SQL Server Injection Tool

There is a tool available for your hacker toolkit called Sqlninja. Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:

  • Linux
  • FreeBSD
  • Mac OS X
  • iOS

Sqlninja does not run on Windows and they are not planning a port in the near future.

SQL Injection

Sqlninja’s behaviour is controlled via the configuration file (default: sqlninja.conf), which tells sqlninja what to attack and how (target host, vulnerable page, exploit strings, …), and some command line options, which tell sqlninja what action to perform. These command line options are the following:

  • -m <attack mode> : specifies the attack mode. Basically, tells sqlninja what to do. Possible values are:
    • test
    • fingerprint
    • bruteforce
    • escalation
    • resurrectxp
    • upload
    • dirshell
    • backscan
    • revshell
    • dnstunnel
    • icmpshell
    • metasploit
    • sqlcmd
    • getdata
  • -v : verbose output
  • -f <configuration file> : specifies a configuration file to use.
  • -p <‘sa’ password> : used in escalation mode to add current DB user to the sysadmin group, and in other modes to run the query as administrator, if the DB user does not belong to such group. This option is rarely used, as bruteforce mode by default adds the DB user to the sysadmin group when the ‘sa’ password is found. For more information about when to use this parameter, refer to the escalation mode
  • -w <wordlist> : wordlist to use in bruteforce mode
  • -g : combined with upload mode, generate debug script and exit
  • -d <debug mode> : activates debug, to see what is going on under the hood. Possible values are:
    • 1 : print each SQL command that is being injected
    • 2 : print each HTTP request that is sent to the target
    • 3 : print each HTTP response that is received from the target
    • all : all of the above

You can get more information here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s