Description: In this video you will learn how to use WebRaider tool for Getting Meterpreter session.
So Using this WebRaider tool you will get a meterpreter session on SQL Vulnerability, lets see you want to access that whole server so basically we are using TFTP or FTP but using this tool just one click and you will get one open session so you can access all files.
Feature :-
One Click Ownage
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.
• It's only one request therefore faster,
• Simple, you don't need a tool you can do it manually by using your browser or a simple MITM proxy,
• just copy paste the payload,
• CSRF(able), It's possible to craft a link and carry out a CSRF attack that will give you a reverse shell
• It's not fixed, you can change the payload,
• It's short, Generally not more than 3.500 characters,
• Doesn't require any application on the target system like FTP, TFTP or debug.exe
• Easy to automate.
Please Read This White Paper if you are interested in this tool.
White Paper by OWASP Lead Developer Ferruh Mavituna:-
http://www.slideshare.net/fmavituna/one-click-ownage-ferruh-mavituna-3?from=ss_embed Interesting.
Download :- http://www.mavitunasecurity.com/blog/webraider
Tags: WebRaider , hacking , meterpreter , hack , sql-injection ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Fantastic tool. Thanks for sharing. :))
Great Development. This OWASP slide is on Netsparker tool. And its Paid.