___________________________________________________________________
Insomnia Security :: InsomniaShell.aspx
___________________________________________________________________
Name: InsomniaShell.aspx
Released: 12 Feb 2008
Author: Brett Moore, Insomnia Security
Original Link: http://www.insomniasec.com/releases/tools
___________________________________________________________________
InsomniaShell is a tool for use during penetration tests, when
you have ability to upload or create an arbitrary .aspx page.
This .aspx page is an example of using native calls through pinvoke
to provide either a reverse shell or a bind shell.
It has the added advantage of searching through all accessible
processes looking for a SYSTEM or Administrator token to use for
impersonation.
If the provider page is running on a server with a local SQL Server
instance, the shell includes functionality for a named pipe
impersonation attack. This requires knowledge of the sa password,
and results in the theft of the token that the SQL server is
executing under.
___________________________________________________________________
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Feb 11 2008
Intro
