It’s been 2 years, but a new version of sqlninja is out at Sourceforge, we wrote about the previous release back in 2008 and we’ve actually been following this tool since 2006! Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main […]
Tags: attacking microsoft sql server, attacking ms-sql, automated sql injection, bruteforce ms-sql, bruteforce sa password, Database Hacking, fingerprinting sql, hacking, Hacking Tools, hacking-database, hacking-ms-sql, hacking-websites, ids evasion, microsoft sql server, ms-sql, ms-sql-security, netcat, sql-injection, sqli, sqlninja, Web Hacking, web-application-security, web-application-testing, xp_cmdshell
Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution. This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL […]
Tags: database-security, hacking microsoft sql server, hacking-databases, hacking-ms-sql, microsoft security, microsoft sql server vulnerability, ms-sql, ms-sql vulnerability, sp_replwritetovarbin, sp_replwritetovarbin bug, sql server 2000, SQL-Server-2005
Posted in: Database Hacking, Exploits/Vulnerabilities, Windows Hacking | Add a Comment
We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features. Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a […]
Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of […]
mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force). You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language […]
Piggy is yet another tool for performing online password guessing against Microsoft SQL servers. It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations). It’s a pretty simple tool and has a Win32 binary verson – it is a command line tool however.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Piggy v1.0.1 by patrik@cqure.net -------------------------------- usage: piggy [options] options: -u [username] - Single username -p [password] - Single password -s [server] - Single server -S [srvfile] - File containing ip/hostnames -D [dicfile] - File containing passwords -A [accounts] - File containing username;password combinations -N - Do not check availability before scan -v verbose - Verbose logging |
You can […]
