Re: Volatile Worm

From: p1g (killfactory@gmail.com)
Date: Thu Feb 14 2008 - 20:00:11 EST

• Next message: Nikhil Wagholikar: "Re: PPP authentication brute-force attack?"
• Previous message: inode: "Tool - RunAsUser v0.5 released"
• In reply to: Rafael Silva: "Volatile Worm"
• Next in thread: Kish Pent: "Re: Volatile Worm"
• Reply: Kish Pent: "Re: Volatile Worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Am i only one that is hesitant to execute a worm on a customers network?

I noticed that no one has replied.

On 2/11/08, Rafael Silva <listas@geekworld.com.br> wrote:
> Hello everyone,
>
> I'm here to publish a tool that exploits the concept of web
> application worms.
> It's not a brand new thing but I hope to help sysadmins and the
> security community.
> Volatine Worm is a web worm for MSSQL web applications vulnerable to
> SQL Injection and forces
> them into executing store procedures like xp_cmdshell.
>
> The concept of this worm is pretty simple: Find vulnerable hosts in an
> automated fashion searching
> in Google for URLs like:
>
> news.asp
> noticias.asp
> comments.asp
> ...
>
> When the worm finds a potential vulnerable application it tests if it
> is flawed by simply appending
> a single quote in the URL. It analyzes the error code returned to
> determine if it is running MSSQL.
> If it succedes to find a MSSQL, the worm issues a 'ping' command using
> xp_cmdshell, performing
> a phone home. Then you can test a lot of things like setup a ftp
> server and send any file to the
> vulnerable host.
>
> Feel free to improve the code.
>
> Download: http://www.rfdslabs.com.br/volatile.txt
>
>
>
>
>
> rfds@gland:~/codes/volatile$ perl volatile.pl -h
>
> Volatile [Automatic SQL Injection Exploit]
> Written by rfds and hash
>
> use volatile.pl [-h|-q <query>|-w <walk>|-d <device>|-i <ip>]
>
> -h: print this help
> -q: the magic query string [required]
> -w: rounds per search [required]
> -d: external device [required]
> -i: the device's ip [required]
>
> happy hacking
> rfds@gland:~/codes/volatile$
>
>
> Cheers,
> -Rafael Silva
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
  ,,__
o"     )~  oink oink
   ' ' ' '
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Nikhil Wagholikar: "Re: PPP authentication brute-force attack?"
• Previous message: inode: "Tool - RunAsUser v0.5 released"
• In reply to: Rafael Silva: "Volatile Worm"
• Next in thread: Kish Pent: "Re: Volatile Worm"
• Reply: Kish Pent: "Re: Volatile Worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:24 EDT