sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end.
It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell even with paranoid firewall settings.
It is written in perl and runs on UNIX-like boxes.
Here’s a list of what it does so far:
- Upload of nc.exe (or any other executable) using the good ol’ debug script trick
- TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
- Direct and reverse bindshell, both TCP and UDP
- DNS-tunneled pseudoshell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames
Being an alpha version and since it was originally supposed to be just a quick&dirty toy for a pentest, there are lots of bugs waiting to be found and fixed so go ahead and download it ! 
More tunneling options (e.g.: HTTP, SMTP, …) will be added in the future together.
You can read more and download sqlninja here:
http://sqlninja.sourceforge.net/
Subscribe to Darknet RSS Feed Stored in: Database Hacking, Hacking Tools
Related Posts:
- sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL
- sqlninja 0.2.2 Released for Download – SQL Injection Tool
- sqlninja 0.1.2 Released for Download – SQL Injection Tool
- sqlninja 0.2.1-r1 – SQL Injection Tool for MS-SQL Released for Download
- Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool
- MySqloit – SQL Injection Takeover Tool For LAMP
| 13,885 views |
[...] Sqlninja (Perl) – Coolest name, in my opinion… [...]