Sqlninja (Sql Injection And Takeover Tool)
|
|
|
||||||||||
Description:
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
In this very basic demo, we will look at the following:
* How to configure the tool
* How to fingerprint the remote server
* How to bruteforce the 'sa' password
* How to upload executables and obtain a shell
You can download Sqlninja from their website.
In this very basic demo, we will look at the following:
* How to configure the tool
* How to fingerprint the remote server
* How to bruteforce the 'sa' password
* How to upload executables and obtain a shell
You can download Sqlninja from their website.