mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script

Keep on Guard!


mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).

You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).

TODO (v1.0):

  • fix italian language support (test platform needed)
  • info mode: add logins target (master..sysxlogins) [name,dbname,password]
  • brute mode: automatic login grabbing feature?
  • info mode: add sys target (xtype=’S’)?
  • info mode: implement better types/keys dumping
  • add a command execution mode via master..xp_cmdshell?
  • add a privileged testing mode for post-auth vulnerabilities

It’s a fairly early version, I’ve been watching it since v0.1 – it’s a little more polished now but it’s still definitely a tool for more advanced users.

I’m sure some of you will find it useful.

Grab it here:

mssql-hax0r

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


7 Responses to mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script

  1. TheRealDonQuixote August 10, 2007 at 8:10 pm #

    I wonder if you can add this script to the metasploit framework. First you’d have to convert the Bash script to Ruby. hmm

  2. J Random August 12, 2007 at 5:40 pm #

    Why is there no email on this page? How can I reach you?

  3. Darknet August 13, 2007 at 8:54 am #

    TRDQ: You could, but it’d be quite a bit of work.

    J Random: What do you think the Contact Darknet link is for?

  4. Daniel August 13, 2007 at 9:30 am #

    hmm any project with the word hax0r in the name is born out of boredom and pure blackhat glee

  5. J Random August 13, 2007 at 12:10 pm #

    Hehe, oopsie

  6. Sandeep Nain August 16, 2007 at 12:54 am #

    good tool in making… im sur eit will be a good tool once its mature enough

  7. Sandeep Nain August 31, 2007 at 2:40 am #

    Very good tool for information gathwring and record dumping…
    Really cool tool in security toolbox..