Lσgιη Iғ Yσυ Aяε α Mεмвεя

Oя

Rεgιsтεя Tσ Bε Mεмвεя Oғ Tнιs Fσяυм
Google Translater
IP Address
You are from
%%v_FLG%% %%v_IP%%
%%v_CR%% ,%%v_RG%%, %%v_CI%%
%%v_OS_IMG%% %%v_OS%%
%%v_BRW_IMG%% %%v_BRW%%
%%v_I_RESO%% %%v_RESO%% %%v_I_CLR%% %%v_CLR%%
Who is online?
In total there is 1 user online :: 0 Registered, 0 Hidden and 1 Guest

None

Most users ever online was 6 on Thu Jun 13, 2013 4:48 pm
Visitors

Sqlninja 0.2.6

View previous topic View next topic Go down

Sqlninja 0.2.6

Post by Administrator on Fri May 31, 2013 3:30 pm

[You must be registered and logged in to see this image.]

Features:

>> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
>> Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).
>> Creation of a custom xp_cmdshell if the original one has been removed
>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order
to find a port that is allowed by the firewall of the target network
and use it for a reverse shell.
>> Direct and reverse bindshell, both TCP and UDP
>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
shell but the DB can ping your box.
>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
a direct/reverse shell, but the DB server can resolve external hostnames
(check the documentation for details about how this works).
>> Evasion techniques to confuse a few IDS/IPS/WAF.
>> Integration with Metasploit3, to obtain a graphical access to the remote DB
server through a VNC server injection.

DOWNLOAD CLICK HERE
avatar
Administrator
Admin

Posts : 239
Join date : 2013-05-29
Age : 28
Location : India

http://saudatricks.forummotion.com

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum