最近在找Linux下的Sql注入软件,以前只用过Sqlmap,今天尝试了一下在Ubuntu 9.04上安装Sqlninja,这款软件的简介:
Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here’s what it does:
Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
Bruteforce of the ’sa’ password
Privilege escalation to ’sa’
Creation of a custom xp_cmdshell if the original one has been disabled
Upload of executables
Reverse scan in order to look for a port that can be used for a reverse shell
Direct and reverse shell, both TCP and UDP
DNS tunneled pseudoshell, when no ports are available for a bindshell
Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems
As you probably have figured out, sqlninja does not look for SQL injection vulnerabilities. Again, there are already several tools that perform that task already, like WebScarab.
For the latest release and a flash demo (very recommended to get a general idea of the tool), check out the address .
Read this manual carefully (yes, I mean all of it), as it will explain you what it is all about and how to make your way through all sqlninja options. Yes, I know that it’s terribly long and boring, but since sqlninja has a plethora of options to play with (and no shiny red buttons), try to read the whole thing: it will help you to get the most of the tool and will save you a lot of time later.
下面说说在Ubuntu 9.04上安装过程:
这个软件是用Perl写的,所以出去Perl是必须的外,还需要:
NetPacket
Net-Pcap
Net-DNS
Net-RawIP
IO-Socket-SSL
所以在使用前先要把这些东西装上去,
按照上面的对应关系,
1. 下载NetPacket
wget
tar zxvf NetPacket-0.04.tar.gz
解压缩后放到/usr/lib/perl5 目录下
cp -r NetPacket-0.04 /usr/lib/perl5/