Ok, you are right. [EMAIL PROTECTED] ~ % wget http://www.nosec.org/web/index.txt :( --20:23:14-- http://www.nosec.org/web/index.txt => `index.txt' Auflösen des Hostnamen »www.nosec.org«.... 218.92.8.74 Verbindungsaufbau zu www.nosec.org|218.92.8.74|:80... verbunden. HTTP Anforderung gesendet, warte auf Antwort... 200 OK Länge: 14 [text/plain]
100%[=================================================================================================================================>] 14 --.--K/s 20:23:14 (556.54 KB/s) - »index.txt« gespeichert [14/14] [EMAIL PROTECTED] ~ % cat index.txt [85.197.2.156]% °°°°snake°°°° Micheal Cottingham schrieb: > Not yet. > > C:\Users\Micheal\Research>wget http://www.nosec.org/web/index.txt > --15:12:52-- http://www.nosec.org/web/index.txt > => `index.txt' > Resolving www.nosec.org... done. > Connecting to www.nosec.org[218.92.8.74]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: 13 [text/plain] > > 100%[====================================>] 13 12.70K/s ETA > 00:00 > > 15:12:52 (12.70 KB/s) - `index.txt' saved [13/13] > > > C:\Users\Micheal\Research>cat index.txt > [84.203.3.20] > C:\Users\Micheal\Research> > > A previous attempt got me this: > > 7453375[61.178.20.90] > > On Wed, Mar 26, 2008 at 2:33 PM, Ricardo Giorgi > <[EMAIL PROTECTED]> wrote: > >> Hi Folks, >> >> Just for curiosity, did anyone of this list already tried to do a reverse >> engineering of the Pangolin's code ? >> >> Ricardo >> >> >> >>> Not me, although I did looked at it. I thought great, kiddies are going to >>> >> love this >> >>> Sent from my BlackBerryÂ(R) smartphone with SprintSpeed >>> >>> -----Original Message----- >>> From: davidrook <[EMAIL PROTECTED]> >>> >>> Date: Wed, 26 Mar 2008 17:23:03 >>> To:Razi Shaban <[EMAIL PROTECTED]> >>> Cc:[email protected], [EMAIL PROTECTED] >>> Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL >>> injector you've ever seen >>> >>> >>> I wonder how many readers of this list now have a backdoor on their >>> machine........... >>> >>> Razi Shaban wrote: >>> >>>> Hmm... >>>> Backdoors eh? >>>> >>>> Nice try. >>>> >>>> -- >>>> razi >>>> >>>> On 3/26/08, A. Ramos <[EMAIL PROTECTED]> wrote: >>>> >>>> >>>>> Take a look over: >>>>> http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c >>>>> >>>>> >>>>> >>>>> 2008/3/26 <[EMAIL PROTECTED]>: >>>>> >>>>> >>>>> >>>>>> >>>>>> Pangolin is a GUI tool running on Windows to perform as more as >>>>>> >> possible >> >>>>>> pen-testing through SQL injection. This version now supports following >>>>>> databases and operations: >>>>>> >>>>>> * MSSQL : Server informations, Datas, CMD execute, Regedit, Write >>>>>> >> file, >> >>>>>> Download file, Read file, File Browser... >>>>>> * MYSQL : Server informations, Datas, Read file, Write file... >>>>>> * ORACLE : Server informations, Datas, Accounts cracking... >>>>>> * PGSQL : Server informations, Datas, Read file... >>>>>> * DB2 : Server informations, Datas, ... >>>>>> * INFORMIX : Server informations, Datas, ... >>>>>> * SQLITE : Server informations, Datas, ... >>>>>> * ACCESS : Server informations, Datas, ... >>>>>> * SYBASE : Server informations, Datas, ... >>>>>> etc. >>>>>> >>>>>> And supports: >>>>>> * HTTPS support >>>>>> * Pre-Login >>>>>> * Proxy >>>>>> * Specify any HTTP headers(User-agent, Cookie, Referer and so on) >>>>>> * Bypass firewall setting >>>>>> * Auto-analyzing keyword >>>>>> * >>>>>> >> Detailed check optio ns >> >>>>>> * Injection-points management >>>>>> etc. >>>>>> >>>>>> What's the differents to the others? >>>>>> * Easy-of-use : What I try to do is making pen-tester more care about >>>>>> result, not the process. All you should do is clicking the buttons. >>>>>> * Amazing Speed : so many people told you things about brute sql >>>>>> >> injection, >> >>>>>> is it really necessary? Forget char-by-char, we can row-by-row(of >>>>>> >> cource, >> >>>>>> not every injection-point can do this)? >>>>>> * The exact check mothod : do you really think automated tools like >>>>>> AWVS,APPSCAN can find all injection-points? >>>>>> >>>>>> So, whatever, just check it out, and then enjoy your feeling ;) >>>>>> More information : http://www.nosec.org/web/index.php?q=pangolin >>>>>> Download : http://seclab.nosec.org/security/pangolin_bin.rar >>>>>> >>>>>> >>>>>> >> Declare: Pangolin is designed for security testing by pen-tester when he has >> >>>>>> been authorized. DO NOT attack any website viciously or accept the >>>>>> consequences!!! >>>>>> >>>>>> >>>>>> >>>>>> ________________________________ >>>>>> >>>>>> 2008å¹´è–ªæ°´ç¿»å€ æŠ€å·§ >>>>>> *ç"¨æ œç‹—拼音写é‚(R)件,ä½"éªŒæ›´æµ ç•…çš„ä¸æ–‡è¾"å…¥>> >>>>>> >>>>> >>>>>> _______________________________________________ >>>>>> >>>>>> Full-Disclosure - We believe in it. >>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Alejandro Ramos / Alex -- ([EMAIL PROTECTED]) >>>>> molling://CISSP/GWAS/CISA >>>>> http://www.unsec.net >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>> -- >>> David Rook | [EMAIL PROTECTED] >>> Information Security Analyst >>> >>> Realex Payments >>> Enabling thousands of businesses to sell online. >>> >>> Realex Payments, Dublin, www.realexpayments.com >>> Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland >>> Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538 >>> >>> Realex Payments, London, www.realexpayments.co.uk >>> 1 Hammersmith Grove, London W6 0NB, England >>> Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264 >>> >>> Pay and Shop Limited, trading as Realex Payments has its registered office >>> >> at >> >>> Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is >>> >> registered in Ireland, >> >>> company number 324929. >>> >>> This mail and any documents attached are classified as confidential and >>> are intended for use by the addressee(s) only unless otherwise >>> indicated. If you are not an intended recipient of this email, you must >>> not use, disclose, copy, distribute or retain this message or any part >>> of it. If you have received this email in error, please notify us >>> immediately and delete all copies of this email from your computer >>> system(s). >>> -- >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
