apt-get install for ettercap in the setup.py file, only for Ubuntu installations only
    so far. If your using BT3, its already in there, no worries.

  2. #12
    Junior Member
    Join Date
    Aug 2007
    Posts
    85

    Default

    Relik
    you doing wonderful work keep it up
    How you spend your time is more important than how you spend your money. Money mistakes can be corrected, but time is gone forever. David Norris

  3. #13
    Junior Member
    Join Date
    Feb 2008
    Posts
    26

    Default

    !!! *ERROR* PyMills is NOT installed...This is needed for SQLPwnage. *ERROR* !!!
    Would you like to install it now? yes or no: yes
    Installing PyMills Python Module
    python: can't open file 'setuptools.py': [Errno 2] No such file or directory
    --02:55:01-- hxxp://pypi.python.org/packages/source/p/pymills/pymills-3.4.tar.gz
    => `pymills-3.4.tar.gz'
    ...
    Installed /usr/lib/python2.5/site-packages/pymills-3.4-py2.5.egg
    Processing dependencies for pymills==3.4
    PyMills Installed..
    Re-checking dependency
    Something went wrong during the installation process, try installing PyMills manually...

    Also ensure ProFTP, WinEXE, and SQLite3 is installed from
    the Updates/Installation menu.
    *WARNING* Your system is missing some components required for Fast-Track.. *WARNING*

  4. #14
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    I am aware of how SQL injection works and I have studied SQL in college for the last 4 years.

    My question is how does the sql pawnage work to get shell code to run on a vulnerable server?

    If someone could shed some light on theses details, it would help me understand this better. It could also be a nice addition to the thread for other people.

  5. #15
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    We use the debug method to convert hexadecimal into binary, but this is only a fraction of it. We first pop a stager on the system that is basically a hex to binary conversion tool that we echo into a file and convert it using our stager.

  6. #16
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default version

    Quote Originally Posted by SBerry View Post
    I am aware of how SQL injection works and I have studied SQL in college for the last 4 years.

    My question is how does the sql pawnage work to get shell code to run on a vulnerable server?

    If someone could shed some light on theses details, it would help me understand this better. It could also be a nice addition to the thread for other people.
    What operating system are you using, is this on BackTrack??

  7. #17
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Quote Originally Posted by relik View Post
    What operating system are you using, is this on BackTrack??
    Good morning relik, think you wanted to Quote badboycc's post (Only for appreciation)
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  8. #18
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    fair play Relik,

    Just wanted to get the idea of what I was doing when running it. I understand the concepts of heap and buffer attacks just was wondering how it worked under the hood.

    I am aware it only works on mssql

    If you were to run it on lets say an Oracle SQL server, what would be the outcome? Would it crash the server?

  9. #19
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    Nothing should happen at all since the xp_cmdshell stored proc is windows only..

  10. #20
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    ~~~~~~~~~~~~~
    version 3.4
    ~~~~~~~~~~~~~
    * Well, had a nice nine hour flight to Italy for business, figured this was as good of a time as
    any to finally tackle the horrible looking output from a shell generated through SQL bruter. In
    older versions the output from the shell was spitting out raw SQL data from the underlying operating
    system. It looked pretty bad, almost unreadable. I finally cleaned it up and looks like a normal
    shell now. This wasn't an easy feat, I had to break up the array to a string then use regular
    expressions to parse through each line and replace bogus characters and do normal formatting. This
    has been a known issue since the birth of Fast-Track, I'm very excited that its finally looking
    great. Enjoy.
    * Small change, I dynamically generate the version numbers now in menu and command line mode, before
    you may have noticed it said Version 3 and never changed with different versions. Now its showing
    the correct version numbers every update.
    * Changed the changelog.txt and credits.txt to CREDITS and CHANGELOG. Also modified credits to be
    up to date.
    * Fixed a bug where going to About in menu mode would cause Fast-Track to crash.
    * Added error handling if Fast-Track Web GUI if the port was already in use.
    * Removed the Shikata Ga Nai encoding from Fast-Track's SQLPWANGE, it was causing issues
    on some systems with corruptable executabls.
    * Added better cleanup in SQLPwnage to remove H2B files as soon as the conversion to binary
    is completed.
    * Added a "browse" button to the wordlist specification in sql bruter and in binary to hex generator.
    Before you had to manually specify the wordlist or file to convert, now you just hit the browse button
    and navigate to it.
    * Changed the timeout with no internet connection for identifying an IP address to 2 seconds instead of
    the default of 8 on SQLPwnage.
    * Changed the directories where SQLPwnage does its conversions from binary to hex to the appdata folder.
    My plan is to make all information go into the appdata folder and noowhere else. A lot easier for cleanup.
    * Created a "version" directory in bin that handles what version number Fast-Track is on for the menu mode
    and command line mode.
    * Added some cool stuff to the SQL Bruter, once a system gets popped with the "sa" account, Fast-Track will
    now allow you to specify what type of payload you want. For example, you can use the normal command shell
    but we also incorporated the 64kb debug bypass attack that uploads a metasploit reverse vnc or reverse
    meterpreter to the system without having to upload anything. Pretty slick feature that I haven't seen in
    any SQL bruters before.

Page 2 of 6 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •