mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).
You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).
TODO (v1.0):
- fix italian language support (test platform needed)
- info mode: add logins target (master..sysxlogins) [name,dbname,password]
- brute mode: automatic login grabbing feature?
- info mode: add sys target (xtype=’S')?
- info mode: implement better types/keys dumping
- add a command execution mode via master..xp_cmdshell?
- add a privileged testing mode for post-auth vulnerabilities
It’s a fairly early version, I’ve been watching it since v0.1 – it’s a little more polished now but it’s still definitely a tool for more advanced users.
I’m sure some of you will find it useful.
Grab it here:
Subscribe to Darknet RSS Feed Stored in: Database Hacking, Hacking Tools, Web Hacking
Related Posts:
- Pangolin – Automatic SQL Injection Tool
- Whos is tonyenkiducx? Who the hell are you?
- HttpBee – Web Application Hacking Toolkit
- SQLBrute – SQL Injection Brute Force Tool
- Cross Site Scripting (XSS)
- Wapiti – Web Application Scanner / Black-box testing
| 7,282 views |
I wonder if you can add this script to the metasploit framework. First you’d have to convert the Bash script to Ruby. hmm
Why is there no email on this page? How can I reach you?
TRDQ: You could, but it’d be quite a bit of work.
J Random: What do you think the Contact Darknet link is for?
hmm any project with the word hax0r in the name is born out of boredom and pure blackhat glee
Hehe, oopsie
good tool in making… im sur eit will be a good tool once its mature enough
Very good tool for information gathwring and record dumping…
Really cool tool in security toolbox..