sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end.
It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell even with paranoid firewall settings.
It is written in perl and runs on UNIX-like boxes.
Here’s a list of what it does so far:
- Upload of nc.exe (or any other executable) using the good ol’ debug script trick
- TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
- Direct and reverse bindshell, both TCP and UDP
- DNS-tunneled pseudoshell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames
Being an alpha version and since it was originally supposed to be just a quick&dirty toy for a pentest, there are lots of bugs waiting to be found and fixed so go ahead and download it ! :)
More tunneling options (e.g.: HTTP, SMTP, …) will be added in the future together.
You can read more and download sqlninja here:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- 1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms
- sqlninja v0.2.5 Released – Microsoft SQL Server (MS-SQL) SQL Injection Vulnerability Tool
- sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL
- sqlninja 0.2.2 Released for Download – SQL Injection Tool
Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 67,902 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,662 views
- Absinthe Blind SQL Injection Tool/Software - 38,813 views