Sqlninja v.0.2.6 Released

Sqlninja v.0.2.6 Released

Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here’s what it does:  

  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
  • Bruteforce of the ‘sa’ password
  • Privilege escalation to ‘sa’
  • Creation of a custom xp_cmdshell if the original one has been disabled
  • Upload of executables
  • Reverse scan in order to look for a port that can be used for a reverse shell
  • Direct and reverse shell, both TCP and UDP
  • DNS tunneled pseudoshell, when no ports are available for a bindshell
  • ICMP tunneled shell, if the target DBMS can communicate via ICMP Echo with the attacking machine
  • Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
  • OS privilege escalation on the remote DB server using token kidnapping or through CVE-2010-0232
  • All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems

Download : http://sqlninja.sourceforge.net



  1. … [Trackback]…

    […] Read More here: seclist.wordpress.com/2011/11/07/sqlninja-v-0-2-6-released/ […]…

  2. A thoughtful opinion and ideas Ill use on my internet page. Youve certainly spent some time on this. Properly carried out!

    • just a little time. please use this thread at your page. and enjoy

Sorry, the comment form is closed at this time.

Comments RSS