Posts Tagged ‘Metasploit’

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal
. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Able, and many more.

New in V2

This version has a bunch of new stuff all around. One major addition to the project is Forge. This tool facilitates a simple point-and-click installation for adding even more distributions to Katana Bootable. This new version also adds the Computer Aided Investigative Environment (CAINE) for a live forensics environment and Kon-Boot for bypassing password. Much effort was placed on the installation of additional applications to the Katana Tool Kit. These new applications include Metasploit, NMAP, Cain & Able, John the Ripper, Cygwin, and more.

Bootable

* BackTrack
* the Ultimate Boot CD
* CAINE
* Ultimate Boot CD for Windows
* Ophcrack Live
* Puppy Linux
* Trinity Rescue Kit
* Clonezilla
* Darik’s Boot and Nuke (DBAN)
* Kon-Boot

A full list of the tools available is here.

You can download Katana v2 here:

Torrent – katana-v2.0.torrent
Direct – katana-v2.0.rar

Or read more here.

PoC to generate Reverse TCP backdoors, running Autorun or LNK USB infections, but also dumping all USB files remotely on multiple targets at the same time. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET (The Social Engineering Toolkit). The Meterpreter script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

usbsploit-0.3-BETA-linux-i686.tar.gz

more info

http://extraexploit.blogspot.com/2010/01/iexplorer-0day-cve-2010-0249.html

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Have a look at the flash demo and then feel free to download it.

Features

The full documentation can be found in the tarball and also here, but here’s a list of what the Ninja does:

  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
  • Bruteforce of ‘sa’ password (in 2 flavors: dictionary-based and incremental)
  • Privilege escalation to sysadmin group if ‘sa’ password has been found
  • Creation of a custom xp_cmdshell if the original one has been removed
  • Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
  • Evasion techniques to confuse a few IDS/IPS/WAF
  • Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection

Platforms supported

Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:

  • Linux
  • FreeBSD
  • Mac OS X

Sqlninja does not run on Windows.

http://sqlninja.sourceforge.net/