again a fine reliz from rel1k
keep up the good work
More changes...
Updated the movie a bit to reflect some of the recent changes in Fast-Track
http://www.securestate.com/files/fas...fasttrack.html
Also, im releasing another large update here within the next couple of days. I rewrote the SQL injector portion to do binary payloads instead of having to use FTP!!! I still kept the FTP stuff in there, but you do not have to rely off of a separate egress connection anymore!
So basically:
A reverse shell is converted from binary to hex..
The string is split up into multiple http requests
The hex is echo'ed into a text file
debug is ran to convert to an executable on victim
Reverse executable created, and executed to remote attacker
Thanks Muts for the idea!
ReLiK
again a fine reliz from rel1k
keep up the good work
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
Same issue
I actually also posted on the other thread. I am having the exact same problem. If you resolved it I would really appreciate it if you can let me on the secret. Thanks. If not.....BUMP!!!
---------
Originally Posted by dapirates1
I am running bt3 and when i run updated fast track like the video my autopwn stops when it gets to here.[*] Binding to 12345778-1234-abcd-ef00-0123456789ab:0.0@ncacn_np:192.168.1.64[\lsarpc] ...[*] Bound to 12345778-1234-abcd-ef00-0123456789ab:0.0@ncacn_np:192.168.1.64[\lsarpc] ...
it does nothing for about 5 minutes. Then my bt3 crashes and i have to reboot. Does anybody else get this. I might try on my bt2
I posted in the autopwn/fast-track thread in tutorial section but was told to post here.
Have you tried running autopwn seperately to see if it is fast-track that is doing this? It doesn't do it on my BT3 beta install, it successfull goes through everything, including that specific exploit... Try running autopwn without using Fast-Track and seeing if it works.
Additionally 1.9 has been released, has some MAJOR changes in it. I added binary payload delivery through sql injection, no longer need FTP as a median to reverse something off. Added a mass sql brute forcer with wordlists. and much more... Change log below:
~~~~~~~~~~~~~
version 1.9
~~~~~~~~~~~~~
* Wow it works! Added binary payload delivery for the SQL Injector..Fast-Track
now uploads a reverse shell through an actual HTTP request now instead of relying
off of FTP to transfer a from our server. I kept the FTP portion in there incase
anyone still needed to use that specific function or for some reason the binary
upload wasn't working, but this new addition rocks!
* Broke everything up into multiple menus in SQL Injector, now has four different
menues ranging from binary payload auto, ftp auto, binary payload manual, ftp manual,
and string generator.
* Fixed a small bug in auto update.
* Changed a few issues with the FTP brute forcer
* Cleaned up some code
* Changed the wordlist brute forcer for SQL to use rstrip() instead of [:-1] incase of
spaces. Much more efficent and was causing inconsistancies with wordlists that had
spaces at the end of them.
* Changed some menu handling
* Changed the mass brute forcer in SQL to add a couple more passwords
* Changed some stuff in the service menu that was messed up
* Changed some of the tutorials to reflect changes
* Added a "mass" option in the sql brute forcer, you can now scan any subnet you want
and run brute force attacks with dictionaries on them automatically. As soon as one
successfully is brute forced, it jumps you right into a shell. Nice!!
* Fixed where you couldn't enter /cidr notations in the ip ranges in the sql brute forcer,
you can now specify 192.168.1.1/16 or /24, or whatever.
* Added it so when you do the mass wordlist brute, or the small wordlist brute, it
automatically spawns you a shell if guessed, no longer have to go to the seperate menu
to enter the shell.
* Cleaned up the small sql brute quite a bit
* Cleaned up some of the "look and feel" on the menus
* This really should be a new release with all the changes/additions, but for now going
to release it as 1.9 and not 2.0 yet until it goes through bugtesting.
Nice one Rel1k
Just happened to me too, and I can confirm it was because I lost internet connectionOriginally Posted by spankdidly
- Poul Wittig
YUP. I lost internet running fast-track and it wiped out the file. Veddy Odd. I'll get an ethernet cord with a clip this time.Just happened to me too, and I can confirm it was because I lost internet connection
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
I apologize. I did not means to insinuate that it is the fault of fast-track. No it happens when I run autopwn on it's own to. It actually happened under Windows too. Can't figure out why...
I am running fast-track on four machines and have never had the issue.
2 toshiba satellites
sony vaio
asus eeepc
Nice one rel1k I cant wait to get home and update
Posting Permissions