Download sqlninja hacking tools for windows
Want to move from SQL injection in Microsoft SQL Server to full GUI database access? Use some new SQL injection tricks and add a few remote shots to the registry to disable data execution prevention, mix it with a little Perl that automatically generates debug scripts, put them all in a Metasploit wrapped shaker and shake well. And you only have one of the attack modules sqlninja!
Sqlninja is a tool designed to exploit SQL Injection vulnerabilities in web applications that use Microsoft SQL Server as a backend. Its primary purpose is to provide remote access to vulnerable database servers, even in highly hostile environments. It should be used by penetration testers to help and automate the process of taking over a DB server when a SQL Injection vulnerability is discovered.The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:
- Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
- Data extraction, time-based or via a DNS tunnel
- Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter
- Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe
