{"id":863,"date":"2008-05-30T07:51:18","date_gmt":"2008-05-30T07:51:18","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=863"},"modified":"2015-09-09T19:39:26","modified_gmt":"2015-09-09T11:39:26","slug":"sqlninja-023-released-advanced-automated-sql-injection-tool-for-ms-sql","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2008\/05\/sqlninja-023-released-advanced-automated-sql-injection-tool-for-ms-sql\/","title":{"rendered":"sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL"},"content":{"rendered":"
[ad]<\/p>\n
We’ve been folowing the development of sqlninja<\/a> since the early days, it’s growing into a well matured and more polished tool with advanced features.<\/p>\n Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.<\/p>\n Features<\/strong><\/p>\n Fancy going from a SQL Injection to a full GUI access on the DB server? What about extracting password hashes on the fly? Take a few SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have the latest release of sqlninja! See it in action here<\/a>.<\/p>\n What’s new in 0.2.3?<\/strong><\/p>\n You can download sqlninja 0.2.3 here:<\/p>\n\n
\n