kali工具箱

Sqlninja Package Description

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.

Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Source: http://sqlninja.sourceforge.net/
Sqlninja Homepage | Kali Sqlninja Repo

Author: icesurfer
License: GPLv3

Tools included in the sqlninja package

sqlninja – SQL server injection and takeover tool

[email protected]:~# sqlninja -h

Unknown option: h

Usage: /usr/bin/sqlninja

    -m <mode> : Required. Available modes are:

        t/test - test whether the injection is working

        f/fingerprint - fingerprint user, xp_cmdshell and more

        b/bruteforce - bruteforce sa account

        e/escalation - add user to sysadmin server role

        x/resurrectxp - try to recreate xp_cmdshell

        u/upload - upload a .scr file

        s/dirshell - start a direct shell

        k/backscan - look for an open outbound port

        r/revshell - start a reverse shell

        d/dnstunnel - attempt a dns tunneled shell

        i/icmpshell - start a reverse ICMP shell

        c/sqlcmd - issue a 'blind' OS command

        m/metasploit - wrapper to Metasploit stagers

    -f <file> : configuration file (default: sqlninja.conf)

    -p <password> : sa password

    -w <wordlist> : wordlist to use in bruteforce mode (dictionary method

                    only)

    -g : generate debug script and exit (only valid in upload mode)

    -v : verbose output

    -d <mode> : activate debug

        1 - print each injected command

        2 - print each raw HTTP request

        3 - print each raw HTTP response

        all - all of the above

    ...see sqlninja-howto.html for details

sqlninja Usage Example

Connect to the target in test mode (-m t) with the specified config file (-f /root/sqlninja.conf):

[email protected]:~# sqlninja -m t -f /root/sqlninja.conf 

Sqlninja rel. 0.2.6-r1

Copyright (C) 2006-2011 icesurfer <[email protected]>

[+] Parsing /root/sqlninja.conf...

[+] Target is: 192.168.1.51:80

[+] Trying to inject a 'waitfor delay'....