Tuesday, October 20, 11:03
Home how To SQLNINJA: Easy detection of sql injection vulnerabilities with the open source tool

SQLNINJA: Easy detection of sql injection vulnerabilities with the open source tool

Surely most of you know it sqlmap as the most common sql injection vulnerability tool in web applications. P.day from sqlmap, in this article we will get to know one more, sqlninja, one . tool written in Perl specialized in finding sql injection vulnerabilities in web applications that use Microsoft SQL Server as a backend.


Its main purpose is to provide the attacker with remote access to the vulnerable base even when the general environment in which the base is located is hostile. Can be used by penetration testers and security analysts who want to check for sql injection vulnerabilities.

What is SQL injection?

SQL injection is a technique hacking where the attacker, through his modification URL or some other character input field of the web application can insert SQL commands directly into the database. This results in overriding application security techniques and as a result the attacker can extract data from the entire database, modify it and even delete it.

It is one of the oldest and most dangerous attacks on web applications. The organization OWASP (Open Web Application Security Project) ranks injection threats at number one on the list of Top 10 Web Application Security Threats (OWASP Top 10).

sQL injection

How to use it

Sqlninja is available for Unix operating systems that have a Perl interpreter. This means that the platforms that can support it are the following:

Sqlninja is not currently supported by operating systems Windows. It will

find pre-installed Linux distro for penetration testing, Kali Linux.

Linux Ubuntu & Debian

Install Perm modules

To install Perm modules open a terminal and run the following:

perl -MCPAN -e "install Net :: RawIP" perl -MCPAN -e "install Net :: Pcap" perl -MCPAN -e "install Net :: PcapUtils" perl -MCPAN -e "install Net :: Packet" perl - MCPAN -e "install Net :: DNS" perl -MCPAN -e "install IO :: Socket :: SSL"

Installing sqlninja

To download and extract the sqlninja folder, open a terminal and run the following:

wget https://sourceforge.net/projects/sqlninja/files/sqlninja/sqlninja-0.2.999-alpha1.tgz tar zxvf sqlninja-0.2.999-alpha1.tgz cd sqlninja-0.2.999-alpha1.tgz

How to use it

Let's now look at some of the options we have using sqlninja.

Initially we can see all the possible options we have running sqlninja in a terminal:

root @ horse: ~ # sqlninja Sqlninja rel. 0.2.6-r1 Copyright (C) 2006-2011 icesurfer <r00t@northernfortress.net> Usage: / usr / bin / sqlninja -m <mode>: Required. Available modes are: t / test - test whether the injection is working f / fingerprint - fingerprint user, xp_cmdshell and more b / bruteforce - bruteforce sa account e / escalation - add user to sysadmin server role x / resurrectxp - try to recreate xp_cmdshell u / upload - upload a .scr file s / dirshell - start a direct shell k / backscan - look for an open outbound port r / revshell - start a reverse shell d / dnstunnel - attempt a dns tunneled shell i / icmpshell - start a reverse ICMP shell c / sqlcmd - issue a 'blind' OS command m / metasploit - wrapper to Metasploit stagers -f <file>: configuration file (default: sqlninja.conf) -p <password>: how much password -w <wordlist>: wordlist to use in bruteforce mode (dictionary method only) -g: generate debug script and exit (only valid in upload mode) -v: verbose output -d <mode>: activate debug 1 - print each injected command 2 - print each raw HTTP request 3 - print each raw HTTP response all - see above ... see sqlninja-howto.html for details

The behavior of sqlninja is controlled through the sqlninja.conf configuration file, with which we can direct the tool to the target, how it is attacked, and how to use other management parameters. These may be the following:

  • -m <attackmode>: controls the attack mode by telling sqlninja what to do. Possible parameter values ​​can be:
    • test tanks
    • fingerprint
    • bruteforce
    • escalation
    • resurrectxp
    • upload
    • dirshell
    • backscan
    • revshell
    • dnstunnel
    • icmpshell
    • metasploit
    • sqlcmd
    • Getdata
  • -v: verbose output
  • -f <configuration file>: specifies the configuration file to use.
  • -p <'sa' password>: used in escalation mode to add the existing database user to the sysadmin group. In other modes it is used to enable the user to run queries as an administrator.
  • -w <wordlist>: list of possible passwords for bruteforce mode
  • -d <debug mode>: activates debug mode in case of troubleshooting. Possible values ​​are:
    • 1: print out any inject command
    • 2: print each HTTP request to the target
    • 3: print out each HTTP response from the target
    • All: all of the above

A config file may look like the following:

For even more details on the sqlninja tool we recommend visiting the page with official documentation while to see a live application of his related techniques video.

How did you like it; Expect impressions.


Please enter your comment!
Please enter your name here

Here's the crazy ones, the misfits, the rebels, the troublemakers ...


DDoS attacks tripled, forcing victims to pay a ransom

The last quarter of 2020 saw a wave of web application attacks that have used ransom letters to target companies in various industries ....

Phishing campaign violates Office 365 accounts through OAuth app

Security researchers have discovered a new phishing campaign that uses a Coinbase-themed email. Target of the hackers behind the campaign, ...

A hacking team donated money stolen from attacks

A hacking team donated some of the money it stole from companies to charities. This is an unprecedented case that raises ...

Instagram: Investigated by the EU for child data protection

Instagram is under investigation by the EU, as it allegedly failed to ensure the protection of children's data on its platform ....

Ransomware attack "cost" $ 300.000 in Mississippi schools!

A Mississippi school district voted to pay $ 300.000 to recover files encrypted during an ransomware attack. A...

Russian hackers were planning attacks at the Tokyo Olympics!

The UK government said yesterday that Russian hackers were preparing cyber-attacks against the organizers of the Olympic and Paralympic Games ...

Windows 10: Microsoft has released a new task manager for gamers

If your computer games are slow or slow, you can free up resources in Windows 10 using the new task manager ...

NASA's Osiris-Rex is expected to land on the asteroid Bennu tomorrow

NASA's Osiris-Rex spacecraft will land on a large asteroid for a while on Tuesday and will collect some rocks and ...

How to turn off all vibrations on your iPhone completely

Some people are particularly sensitive to the vibrations of their iPhone, either for personal or medical reasons. Thanks to...

How to convert Keynote presentations to Microsoft PowerPoint

Apple presentation software does all the hard work when converting a PowerPoint presentation to Keynote. Doing the opposite, ...