sqlninja 0.1.2 Released for Download – SQL Injection Tool

Use Netsparker


sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment.

It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. It is written in PERL and runs on Unix-like boxes.

Features

  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability)
  • Bruteforce of ‘sa’ password
  • Privilege escalation to ‘sa’ if its password has been found
  • Creation of a custom xp_cmdshell if the original one has been disabled
  • Upload of netcat.exe (or any other executable) using only 100% ASCII GET/POST requests, so no need for FTP connections
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames

What’s New?

  • Test mode, that checks whether the configuration is correct and the injection is successful
  • Debug option, which allows to print SQL commands and raw HTTP request/response data. Useful when things are not working and you want to see what’s going on under the hood
  • Files are uploaded to %TEMP%, bypassing possible write restrictions
  • A simplified way to configure the injection parameters
  • Interactive config file generation

You can find it, together with a flash demo of its features, at the address:

http://sqlninja.sourceforge.net

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


3 Responses to sqlninja 0.1.2 Released for Download – SQL Injection Tool

  1. Bogwitch February 9, 2009 at 7:41 pm #

    Is it just me, or has the quality of comments deteriorated since Darknet stopped the commenter of the month competition?

  2. Darknet February 10, 2009 at 8:50 am #

    Bogwitch: I think quality varies, those commenting during the contest disappeared after winning anyway so in the long run we just gained a bunch of fly by night commenters. Those here before the contest are still here after it.

  3. navin February 10, 2009 at 1:40 pm #

    ahem, did I hear sum1 say zupakomp??razta’s not around much anymore….neither is pantagruel….sirhenry,therealdonquixote,backbone all disappeared…..or hibernating…..

    but yeah I get bogwitch’s point….now its more of n00b comments like why is it not working….. forgive me if this hurts, these are just retarded comments!! :)