Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!Sqlninja is a tool targeted to exploit SQL Injection vulnerabilitieson a web application that uses Microsoft SQL Server as its back-end.Its main goal is to provide a remote access on the vulnerable DB server,even in a very hostile environment. It should be used by penetrationtesters to help and automate the process of taking over a DB Serverwhen a SQL Injection vulnerability has been discovered.Plus, it also streams music!! (...kudos to sid77 and smiler forbeing the first to spot the Easter Egg)Have a look at the flash demo and then feel free to download. It is released under the GPLv3
New package: Sqlninja
Fancy going from a SQL Injection on Microsoft SQL Server toa full GUI access on the DB? Take a few new SQL Injectiontricks, add a couple of remote shots in the registry todisable Data Execution Prevention, mix with a little Perlthat automatically generates a debug script, put all thisin a shaker with a Metasploit wrapper, shake well and youhave just one of the attack modules of sqlninja!
The sqlninja tool can help us exploit SQL injection flaws in an application that use Microsoft SQL as the backend database. The main purpose of using the Sqlninja tool is to control the database server through a SQL injection flaw. The Sqlninja tool is a Perl-based database assessment tool that may be found in Kali under Applications Database Assessments. The Sqlninja tool is designed to exploit an injection flaw to acquire shell access to the database server, not to identify the presence of an injection flaw.
sqlninja is a SQL Injection on Microsoft SQL Server to a full GUI access. sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Full information regarding this tool can be found on
0day, abuse, account, adminfinder, aircrack-ng, aireplay-ng, airgeddon, airodump-ng, andrax, androspy, anonymous, apt2, arp poisoning, b11, b3x, b4bomber, backdoor, badmod, beef, black-hydra, blazy, bluespy, bomber, brutal, brute, bruteforce, brutex, bully, burp suite, call, catphish, cloner, combogen, combos, cowpatty, crack, cracking, credmap, cyberscan, d00r, dark-fb, darkfly, ddos, decompile, deface, demozz, devploit, disassemble, discord, dmitry, dsniff, eagleeye, easy_hack, eggshell, email, evilginx, exploit, exploitdb, eyewitness, facebook, faraday, findsploit, firefly, flood, followers, free, fsociety, genvirus, gmail, goldeneye, grabber, h4ck, hack, hacker, hacklock, hakkuframework, hashcat, hemera, hidden eye, i2p, infect, infoga, insta-bf, instagram, instahack, intercept, ipdrone, ip-tracer, johntheripper, kali linux, kalimux, katanaframework, kismet, krack, lazybee, lazymux, lazysqlmap, lazy-termux, lucifer, maltego, malware, maskphish, masscan, mbomb, mdk3, mdk4, metasploit, meterpreter, mitm, mitmproxy, morpheus, mrphish, msf, netattack, nethunter, netscan, nexphisher, nikto, nmap, nmbf, onex, osif, osint, oxidtools, parrot os, password, paybag, payload, pentesting, phishing, phoneinfoga, ping, powersploit, pwn, pyrit, rainbow tables, rang3r, rat, ravana, reaver, recovery, red hawk, root, routersploit, rpcscan, saycheese, setoolkit, shellcode, shellnoob, shodan, skipfish, slowloris, sms, sms bomber, sn1per, socialbox, socialfish, spam, spammer, spazsms, spy, sql injection, sqlmap, sqlninja, sslstrip, striker, tbomb, telegram, th3inspector, thc-hydra, thc-ipv6, thebond, the-eye, thefatrat, theharvester, tool-x, tor, trojan, udp flood, umbrella, virus, vpn, vulnerability, vulnscan, vulscan, webscarab, websploit, webspoilt, weeman, wep, whatsapp, wi-fi, wifi, wifibrutecrack, wifigod, wifi-hacker, wifiphisher, wifitap wifite, wirespy, wordlist, wpa2, wpa3, wps, wpscan, xerxes, xss, xsser, xsstrike, youtube, zirikatu, zphisher. 2ff7e9595c
Comments