mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).
You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).
- fix italian language support (test platform needed)
- info mode: add logins target (master..sysxlogins) [name,dbname,password]
- brute mode: automatic login grabbing feature?
- info mode: add sys target (xtype=’S')?
- info mode: implement better types/keys dumping
- add a command execution mode via master..xp_cmdshell?
- add a privileged testing mode for post-auth vulnerabilities
It’s a fairly early version, I’ve been watching it since v0.1 – it’s a little more polished now but it’s still definitely a tool for more advanced users.
I’m sure some of you will find it useful.
Grab it here:
Recent in Database Hacking:
- The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool
- MySQL 1 Liner Hack Gives Root Access Without Password
- xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL
- Patator – Multi Purpose Brute Forcing Tool
- Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws
- Pangolin – Automatic SQL Injection Tool
Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 64,952 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,247 views
- Absinthe Blind SQL Injection Tool/Software - 38,123 views