Comments on: SQLBrute - SQL Injection Brute Force Tool http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/ Ethical Hacking, Penetration Testing & Computer Security Thu, 04 Dec 2008 20:15:03 +0000 http://wordpress.org/?v=2.6.5 By: Daniel http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59175 Daniel Wed, 06 Jun 2007 05:08:10 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59175 true i didnt think of the blind aspect. i see a mash up in the furure. SQLBrute + Jikto = World Domination. automated scanning and blind SQL injection true i didnt think of the blind aspect.
i see a mash up in the furure.

SQLBrute + Jikto = World Domination.

automated scanning and blind SQL injection

]]> By: Darknet http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59173 Darknet Wed, 06 Jun 2007 04:48:57 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59173 Regular tools like Brutus can't brute force via blind SQL injection avenues like this tool is designed to do. Regular tools like Brutus can’t brute force via blind SQL injection avenues like this tool is designed to do.

]]> By: Daniel http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59161 Daniel Tue, 05 Jun 2007 22:16:56 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59161 well Bogwitch nothing you said was really incorrect, just incomplete, this thing is like brutus in python, minus telnet ftp and cgi hacking and possibly wormable. XD well Bogwitch nothing you said was really incorrect,
just incomplete, this thing is like brutus in python, minus telnet ftp and cgi hacking and possibly wormable.

XD

]]> By: Bogwitch http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59156 Bogwitch Tue, 05 Jun 2007 22:04:21 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59156 Well, that's what I get for letting my typing run away from me before I've even checked out the tool. What this tool can do goes far beyond what I achieved with Brutus (not to say Brutus /couldn't/ do it) I can only apologise and blame it on the fact that I was studying until 0215 last night and up at 0700 this morning. :) But that's just making excuses. Darknet: please feel free to delete my drivel if it suits you! Well, that’s what I get for letting my typing run away from me before I’ve even checked out the tool.
What this tool can do goes far beyond what I achieved with Brutus (not to say Brutus /couldn’t/ do it)
I can only apologise and blame it on the fact that I was studying until 0215 last night and up at 0700 this morning. :)
But that’s just making excuses.
Darknet: please feel free to delete my drivel if it suits you!

]]> By: Daniel http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59155 Daniel Tue, 05 Jun 2007 22:04:18 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59155 i agree about the smashingness of brutus. However, with this thing, being written in python i can see a self propogating worm idea. like hack a site, run some form of a perl script which runs this and then you have automated sql hacking. i agree about the smashingness of brutus. However, with this thing, being written in python i can see a self propogating worm idea. like hack a site, run some form of a perl script which runs this and then you have automated sql hacking.

]]> By: Bogwitch http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59153 Bogwitch Tue, 05 Jun 2007 21:53:28 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59153 This can all be done already with a copy of Brutus and a well formed .bad file. I've bruted and dictionaried, (whatever the hell that is), SQL servers with Brutus on several occasions. Brutus really is a smashing tool. It takes a short while to learn and it kicks the backside out of most other tools. Sort of makes this tool redundant but kudos to the programmer - you can never have enough tools. :) This can all be done already with a copy of Brutus and a well formed .bad file.
I’ve bruted and dictionaried, (whatever the hell that is), SQL servers with Brutus on several occasions.
Brutus really is a smashing tool. It takes a short while to learn and it kicks the backside out of most other tools.
Sort of makes this tool redundant but kudos to the programmer - you can never have enough tools. :)

]]> By: Sypherknife http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59111 Sypherknife Tue, 05 Jun 2007 12:25:28 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59111 Awesome, lets see what I can do with this... ...I mean, yeah, learning etc.. Awesome, lets see what I can do with this…

…I mean, yeah, learning etc..

]]> By: Torvaun http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59095 Torvaun Tue, 05 Jun 2007 07:51:41 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59095 I like it. Not that I do a lot of brute-forcing myself, but I recently ran into a situation where I'd been locked out of a database by some glitch which was never fully explained to me. I ended up running the attack manually because I didn't have this. Brute force sucks for manual hacking. I like it. Not that I do a lot of brute-forcing myself, but I recently ran into a situation where I’d been locked out of a database by some glitch which was never fully explained to me. I ended up running the attack manually because I didn’t have this.

Brute force sucks for manual hacking.

]]> By: backbone http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59091 backbone Tue, 05 Jun 2007 07:16:28 +0000 http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/#comment-59091 it seems great and all, but it laks the mysql server option... it seems great and all, but it laks the mysql server option…

]]>