Penetration Testing mailing list archives
sqlninja 0.1.0alpha released
From: "A.R." <r00t () northernfortress net>
Date: Sat, 24 Jun 2006 01:33:29 +0200
Hello fellow pen-testers, a first version of sqlninja has been released at the address http://sqlninja.sourceforge.net sqlninja is a little toy that has been coded during a couple of pen-tests we lately did and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end. It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell even with paranoid firewall settings. It is written in perl and runs on UNIX-like boxes. Here's a list of what it does so far: - Upload of nc.exe (or any other executable) using the good ol' debug script trick - TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell - Direct and reverse bindshell, both TCP and UDP - DNS-tunneled pseudoshell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames Being an alpha version and since it was originally supposed to be just a quick&dirty toy for a pentest, there are lots of bugs waiting to be found and fixed so go ahead and download it ! :) More tunneling options (e.g.: HTTP, SMTP, ...) will be added in the future together with tunnel encryption, but I hope you will find the tool helpful already Enjoy ! -- icesurfer -- Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities. -- Charles Bukowski ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Web service security Atul Wankhade (Jun 19)
- sqlninja 0.1.0alpha released A.R. (Jun 23)