Archive | Database Hacking


04 July 2014 | 4,238 views

ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want [...]

Continue Reading


14 May 2014 | 1,692 views

Navy Sys Admin Hacks Into Databases From Aircraft Carrier

So this story caught my eye and I found it pretty interesting as it reads like something out of a Tom Clancy novel crossed with a bunch of script kiddies, a Navy Sys Admin has been charged with conspiracy to hack – the interesting part was that he hacked the Navy (whilst working there..) and [...]

Continue Reading


06 November 2013 | 2,230 views

aidSQL – PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem [...]

Continue Reading


29 August 2012 | 4,374 views

1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms

Seems like some hactivists have been working hard, 1 million accounsts were leaked over the weekend from some pretty serious sources by the group Team GhostShell – who are affiliated with Anonymous. It seems like these weren’t particularly complex or technically adept multi-layer attacks, they were carried out via the most common avenue – SQL [...]

Continue Reading


28 June 2012 | 10,900 views

The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. All you need to do is provide a vulnerable URL and a valid string on the site you are testing and The Mole will detect the injection and exploit it, either by using the union technique or a boolean query based technique. We did mention The [...]

Continue Reading


12 June 2012 | 17,158 views

MySQL 1 Liner Hack Gives Root Access Without Password

The latest news that has hit the streets is the occurence of the easiest hack ever, if you have local shell access (any user privelege level) and you can connect to MySQL – you can get root access to MySQL within a few seconds. I tried this yesterday on one of my servers on Ubuntu [...]

Continue Reading


15 February 2012 | 21,998 views

xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers. The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers. Features Test for weak password fast; Test for wear/user [...]

Continue Reading


19 December 2011 | 16,118 views

MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool

MysqlPasswordAuditor is the FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications. If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you [...]

Continue Reading


01 December 2011 | 31,514 views

The Mole – Automatic SQL Injection SQLi Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command [...]

Continue Reading


21 November 2011 | 13,516 views

sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more…Whenever [...]

Continue Reading