There is a shiny new data extraction method in the alpha of the new release. It uses WAITFOR-based injection (slow) and DNS tunnels (fast!!). It is still a bit experimental, but it could help you in your next penetration test. You can find it in the Download. Why we decided to add a data extraction module even if lots of other tools do that already? The answer is in the FAQ page.
- Anonymous External Attack is developed by ANONYMOUS AZERBAJAN. The most popular version of this product among our users is 1.0. The product will soon be reviewed by our informers. You can check Surf Anonymous Free, Chicken Attack, Anonymous Web Surfing and other related programs like Anonymous Guest Pro at the 'download' section.
- This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in a few seconds. Download TOR’s Hammer here. PyLoris is said to be a testing tool for servers. It can be used to perform DoS attacks on a service.
- The file ANONYMOUS EXTERNAL ATTACK V1.03.EXE must be deleted from the system immediately. Kill the process ANONYMOUS EXTERNAL ATTACK V1.03.EXE and remove ANONYMOUS EXTERNAL ATTACK V1.03.EXE from the Windows startup. Are you finding a way online to stop and fix anonymous external attack.exe error on your computer?
Anonymous external attack.exe download TOOLS FOR DOWNLOAD AND INSTALLATION.Anonymous DoSer External Attack v3.2 Vercion v2.1 DoSeR Booter VolkSv1 + Port Scanner v3.0 Booter (Download Link Available Soon)-Joker IP Reserve Tool big hackpack: -RootKit Monkey (Deface Maker) Deface Creator Deface Page Maker PROTECT IP TOOLS (To be.
Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilitieson a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server,even in a very hostile environment. It should be used by penetrationtesters to help and automate the process of taking over a DB Serverwhen a SQL Injection vulnerability has been discovered.
Plus, it also streams music!! (...kudos to sid77 and smiler forbeing the first to spot the Easter Egg)
Have a look at the flash demo and then feel free to download. It is released under the GPLv3
The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:
- Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
- Data extraction, time-based or via a DNS tunnel
- Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter
- Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe
- Direct and reverse bindshell, both TCP and UDP
- DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames
- ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
- Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
- Privilege escalation to sysadmin group if 'sa' password has been found
- Creation of a custom xp_cmdshell if the original one has been removed
- TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
- Evasion techniques to confuse a few IDS/IPS/WAF
- Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
- Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM
Sqlninja is written in Perl and should runon any UNIX based platform with a Perl interpreter, as long as allneeded modules have been installed. So far it has been successfullytested on:
- Linux
- FreeBSD
- Mac OS X
- iOS
Sqlninja does not run on Windows and we are not planning a port in the near future
icesurfer
bio: I break things for a living
email: r00t .at. northernfortress .dot. net
PGP: 0x8388C385
Twitter: http://twitter.com/icesurfer
Anonymous External Attack.exe
nico
bio: just a German and world citizen
email: nico .at. leidecker .dot. info
Activists using hacking activity, aka “Hacktivists”, have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses.
“With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see that Hacktivists focus their attention on a wide variety of causes,” points out Jerome Schoner, associate at RSA DACH. “The 2016 Olympic Games in Rio, Brazil, have come to a close, and we saw that they were no different. If there is a major event with significant press coverage, it will typically draw Hacktivist attention.”
In addition to threats to the physical safety and security of people and organisations involved in these Olympic Games, cybersecurity is also a real concern.
Anton Jacobsz, MD at Networks Unlimited, the value-added distributor of RSA products in Africa, says that important lessons from the Rio Olympics can be learnt to future safeguard major sporting in Africa, such as the upcoming African Cup of Nations in Gabon. “Africa is a region that is increasingly being targeted by cyber attackers and sporting events on the continent draw large audiences,” he says.
Schonerexplains that hacktivist-related incidents aim to bring attention to several kinds of causes and have increased over the years, and some hacking groups, such as Anonymous, have been leading operations and encouraging people to join causes for several years.
Several examples include Anonymous operations #OpNice (Operation “Nice”) to “hunt” members of the terrorist group responsible for the attack on the French city which killed almost a hundred people, #OpKKK (Operation “Ku Klux Klan”) to reveal the names of up to 1,000 members of the Ku Klux Klan and other affiliated groups, #OpIcarus (Operation “Icarus”) to shut down the banks, and #OpWhales (Operation “Whales”) targeting Iceland and Japan websites against whale slaughter.
A few months ago, before the start of Rio 2016, Anonymous announced another operation called #OpOlympicHacking (Operation “Olympic Hacking”).
#OpOlympicHacking, says Schoner, has social motivation in Brazil as did #OpWorldCup (Operation “WorldCup”), launched by Anonymous during the 2014 FIFA World Cup held in Brazil, which targeted various government organisations as a form of protest against hosting the event.
The Anonymous group released the following statement #OpOlympicHacking:
“Hello Rio de Janeiro. We know that many have realized how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorates the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the blood shed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war. Poverty is spreading throughout the city, forcing entire families to leave their homes and traditional neighborhoods on account of high prices of rent and / or removals made by a corrupt city hall and serve only the wishes of the civil construction. We already manifested in other communications our repudiation to the realization of megaevents in the middle of the glaring social inequalities in this country. Still, even after so many words, so many manifestos or protests on the streets (all always fully supervised by repression, if not repressed with brutal violence) looks like the government will continue ignoring the voices of their own people. Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies.”
Two videos were also published, calling people to join #OpOlympicHacking.
Anonymous describes itself as “an Internet gathering” with “a very loose and decentralised command structure that operates on ideas rather than directives.”
The Anonymous Brasil cell is coordinating the #OpOlympicHacking operation by using communication channels like Twitter, Facebook, Youtube and ICR channels.
These channels are used to coordinate distributed denial of service (DDoS) attacks again certain targets and to publicise the results of previous attacks and campaigns.
Besides coordinating DDoS attacks against certain targets, these channels are also being used to discuss and encourage people to search for vulnerabilities in the targets.
DDoS tool (“opolympddos”)
According to Schoner, a tool to perform DDoS attacks against certain targets has been especially developed and shared for the#OpOlympicHacking operation.
“The #OpOlympicHacking DDoS tool, or “opolympddos”, is a set of executable (VB .NET and Python scripts converted to Windows executable files) and batch files. It allows anyone who wants to collaborate on the operation to perform DoS attacks by installing TOR and by clicking pre-configured buttons associated to specific targets, in order to launch Layer 7 DoS attacks against the targets. This is achieved by creating persistent connections and sending HTTP requests with random data and user-agents,” he says.
Other DDoS tools
There is evidence that other DDoS tools have also been mentioned and shared among hacktivists to perform DDoS attacks against #OpOlympicHacking targets:
A compressed file containing a set of “hacker tools”. None of these are really new as shown in the table below:
Anonymous External Attack.exe Indir
File | Compilation Time | VT first submission | Note |
Anonymous External Attack.exe | 22/03/12 11:54 | 23/03/12 09:09 | HTTP Attacker. 26 antivirus identified as “HackerTool” |
Bull-dosa.exe | 05/11/11 05:59 | 07/12/11 01:56 | DOS Tool. 21 antivirus identified as “HackerTool” |
FireFlood.exe | 21/01/12 22:03 | 22/01/12 00:20 | DOS Tool. Possible anti-virtualization techniques. |
LOIC.exe | 13/12/14 07:09 | 14/12/14 00:57 | DOS Tool with user tracking via google analytics. |
LOIC 2013.exe | 05/01/13 07:58 | 21/01/13 20:37 | |
MacStartx User Attack [ tiger ].exe | 26/10/13 06:14 | 25/10/16 11:00 | Tool offered in BR forum: hxxp://www.connect-trojan.net/2014/08/macstartx-user-attack-tiger-v461.html |
“Anonymous leaders have been sharing a list of potential targets via Pastebin posts. So far, there is evidence that the#OpOlympicHacking operation is targeting the organisations tied to scandal rumors in relation to the Olympics,” says Schoner.
A few websites have been targeted by DDoS and DoX attacks. The websites that Anonymous claims were shut down during the #OpOlympicHacking include sites pertaining to the national and local governments as well as sports organisations.
Additionally, Anonymous claims that several organisations and people related to the Olympic Games event had sensitive data exposed.
He concludes: “The volume and frequency of attacks known to date is below what RSA experts had expected and with the majority of them being related to DDoS activity, fairly low tech and of limited long-term impact. RSA researchers are continuing to monitor and identify additional threats.”