Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've e

from [davidrook] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
Date: Wed, 26 Mar 2008 17:23:03 +0000 
I wonder how many readers of this list now have a backdoor on their 
machine...........

Razi Shaban wrote:

Hmm...
Backdoors eh?

Nice try.

--
razi

On 3/26/08, A. Ramos <aramosf@unsec.net> wrote:
  

Take a look over:
 http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c



 2008/3/26  <zwell@sohu.com>:

    
 >
 >
 >
 > Pangolin is a GUI tool running on Windows to perform as more as possible
 > pen-testing through SQL injection. This version now supports following
 > databases and operations:
 >
 > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
 > Download file, Read file, File Browser...
 > * MYSQL : Server informations, Datas, Read file, Write file...
 > * ORACLE : Server informations, Datas, Accounts cracking...
 > * PGSQL : Server informations, Datas, Read file...
 > * DB2 : Server informations, Datas, ...
 > * INFORMIX : Server informations, Datas, ...
 > * SQLITE : Server informations, Datas, ...
 > * ACCESS : Server informations, Datas, ...
 > * SYBASE : Server informations, Datas, ...
 > etc.
 >
 > And supports:
 > * HTTPS support
 > * Pre-Login
 > * Proxy
 > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
 > * Bypass firewall setting
 > * Auto-analyzing keyword
 > * Detailed check optio ns
 > * Injection-points management
 > etc.
 >
 > What's the differents to the others?
 > * Easy-of-use : What I try to do is making pen-tester more care about
 > result, not the process. All you should do is clicking the buttons.
 > * Amazing Speed : so many people told you things about brute sql 
injection,
 > is it really necessary? Forget char-by-char, we can row-by-row(of cource,
 > not every injection-point can do this)?
 > * The exact check mothod : do you really think automated tools like
 > AWVS,APPSCAN can find all injection-points?
 >
 > So, whatever, just check it out, and then enjoy your feeling ;)
 > More information : http://www.nosec.org/web/index.php?q=pangolin
 > Download : http://seclab.nosec.org/security/pangolin_bin.rar
 >
 > Declare: Pangolin is designed for security testing by pen-tester when he 
has
 > been authorized. DO NOT attack any website viciously or accept the
 > consequences!!!
 >
 >
 >
 > ________________________________
 >
 >  2008åèæçåæå
 > *çæçæéåéäïäéææççäæèå>>

    

_______________________________________________
      

 >  Full-Disclosure - We believe in it.
 >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 >  Hosted and sponsored by Secunia - http://secunia.com/
 >




 --
 Alejandro Ramos / Alex -- (aramosf@unsec.net)
 molling://CISSP/GWAS/CISA
 http://www.unsec.net

_______________________________________________
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

    
------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-- 
David Rook | david.rook@realexpayments.com
Information Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Realex Payments, Dublin, www.realexpayments.com
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538

Realex Payments, London, www.realexpayments.co.uk
1 Hammersmith Grove, London W6 0NB, England
Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264

Pay and Shop Limited, trading as Realex Payments has its registered office at 
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in 
Ireland, company number 324929.

This mail and any documents attached are classified as confidential and
are intended for use by the addressee(s) only unless otherwise
indicated. If you are not an intended recipient of this email, you must
not use, disclose, copy, distribute or retain this message or any part
of it. If you have received this email in error, please notify us
immediately and delete all copies of this email from your computer
system(s). 
--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, Razi Shaban
Next by Date:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen, josh
Previous by Thread:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, Razi Shaban
Next by Thread:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen, josh
Indexes:  [Date] [Thread] [Top] [All Lists]