[ad]
mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).
You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).
TODO (v1.0):
- fix italian language support (test platform needed)
- info mode: add logins target (master..sysxlogins) [name,dbname,password]
- brute mode: automatic login grabbing feature?
- info mode: add sys target (xtype=’S’)?
- info mode: implement better types/keys dumping
- add a command execution mode via master..xp_cmdshell?
- add a privileged testing mode for post-auth vulnerabilities
It’s a fairly early version, I’ve been watching it since v0.1 – it’s a little more polished now but it’s still definitely a tool for more advanced users.
I’m sure some of you will find it useful.
Grab it here:
TheRealDonQuixote says
I wonder if you can add this script to the metasploit framework. First you’d have to convert the Bash script to Ruby. hmm
J Random says
Why is there no email on this page? How can I reach you?
Darknet says
TRDQ: You could, but it’d be quite a bit of work.
J Random: What do you think the Contact Darknet link is for?
Daniel says
hmm any project with the word hax0r in the name is born out of boredom and pure blackhat glee
J Random says
Hehe, oopsie
Sandeep Nain says
good tool in making… im sur eit will be a good tool once its mature enough
Sandeep Nain says
Very good tool for information gathwring and record dumping…
Really cool tool in security toolbox..