Commit 4d754794 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.2.6-r1

parents
==================
sqlninja changelog
==================
Version 0.2.6-r1
+ Corrected STUPID bug in fingerprinting (doh!)
Verion 0.2.6
+ Added ICMP shell
+ Added support for CVE-2010-0232 (KiTrap0d)
+ Added header-based injection
+ Removed conf file autogen (unsuited to new way to configure injection)
+ Bug fixes
Version 0.2.5
+ Added HTTP proxy support
+ Upload mode supports multiple script lines per request
+ Upload mode supports files larger than 64k
+ SSL is enabled by default for 443, disabled for 80
+ SSL is now disabled by default (unless port is 80 of course)
+ Added switch for HTTP/1.0 and HTTP/1.1
+ Support for token kidnapping via churrasco.exe
+ Incorporated makescr.pl into the main program
+ DEP checking/disabling is now optional
+ Added support for msfencode
+ Added fingerprint of user running SQL Server
Version 0.2.3-r1
+ Added unobfuscated SQL in debug output
+ Fixed a bug in the Metasploit module
+ Fixed a few minor bugs
Version 0.2.3
+ Added metasploit module
+ Added makescr.pl
+ Dirshell module now allows to specify an alternate host
Version 0.2.2
+ Added evasion techniques
+ Added single command mode
+ Added diagnostics to upload mode
+ Upload mode handles scripts generated by (hopefully) all tools
+ Automatic URL-encoding now performed only on the injected query
+ Minor optimizations and fixes
Version 0.2.1
+ Added fingerprint of authentication mode
Version: 0.2.0
+ Added incremental bruteforce mode
+ Escalation is automatically performed at the end of the bruteforce
+ In escalation mode, '-u' is not needed anymore
+ Documentation now in HTML format (and WYSIWYG editors really suck)
+ A few minor fixes
Version: 0.1.3
+ Optimized bruteforce mode
+ Exploit strings now accepts spaces
+ Comment ("--") is appended at user's discretion
+ Default domain name set to 250, to cope with crappy DNS servers that do not follow the RFCs
+ Doubled the 'check sa' queries to avoid false positives
+ Minor bugfixes
Version: 0.1.2
+ Added test mode
+ Added debug option
+ Upload to directory %TEMP%
+ Added interactive generation of conf file
+ Simplified parameters: now same params for GET and POST
+ Sqlninja automatically appends '--' at the end of the query
+ Use of equal signs minimized (sometimes they get filtered...)
+ Print warning message when error detected in the response
+ Minor bugfixes
Version: 0.1.1
+ Added fingerprint mode
+ Added bruteforce mode
+ Added escalation mode
+ Added resurrectxp mode
+ Changed command syntax
+ Fixed post request syntax
+ Added URL-Encoding
+ DNS Server bind on 0.0.0.0
- Removed ssql mode
+ A whole bunch of other minor fixes
Version: 0.1.0alpha
+ Added dnstunnel mode (a good reason for the huge versioning leap)
+ ssql mode is now mode 6
+ Number of lines to upload at each request has been fixed to 40. This should
be allright for most situations
+ nc.scr compressed with upx (http://upx.sourceforge.net)
+ Other fixes to upload function
+ Fixes to the config file parsing function
+ A few other minor changes
Version: 0.0.3
+ Used "\r\n" in HTTP requests instead of "\n", as IIS6 seems to be picky
about it
Version: 0.0.2
+ Added birthday function
+ Added friendly messages when missing modules
+ No more "vhost" parameter. The virtual host header is simply included in the
other headers, if needed
+ Increased CheckSSL() socket timeout
+ Added Net::RawIP module to use linkoffset function and make sqlninja usable
on every datalink type (and NetPacket::Ethernet isn't needed anymore)
+ Randomized UNIX socket name
+ Added EUID checks
+ Fixed a bug on the UDP reverse shell function
+ Minor bugfixes
This diff is collapsed.
You can find the full documentation in sqlninja-howto.html
Please read throught it before asking questions, as it explains everything
that you need to know in order to have lots of fun with sqlninja.
Enjoy ! :)
-- icesurfer
File added
File added
File added
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
K 25
svn:wc:ra_dav:version-url
V 46
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco
END
stdafx.h
K 25
svn:wc:ra_dav:version-url
V 55
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/stdafx.h
END
Churrasco.sln
K 25
svn:wc:ra_dav:version-url
V 60
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/Churrasco.sln
END
Churrasco.cpp
K 25
svn:wc:ra_dav:version-url
V 60
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/Churrasco.cpp
END
Churrasco.ncb
K 25
svn:wc:ra_dav:version-url
V 60
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/Churrasco.ncb
END
stdafx.cpp
K 25
svn:wc:ra_dav:version-url
V 57
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/stdafx.cpp
END
Churrasco.vcproj
K 25
svn:wc:ra_dav:version-url
V 63
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/Churrasco.vcproj
END
ReadMe.txt
K 25
svn:wc:ra_dav:version-url
V 57
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/ReadMe.txt
END
Churrasco.suo
K 25
svn:wc:ra_dav:version-url
V 60
/svnroot/sqlninja/!svn/ver/4/sources/Churrasco/Churrasco.suo
END
10
dir
37
https://sqlninja.svn.sourceforge.net/svnroot/sqlninja/sources/Churrasco
https://sqlninja.svn.sourceforge.net/svnroot/sqlninja
2010-08-15T13:35:59.558964Z
4
icesurfer
3c228130-4c30-41b4-856f-b5e7a9f059f6
stdafx.h
file
2010-08-27T17:26:34.000000Z
8fad2ab6b35563ac36298433df4926c5
2010-08-15T13:35:59.558964Z
4
icesurfer
501
Churrasco.sln
file
2010-08-27T17:26:34.000000Z
a8e4ed1e315d85075811844d0a981960
2010-08-15T13:35:59.558964Z
4
icesurfer
907
Churrasco.cpp
file
2010-08-27T17:26:34.000000Z
9fc9bdca11922cecaacbed552161b4bb
2010-08-15T13:35:59.558964Z
4
icesurfer
10878
Churrasco.ncb
file
2010-08-27T17:26:34.000000Z
ebfa652da76c6af4613ef66fe11bd0e8
2010-08-15T13:35:59.558964Z
4
icesurfer
has-props
52224
stdafx.cpp
file
2010-08-27T17:26:34.000000Z
64b9cc2db680d3065e577dcfc133341c
2010-08-15T13:35:59.558964Z
4
icesurfer
296
Churrasco.vcproj
file
2010-08-27T17:26:34.000000Z
91f00cf3257c6f6690f2d20c20299d19
2010-08-15T13:35:59.558964Z
4
icesurfer
3921
ReadMe.txt
file
2010-08-27T17:26:34.000000Z
47a4950eac0d36d71d713e739943990d
2010-08-15T13:35:59.558964Z
4
icesurfer
1316
Churrasco.suo
file
2010-08-27T17:26:34.000000Z
f6a2767fae5fb28502add5cdd33f97de
2010-08-15T13:35:59.558964Z
4
icesurfer
has-props
9216
K 13
svn:mime-type
V 24
application/octet-stream
END
K 13
svn:mime-type
V 24
application/octet-stream
END
This diff is collapsed.
Microsoft Visual Studio Solution File, Format Version 8.00
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Churrasco", "Churrasco.vcproj", "{2075A6C0-B92A-4A0A-B217-11980E210873}"
ProjectSection(ProjectDependencies) = postProject
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfiguration) = preSolution
Debug = Debug
Release = Release
EndGlobalSection
GlobalSection(ProjectConfiguration) = postSolution
{2075A6C0-B92A-4A0A-B217-11980E210873}.Debug.ActiveCfg = Debug|Win32
{2075A6C0-B92A-4A0A-B217-11980E210873}.Debug.Build.0 = Debug|Win32
{2075A6C0-B92A-4A0A-B217-11980E210873}.Release.ActiveCfg = Release|Win32
{2075A6C0-B92A-4A0A-B217-11980E210873}.Release.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
EndGlobalSection
GlobalSection(ExtensibilityAddIns) = postSolution
EndGlobalSection
EndGlobal
This diff is collapsed.
========================================================================
CONSOLE APPLICATION : Churrasco Project Overview
========================================================================
AppWizard has created this Churrasco application for you.
This file contains a summary of what you will find in each of the files that
make up your Churrasco application.
Churrasco.vcproj
This is the main project file for VC++ projects generated using an Application Wizard.
It contains information about the version of Visual C++ that generated the file, and
information about the platforms, configurations, and project features selected with the
Application Wizard.
Churrasco.cpp
This is the main application source file.
/////////////////////////////////////////////////////////////////////////////
Other standard files:
StdAfx.h, StdAfx.cpp
These files are used to build a precompiled header (PCH) file
named Churrasco.pch and a precompiled types file named StdAfx.obj.
/////////////////////////////////////////////////////////////////////////////
Other notes:
AppWizard uses "TODO:" comments to indicate parts of the source code you
should add to or customize.
/////////////////////////////////////////////////////////////////////////////
// stdafx.cpp : source file that includes just the standard includes
// Churrasco.pch will be the pre-compiled header
// stdafx.obj will contain the pre-compiled type information
#include "stdafx.h"
// TODO: reference any additional headers you need in STDAFX.H
// and not in this file
// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently, but
// are changed infrequently
//
#pragma once
#define _WIN32_WINNT 0x0502
#include "winsock2.h"
#include "windows.h"
#include "stdio.h"
#include "Iphlpapi.h"
#include <psapi.h>
#include "Ntsecapi.h"
#include "txdtc.h"
#include "xolehlp.h"
#include <iostream>
#include <tchar.h>
// TODO: reference additional headers your program requires here
This diff is collapsed.
Microsoft Visual Studio Solution File, Format Version 8.00
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Churrasco", "Churrasco.vcproj", "{2075A6C0-B92A-4A0A-B217-11980E210873}"
ProjectSection(ProjectDependencies) = postProject
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfiguration) = preSolution
Debug = Debug
Release = Release
EndGlobalSection
GlobalSection(ProjectConfiguration) = postSolution
{2075A6C0-B92A-4A0A-B217-11980E210873}.Debug.ActiveCfg = Debug|Win32
{2075A6C0-B92A-4A0A-B217-11980E210873}.Debug.Build.0 = Debug|Win32
{2075A6C0-B92A-4A0A-B217-11980E210873}.Release.ActiveCfg = Release|Win32
{2075A6C0-B92A-4A0A-B217-11980E210873}.Release.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
EndGlobalSection
GlobalSection(ExtensibilityAddIns) = postSolution
EndGlobalSection
EndGlobal
This diff is collapsed.
This diff is collapsed.
// stdafx.cpp : source file that includes just the standard includes
// Churrasco.pch will be the pre-compiled header
// stdafx.obj will contain the pre-compiled type information
#include "stdafx.h"
// TODO: reference any additional headers you need in STDAFX.H
// and not in this file
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment