Monday, August 3, 20:34
Home how To SQLNINJA: Easy detection of sql injection vulnerabilities with the open source tool

SQLNINJA: Easy detection of sql injection vulnerabilities with the open source tool

Surely most of you know it sqlmap as the most common sql injection vulnerability tool in web applications. from sqlmap, in this article we will get to know one more, sqlninja, one . tool written in Perl specialized in finding sql injection vulnerabilities in web applications that use Microsoft SQL Server as a backend.


Its main purpose is to provide the attacker with remote access to the vulnerable base even when the general environment in which the base is located is hostile. Can be used by penetration testers and security analysts who want to check for sql injection vulnerabilities.

What is SQL injection?

SQL injection is a technique hacking where the attacker, through his modification URL or some other character input field of the web application can insert SQL commands directly into the database. This results in overriding application security techniques and as a result the attacker can extract data from the entire database, modify it and even delete it.

It is one of the oldest and most dangerous attacks on web applications. The organization OWASP (Open Web Application Security Project) ranks injection threats at number one on the list of Top 10 Web Application Security Threats (OWASP Top 10).

sQL injection

How to use it

Sqlninja is available for Unix operating systems that have a Perl interpreter. This means that the platforms that can support it are the following:

Sqlninja is not currently supported by operating systems Windows. It will

find pre-installed Linux distro for penetration testing, Kali Linux.

Linux Ubuntu & Debian

Install Perm modules

To install Perm modules open a terminal and run the following:

perl -MCPAN -e "install Net :: RawIP" perl -MCPAN -e "install Net :: Pcap" perl -MCPAN -e "install Net :: PcapUtils" perl -MCPAN -e "install Net :: Packet" perl - MCPAN -e "install Net :: DNS" perl -MCPAN -e "install IO :: Socket :: SSL"

Installing sqlninja

To download and extract the sqlninja folder, open a terminal and run the following:

wget tar zxvf sqlninja-0.2.999-alpha1.tgz cd sqlninja-0.2.999-alpha1.tgz

How to use it

Let's now look at some of the options we have using sqlninja.

Initially we can see all the possible options we have running sqlninja in a terminal:

root @ horse: ~ # sqlninja Sqlninja rel. 0.2.6-r1 Copyright (C) 2006-2011 icesurfer <> Usage: / usr / bin / sqlninja -m <mode>: Required. Available modes are: t / test - test whether the injection is working f / fingerprint - fingerprint user, xp_cmdshell and more b / bruteforce - bruteforce sa account e / escalation - add user to sysadmin server role x / resurrectxp - try to recreate xp_cmdshell u / upload - upload a .scr file s / dirshell - start a direct shell k / backscan - look for an open outbound port r / revshell - start a reverse shell d / dnstunnel - attempt a dns tunneled shell i / icmpshell - start a reverse ICMP shell c / sqlcmd - issue a 'blind' OS command m / metasploit - wrapper to Metasploit stagers -f <file>: configuration file (default: sqlninja.conf) -p <password>: how much password -w <wordlist>: wordlist to use in bruteforce mode (dictionary method only) -g: generate debug script and exit (only valid in upload mode) -v: verbose output -d <mode>: activate debug 1 - print each injected command 2 - print each raw HTTP request 3 - print each raw HTTP response all - see above ... see sqlninja-howto.html for details

The behavior of sqlninja is controlled through the sqlninja.conf configuration file, with which we can direct the tool to the target, how it is attacked, and how to use other management parameters. These may be the following:

  • -m <attackmode>: controls the attack mode by telling sqlninja what to do. Possible parameter values ​​can be:
    • test tanks
    • fingerprint
    • bruteforce
    • escalation
    • resurrectxp
    • upload
    • dirshell
    • backscan
    • revshell
    • dnstunnel
    • icmpshell
    • metasploit
    • sqlcmd
    • Getdata
  • -v: verbose output
  • -f <configuration file>: specifies the configuration file to use.
  • -p <'sa' password>: used in escalation mode to add the existing database user to the sysadmin group. In other modes it is used to enable the user to run queries as an administrator.
  • -w <wordlist>: list of possible passwords for bruteforce mode
  • -d <debug mode>: activates debug mode in case of troubleshooting. Possible values ​​are:
    • 1: print out any inject command
    • 2: print each HTTP request to the target
    • 3: print out each HTTP response from the target
    • All: all of the above

A config file may look like the following:

For even more details on the sqlninja tool we recommend visiting the page with official documentation while to see a live application of his related techniques video.

How did you like it; Expect impressions.


Please enter your comment!
Please enter your name here

Here's the crazy ones, the misfits, the rebels, the troublemakers ...


NetWalker ransomware: Over $ 25 Million in Gang Profits Since March

NetWalker ransomware operators are estimated to have earned over $ 25 million from ransom payments made by their victims ...

Elon Musk: "Obviously the aliens built the pyramids"

On Friday, Elon Musk tweeted: "Apparently the aliens built the pyramids," and garnered more than 500.000 likes.

Microsoft Edge behaves like malware

Microsoft has switched to aggressive marketing tactics trying to get Windows 10 users to adopt the new browser ...

Cyble: warns of 199 data breaches

Carrying out its well-established research on the dark web and deep web, Cyble detected 199 data breaches on various websites and companies ....

Microsoft Cortana bids farewell to Android and iOS

In a statement released on July 31, the company said it would withdraw the Cortana virtual assistant from iOS devices and ...

2gether: Hacking attack on cryptocurrency trading platform

2gether revealed that it was hacked, during which approximately 1,2 million Euros in cryptocurrencies were stolen from investment accounts in cryptocurrencies ....

Google: 11 zero day vulnerabilities were identified in the first half of 2020

According to the Google Project Zero team, 11 zero day vulnerabilities were identified, which were exploited by malicious agents, within the first ...

Linux Kernel 5.8: Released with countless improvements and changes

Recently, Linus Torvalds announced the release of the Linux 5.8 kernel. According to him, the new kernel ...

Moldovan pleaded guilty to creating FastPOS malware!

A 30-year-old man from Moldova pleaded guilty to creating FastPOS malware that infects POS systems worldwide ....

YouTube: Crypto channel closed to encourage illegal activities

YouTube restored the Crypto channel after being offline for more than two days due to "encouragement for illegal activities".