Chinese Injection Tools

| | Comments (0)
I came across a Chinese site earlier today:

cnsql0.jpg
Click to Enlarge

Apart from the snazzy Neo picture, it's also harbouring an MS SQL injection tool. I love stumbling across sites like this, because there's no easy way to tell if the site is legitimate, if it's a penetration test tool, something designed to be malicious or they just have a thing for Neo and hacking.

Anyway.

Setting aside the issues of "this tool can be used for evil, as well as good" I thought it might be interesting to take a look at what it does. After a while, I found a Flash demonstration of the program going through its paces, but frankly had no idea what was going on. After checking with a colleague, I think I have a pretty reasonable play by play account of what's happening. I could be horribly wrong, of course.

Warning: lots of Chinese text coming your way.

Let's kick things off with a look at the program itself:

cnsql1.jpg
Click to Enlarge

I think the word I'm looking for here is "impenetrable". This next shot is an image of someone attempting to get the name of the database via asking it through http. Unfortunately for them, it doesn't work. Drama!

cnsql2.jpg
Click to Enlarge

At this point, they fire up the program. The next picture is our wily hacker trying to find out what kind of database the target is running:

cnsql3.jpg
Click to Enlarge

He quickly discovers the target is running a Microsoft MSSQL server:

cnsql4.jpg
Click to Enlarge

In the next image, he's digging around in the site to find out various bits and pieces of information he can use to his advantage:

cnsql5.jpg
Click to Enlarge

Finally, here's a shot of our persistent offender creating an .asp page on the target server:

cnsql6.jpg
Click to Enlarge

As you can imagine, uploading files directly onto the server is not a particularly good thing to have happen.

At this point, our bumpy ride into the wilds of Chinese injection tools ends abruptly, due to the Flash animation refusing to play past the above screenshot. I'm still trying to find out if the program was created by a legit security outfit for penetration testing or if it's Black Hats all the way.

Fun while it lasted, though....

Additional Research: Chris Mannon, Sr. Threat Engineer

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on March 10, 2009 8:10 PM.

Text Message Phishing Currently On The Radar was the previous entry in this blog.

Get The Message? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.