SQLninja v.0.2.6 "bunga bunga edition" released
One of the most used SQL injection tool for Microsoft SQL server has released its latest update with some bug fixes and new features.
It has following features:
- Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
- Bruteforce of the 'sa' password
- Privilege escalation to 'sa'
- Creation of a custom xp_cmdshell if the original one has been disabled
- Upload of executables
- Reverse scan in order to look for a port that can be used for a reverse shell
- Direct and reverse shell, both TCP and UDP
- DNS tunneled pseudoshell, when no ports are available for a bindshell
- ICMP tunneled shell, if the target DBMS can communicate via ICMP Echo with the attacking machine
- Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
- OS privilege escalation on the remote DB server using token kidnapping or through CVE-2010-0232
- All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems
Download here:
http://sqlninja.sourceforge.net/download.html
