Archive | Database Hacking

Advertisements


03 August 2010 | 25,673 views

Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and […]

Continue Reading


14 July 2010 | 9,156 views

Andiparos – Open Source Web Application Security Assessment Tool

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the […]

Continue Reading


07 July 2010 | 17,315 views

Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. Features Full support for GET/Post/Cookie Injection Full support for HTTP Basic, Digest, NTLM and Certificate authentications Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, […]

Continue Reading


15 June 2010 | 10,662 views

Onapsis Bizploit – ERP Penetration Testing Framework

Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of […]

Continue Reading


18 May 2010 | 11,794 views

sqlninja v0.2.5 Released – Microsoft SQL Server (MS-SQL) SQL Injection Vulnerability Tool

It’s been 2 years, but a new version of sqlninja is out at Sourceforge, we wrote about the previous release back in 2008 and we’ve actually been following this tool since 2006! Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main […]

Continue Reading


19 April 2010 | 8,977 views

Netsparker Community Edition – Web Application Security Scanner

Netsparker is a Web Application Security Scanner that claims to be False-Positive Free. The developers thought that if you need to investigate every single identified issue manually what’s the point of having an automated scanner? So they developed a new technology which can confirm vulnerabilities on demand which allowed us to develop the first false […]

Continue Reading


10 March 2010 | 11,144 views

WebRaider – Automated Web Application Exploitation Tool

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload. It’s […]

Continue Reading


10 February 2010 | 8,441 views

GreenSQL – Open Source Database Firewall Software

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands […]

Continue Reading


18 January 2010 | 8,764 views

Microsoft SQL Server Fingerprint Tool – BETA4

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server. The “Microsoft SQL Server Fingerprint […]

Continue Reading


03 September 2009 | 18,250 views

MySqloit – SQL Injection Takeover Tool For LAMP

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the […]

Continue Reading


Advertisements