The SQL injection is a new yet smooth method in the alpha of the new release. The injection (slow) it uses is Wait for based and also uses the DNS tunnels (fast). Although the SQL injection is still a bit experimental but it can help you and guide you in your next penetration test. Today you will be able to download SQLNinja, which is a free SQL Injection tool.
From a SQL injection on Microsoft SQL server to a full Graphic User interface (GUI) access on DB? Here are a few new SQL injection tricks, add some remote shots in the registry in order to disable data execution prevention, mix it with a small pearl that automatically generates a debug script, now put all of this a in blender with Metasploit as a wrapper, shake this well enough and there you go shall have one of the attack modules of SQLNinja.
Contents
Why use SQLNinja for finding SQL vulnerabilities?
The SQL injection is, therefore, a tool that targets to exploit and expose the SQL injection vulnerabilities that are present on a web application which uses Microsoft server at its back end.
The main goal of SQL injection is to provide remote access to the vulnerable DB server even if the environment is hostile. This can be used by the penetration testers to help and automate the process to take over a DB server whenever SQL injection vulnerability is discovered. Moreover, this is also used to stream music like kudos to sid77 and similar for being the very first to spot the Easter egg.
This tool is released under the GPLv3. The main goal of SQLninja is to get access of interactive OS level on the remote DB server and to use it as a foothold in the target network. It can be also used to extract data from the database as an experimental feature.
SEE ALSO: How to Hack Any SQL Database Server Password.
SQLNinja Features
- It carries the fingerprint of the remote SQL server which includes version, the user performing the queries, the user privileges, the availability of xp_cmdshell and the authentication mode.
- It is used for data extraction that is time-based or through a DNS tunnel
- It has integration with metasploit3 that is used to obtain graphical user access the remote DB server via a VNS server injection or to just upload the meterpreter.
- It is used to upload the executable by only using the normal HTTP requests, no FTP or TFTP is needed, and this is done through VBS script or debug.exe
- It comes with direct and reverse bind shell for both TCP and UDP
- It has the DNS tunnel pseudo shell whenever the TCP or UDP ports are not available for a direct or reverse shell, the DB server is able to resolve external hostnames
- It has the ICMP tunneled shell and whenever the TCP or UDP ports are not available for direct or reverse shell, the DB server is able to ping your box
- It comes with the brute force of the server account password. These come in 2 flavors one is dictionary-based and the other is incremental
- It has the privilege escalation to the system admin group if “sa” password is found
- It can be used to create the custom xp_cmdshell if the original one has been removed
- It is used for TCP or UDP port scan from the target SQL server towards the attacking machine to find the port that is allowed by the firewall of the target network and to use it for a reverse shell
- It has certain evasion techniques to confuse some IDS or IPS or WAF
- It has integration with chirrasco.exe that is used to escalate privileges to the system on w2k3 through token kidnapping.
Till now you might have figured out that the SQLninja do not look for SQL vulnerabilities as to remind you again there are already many tools that are used to perform such a task like the BurpSuite.
SEE ALSO: How to Prevent SQL Injection Attacks and Protect your Databases.
SQLNinja System Requirements
As the SQLninja is written completely in Perl, there not that much to install. For this you need to install perl and the following modules if they are missing:
- Net Packet
- Net-Pcap
- Net-DNS
- Net-RawlP
- IO-Socket-SSL
- DBI
To use the Metasploit attack mode you are also required to have the Metasploit framework 3 on your box. If you are using the VNC payload then you are required to have a VNC client on your box.
SEE ALSO: 6 Best Free SQL Injection Tools Download.
Operating Systems Supported by SQLNinja
If anything goes wrong, then the activating verbose output (-v option) or in debugging (-d) should provide hints. As SQLninja has been developed on a Gentoo box it has been reported to work on the following OS:
- Free BSD
- Linux
- iOS
- Mac OS X
The SQLninja is not able to run on Windows and thus we are not planning a port in the near future.
Note: the SQL injection is however not trivial to set up, therefore, it must not be used for script kiddies. What you are planning to do with the tool is your concern. To use this you must be a professional penetration tester with some written documents that authorize you towards the network you attack. If you lack authorization then you can play with the tool but it might get you in trouble with many law enforcement agencies.
SEE ALSO: Havij Free Download – Automated SQL Injection Tool.
Download SQLNinja for Free Latest Version
Today we explained everything about SQLninja Download that how you can use it, some features and requirements. I hope you have enjoyed reading about it. ONLY use this tool on systems you have access and authorization to do so on.