Skip to main content


Showing posts with the label

MSSQL .NET sysobjects Cheatsheet - Viewing and Creating Sysobjects

The following in formation should be valid for MSSQL 2005 and 2008. Sysobject creation is best handled using the GUI available at $WINDOWS\Microsoft.NET\Framework\$version_number\aspnet_regsql.exe. Under some circumstances, this may not be possible or preferable. In those circumstances, the following queries can assist you. To view all installed sysobjects for the database, run the following query, replacing DBNAME with the name of the relevant database: use DBNAME go select * from sysobjects where xtype ='P' and name like 'aspnet_%' Sysobject creation scripts are specific to the object. The script below will create aspnet_SchemaVersions: CREATE PROCEDURE [dbo].aspnet_CheckSchemaVersion    @Feature                   nvarchar(128),    @CompatibleSchemaVersion   nvarchar(128) AS BEGIN IF (EXISTS( SELECT  *                FROM dbo.aspnet_SchemaVersions                WHERE   Feature = LOWER( @Feature ) AND                        CompatibleSchemaVersion =

ASPY.a - Malware Source Identified as Blackhat Control Panel Developer

I've spotted a trojan/shell exploit that targets ASP.NET named ASPY.a making the rounds again recently. By no means a 0-day or brand new bit of malware, ASPY.a has been around for about 2 years . It takes advantage of vulnerable ASP scripts, uploads itself to a web server and in unpatched systems that lack sensible permissions policies and the latest updates, it can grant remote attackers administrator access. Microsoft Security Essentials will catch it, however I've seen at least one version of Symantec that does not completely remove compromised files - with Symantec server-level compromise was prevented, but the website itself remained controllable. So why am I writing a post about a 2 year old piece of malware? The story here is that the circulation appears to be driven by a developer based in Russia that sells "server control panel" (панель управления сервером, управление) software for novices tasked with IIS-based website management. The name of the company is

Decrypting Data That Has Been Encrypted by ASP.NET

A colleague of mine let me know about an easy way to use .NET's decryption mechanism from the command line. From the directory of the framework version, issue the following command (replace filename and path where appropriate): C:\WINDOWS\Microsoft.NET\ Framework\v2.0.50727>aspnet_ regiis -pdf "filename" D:\path\ Encrypting configuration section... Succeeded! Neat!