{"id":580,"date":"2007-08-10T04:54:56","date_gmt":"2007-08-10T04:54:56","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2007\/08\/mssql-hax0r-v09-multi-purpose-ms-sql-injection-script\/"},"modified":"2015-09-09T19:40:00","modified_gmt":"2015-09-09T11:40:00","slug":"mssql-hax0r-v09-multi-purpose-ms-sql-injection-script","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2007\/08\/mssql-hax0r-v09-multi-purpose-ms-sql-injection-script\/","title":{"rendered":"mssql-hax0r v0.9 &#8211; Multi-purpose MS-SQL injection script"},"content":{"rendered":"<p>[ad]<\/p>\n<p>mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).<\/p>\n<p>You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and\/or the language used by the RDBMS).<\/p>\n<p><strong>TODO (v1.0):<\/strong><\/p>\n<ul>\n<li>fix italian language support (test platform needed)<\/li>\n<li>info mode: add logins target (master..sysxlogins) [name,dbname,password]<\/li>\n<li>brute mode: automatic login grabbing feature?<\/li>\n<li>info mode: add sys target (xtype=&#8217;S&#8217;)?<\/li>\n<li>\ninfo mode: implement better types\/keys dumping<\/li>\n<li>add a command execution mode via master..xp_cmdshell?<\/li>\n<li>add a privileged testing mode for post-auth vulnerabilities<\/li>\n<\/ul>\n<p>It&#8217;s a fairly early version, I&#8217;ve been watching it since v0.1 &#8211; it&#8217;s a little more polished now but it&#8217;s still definitely a tool for more advanced users.<\/p>\n<p>I&#8217;m sure some of you will find it useful.<\/p>\n<p>Grab it here:<\/p>\n<p><!--adsense#New468--><\/p>\n<p><a href=\"http:\/\/www.0xdeadbeef.info\/code\/mssql-hax0r\">mssql-hax0r<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad] mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force). You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and\/or the [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2,9,15],"tags":[8855,2062,2186,2258,439,1235,1472,396],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/580"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=580"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/580\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}