sqlninja v0.1.2 released - sqlserver injection and takeover
sqlninja is a specialized tool for exploiting SQL injection bugs in web applications that use Microsoft SQL server as a backend.
The main goal of this program is to provide shell access on the target database server, even in a very hostile environment. sqlninja can help the penetration tester to automate the process of taking over a database server once an SQL injection vulnerability has been discovered.
v0.1.2 features include:
- SQL server fingerprinting and enumeration of user privileges
- sa account bruteforce and privilege escalation
- custom xp_cmdshell creation
- custom executable upload using only HTTP requests
- reverse tcp/udp portscan of the attacking machine to find an open port for reverse tunneling
- forward and reverse bindshell ability, tcp and udp supported
- DNS command tunneling / psuedo shell - covert channel - bypass firewall restrictions.
For a quick overview of what sqlninja is all about you can check out this flash demo.
sqlninja is written in perl and should run on any UNIX platform with a perl interpreter, as long as all needed modules have been installed. sqlninja is released by the author icesurfer under the GPL v2 license.
0 comments:
Post a Comment