Insomnia: Tool Release - InsomniaShell.aspx

From: Brett Moore (brett.moore@insomniasec.com)
Date: Mon Feb 11 2008 - 21:11:15 EST


___________________________________________________________________

 Insomnia Security :: InsomniaShell.aspx
___________________________________________________________________

 Name: InsomniaShell.aspx
 Released: 12 Feb 2008
 Author: Brett Moore, Insomnia Security
 Original Link: http://www.insomniasec.com/releases/tools
___________________________________________________________________

InsomniaShell is a tool for use during penetration tests, when
you have ability to upload or create an arbitrary .aspx page.

This .aspx page is an example of using native calls through pinvoke
to provide either a reverse shell or a bind shell.

It has the added advantage of searching through all accessible
processes looking for a SYSTEM or Administrator token to use for
impersonation.

If the provider page is running on a server with a local SQL Server
instance, the shell includes functionality for a named pipe
impersonation attack. This requires knowledge of the sa password,
and results in the theft of the token that the SQL server is
executing under.
___________________________________________________________________

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT