mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script


mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).

You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).

TODO (v1.0):

  • fix italian language support (test platform needed)
  • info mode: add logins target (master..sysxlogins) [name,dbname,password]
  • brute mode: automatic login grabbing feature?
  • info mode: add sys target (xtype=’S’)?
  • info mode: implement better types/keys dumping
  • add a command execution mode via master..xp_cmdshell?
  • add a privileged testing mode for post-auth vulnerabilities

It’s a fairly early version, I’ve been watching it since v0.1 – it’s a little more polished now but it’s still definitely a tool for more advanced users.

I’m sure some of you will find it useful.

Grab it here:

mssql-hax0r

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


7 Responses to mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script

  1. TheRealDonQuixote August 10, 2007 at 8:10 pm #

    I wonder if you can add this script to the metasploit framework. First you’d have to convert the Bash script to Ruby. hmm

  2. J Random August 12, 2007 at 5:40 pm #

    Why is there no email on this page? How can I reach you?

  3. Darknet August 13, 2007 at 8:54 am #

    TRDQ: You could, but it’d be quite a bit of work.

    J Random: What do you think the Contact Darknet link is for?

  4. Daniel August 13, 2007 at 9:30 am #

    hmm any project with the word hax0r in the name is born out of boredom and pure blackhat glee

  5. J Random August 13, 2007 at 12:10 pm #

    Hehe, oopsie

  6. Sandeep Nain August 16, 2007 at 12:54 am #

    good tool in making… im sur eit will be a good tool once its mature enough

  7. Sandeep Nain August 31, 2007 at 2:40 am #

    Very good tool for information gathwring and record dumping…
    Really cool tool in security toolbox..