Re: [sqlmap-users] --os-pwn was down last couple of days
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --os-pwn was down last couple of days
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-25 00:40:23
|
Hi, As of r3768 UPX is not part of sqlmap anymore and the --os-pwn switch has been slightly revamped. As per commit message: """ [...] Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that: * It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime. * shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product. * shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX). * UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software. [...] """ Cheers, Bernardo On 21 April 2011 12:00, Miroslav Stampar <mir...@gm...> wrote: > hi all. > > just to inform you that --os-pwn was down for last couple of days due > to a bug (if run on non-Windows platforms) with packing of payloads as > a result of our anti-virus avoiding maneuverers (UPX is falsely flaged > as virus by 10% of antivirus software, and it's quite annoying that > for example Avast triggers on official 0.9 release because of UPX). > > now everything should be back on tracks. > > kr > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
