fasttrack
关注
分享
扫一扫
feier7501
这个作者很懒,什么都没留下…
展开
-
MSSQL2K - SQL Injector - Query String Parameter Attack获得反向cmdshell
上次没有成功获得cmdshell,因为fasttrack没有这方面的代码,这次编写了server.py。原来的博客链接:http://blog.youkuaiyun.com/feier7501/article/details/9220495import socketHOST = ''PORT = 4444s = socket.socket(socket.AF_INET, socket原创 2013-07-07 16:55:25 · 1624 阅读 · 0 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack结合netcat获得反向cmdshell
fasttrack操作:root@bt:~# cd /pentest/exploits/fasttrack/root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i****************************************************** Performing dependency checks...原创 2013-07-08 20:23:10 · 1145 阅读 · 0 评论 -
SQL Injector - POST Parameter Attack
login.jsp如下:<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>Register user username: password: bt5上操作如下:root@bt:/pentest/exploits/fasttrack原创 2013-07-08 21:32:47 · 1362 阅读 · 0 评论 -
SQL Injector - GET Manual Setup Binary Payload Attack
bt5上操作: ***************************************************************** ** ** ** Fast-Track - A new beginning...原创 2013-07-08 21:43:26 · 1043 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force(未完待续)
在BT5R3上,需要修改文件/pentest/exploits/fasttrack/config/fasttrack_config,改为:METASPLOIT_PATH=/opt/metasploit/app/否则会找不到msfcli。然后进入fasttrack进行操作:root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i原创 2013-07-08 23:06:58 · 1124 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force 续2——原因
今晚再次调试,发现生成的h2b.exe无法运行,这个文件用来把hex转换成bin,而且后面的代码,似乎也有问题: print "Metasploit payload delivered.." print "Converting our payload to binary, this may take a few..." query5=("""xp_c原创 2013-07-10 22:49:55 · 911 阅读 · 0 评论 -
fasttrack的SQLPwnage(失败)
这次也是失败的,操作如下:root@bt:/pentest/exploits/fasttrack# ./fast-track.py -iFast-Track Main Menu: 1. Fast-Track Updates 2. Autopwn Automation 3. Nmap Scripting Engine 4. Microsoft SQL原创 2013-07-11 21:08:24 · 1044 阅读 · 0 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack
操作如下:root@root:/pentest/exploits/fasttrack# ./fast-track.py -i****************************************************** Performing dependency checks... *******************************************原创 2013-07-01 23:11:52 · 1106 阅读 · 0 评论