Hacking SQL Servers using Sqlninja and Metasploit

Sqlninja is a nifty little tool which can help a pentester gain access to the DB server using SQL injection attacks. In this video, created by Raul Siles, we will see how we can use a combination of Sqlninja and Metasploit to gain access to the remote server. Raul uses HackMe Bank as the vulnerable application for this demo.

You can download Sqlninja from their website. 

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net