mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script


mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).

You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).

TODO (v1.0):

  • fix italian language support (test platform needed)
  • info mode: add logins target (master..sysxlogins) [name,dbname,password]
  • brute mode: automatic login grabbing feature?
  • info mode: add sys target (xtype=’S’)?
  • info mode: implement better types/keys dumping
  • add a command execution mode via master..xp_cmdshell?
  • add a privileged testing mode for post-auth vulnerabilities

It’s a fairly early version, I’ve been watching it since v0.1 – it’s a little more polished now but it’s still definitely a tool for more advanced users.

I’m sure some of you will find it useful.

Grab it here:

mssql-hax0r

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


7 Responses to mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script

  1. TheRealDonQuixote August 10, 2007 at 8:10 pm #

    I wonder if you can add this script to the metasploit framework. First you’d have to convert the Bash script to Ruby. hmm

  2. J Random August 12, 2007 at 5:40 pm #

    Why is there no email on this page? How can I reach you?

  3. Darknet August 13, 2007 at 8:54 am #

    TRDQ: You could, but it’d be quite a bit of work.

    J Random: What do you think the Contact Darknet link is for?

  4. Daniel August 13, 2007 at 9:30 am #

    hmm any project with the word hax0r in the name is born out of boredom and pure blackhat glee

  5. J Random August 13, 2007 at 12:10 pm #

    Hehe, oopsie

  6. Sandeep Nain August 16, 2007 at 12:54 am #

    good tool in making… im sur eit will be a good tool once its mature enough

  7. Sandeep Nain August 31, 2007 at 2:40 am #

    Very good tool for information gathwring and record dumping…
    Really cool tool in security toolbox..