Jump to content
Kwelwild

How To Use Sqlninja To Takeover Ms-Sql Database Servers

By Kwelwild, in Tutoriale video

Recommended Posts

Kwelwild Newbie

Kwelwild

Posted
Posted



Description: In this video you will learn how to exploit MS-SQL. This video is advanced for exploiting MS-SQL Database. For Exploiting a MS-SQL Database Hoody is using a tool called SQLNINJA . SQLNINJA is a very powerful SQLI exploitation tool.

About SQLNINJA :

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:
Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
Data extraction, time-based or via a DNS tunnel
Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter
Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe
Direct and reverse bindshell, both TCP and UDP
DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames
ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
Privilege escalation to sysadmin group if 'sa' password has been found
Creation of a custom xp_cmdshell if the original one has been removed
TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
Evasion techniques to confuse a few IDS/IPS/WAF
Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source:

Sursa: How To Use Sqlninja To Takeover Ms-Sql Database Servers

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...