Saturday, February 20, 00:13
Home how To SQLNINJA: Easy detection of sql injection vulnerabilities with the open source tool

SQLNINJA: Easy detection of sql injection vulnerabilities with the open source tool

Surely most of you know it sqlmap as the most common sql injection vulnerability tool in web applications. P.day from sqlmap, in this article we will get to know one more, sqlninja, one . tool written in Perl specialized in finding sql injection vulnerabilities in web applications that use Microsoft SQL Server as a backend.

SQLNINJA

Its main purpose is to provide the attacker with remote access to the vulnerable base even when the general environment in which the base is located is hostile. Can be used by penetration testers and security analysts who want to check for sql injection vulnerabilities.

What is SQL injection?

SQL injection is a technique hacking where the attacker, through his modification URL or some other character input field of the web application can insert SQL commands directly into the database. This results in overriding application security techniques and as a result the attacker can extract data from the entire database, modify it and even delete it.

It is one of the oldest and most dangerous attacks on web applications. The organization OWASP (Open Web Application Security Project) ranks injection threats at number one on the list of Top 10 Web Application Security Threats (OWASP Top 10).

sQL injection

How to use it

Sqlninja is available for Unix operating systems that have a Perl interpreter. This means that the platforms that can support it are the following:

Sqlninja is not currently supported by operating systems Windows. It will

find pre-installed Linux distro for penetration testing, Kali Linux.

Linux Ubuntu & Debian

Install Perm modules

To install Perm modules open a terminal and run the following:

perl -MCPAN -e "install Net :: RawIP" perl -MCPAN -e "install Net :: Pcap" perl -MCPAN -e "install Net :: PcapUtils" perl -MCPAN -e "install Net :: Packet" perl - MCPAN -e "install Net :: DNS" perl -MCPAN -e "install IO :: Socket :: SSL"

Installing sqlninja

To download and extract the sqlninja folder, open a terminal and run the following:

wget https://sourceforge.net/projects/sqlninja/files/sqlninja/sqlninja-0.2.999-alpha1.tgz tar zxvf sqlninja-0.2.999-alpha1.tgz cd sqlninja-0.2.999-alpha1.tgz

How to use it

Let's now look at some of the options we have using sqlninja.

Initially we can see all the possible options we have running sqlninja in a terminal:

root @ kali: ~ # sqlninja Sqlninja rel. 0.2.6-r1 Copyright (C) 2006-2011 icesurfer Usage: / usr / bin / sqlninja -m : Required. Available modes are: t / test - test whether the injection is working f / fingerprint - fingerprint user, xp_cmdshell and more b / bruteforce - bruteforce sa account e / escalation - add user to sysadmin server role x / resurrectxp - try to recreate xp_cmdshell u / upload - upload a .scr file s / dirshell - start a direct shell k / backscan - look for an open outbound port r / revshell - start a reverse shell d / dnstunnel - attempt a dns tunneled shell i / icmpshell - start a reverse ICMP shell c / sqlcmd - issue a 'blind' OS command m / metasploit - wrapper to Metasploit stagers -f : configuration file (default: sqlninja.conf) -p : with password -w : wordlist to use in bruteforce mode (dictionary method only) -g: generate debug script and exit (only valid in upload mode) -v: verbose output -d : activate debug 00 - print each injected command 1 - print each raw HTTP request 2 - print each raw HTTP response all - all of the above ... see sqlninja-howto.html for details

The behavior of sqlninja is controlled through the sqlninja.conf configuration file, with which we can direct the tool to the target, how it is attacked, and how to use other management parameters. These may be the following:

  • -m : controls the attack mode telling sqlninja what to do. Possible values ​​of the parameter can be:
    • test tanks
    • fingerprint
    • bruteforce
    • escalation
    • resurrectxp
    • upload
    • dirshell
    • backscan
    • revshell
    • dnstunnel
    • icmpshell
    • metasploit
    • sqlcmd
    • Getdata
  • -v: verbose output
  • -f : specifies the configuration file to be used.
  • -p <'sa' password>: used in escalation mode in order to add the existing user of the database to the sysadmin group. In other modes it is used to enable the user to run queries as an administrator.
  • -w : list of possible passwords for bruteforce mode
  • -d : activates the debug mode in case of troubleshooting. Possible prices are:
    • 1: print out any inject command
    • 2: print each HTTP request to the target
    • 3: print out each HTTP response from the target
    • All: all of the above

A config file may look like the following:

For even more details on the sqlninja tool we recommend visiting the page with official documentation while to see a live application of his related techniques video.

 

How did you like it; Expect impressions.

 

 

 

 

 

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...

Top positions Software Engineering and coding skills for 2021

Due to COVID-19, recruitment efforts and employment opportunities fell sharply last year. However, the technology industry has proven to be more resilient ...
00:10:13

Phishing emails: How to recognize them and how to protect yourself?

https://www.youtube.com/watch?v=iME-CzlKVzc Το phishing είναι ίσως η μεγαλύτερη απειλή στον κυβερνοχώρο εδώ και περισσότερα από πέντε χρόνια. Γι΄...

US and UK condemn Facebook for blocking Australia

Politicians, news agents and civil rights groups in the UK and US have targeted Facebook for its decision to ...

Vaio Z (2021) Released - What are its specifications?

The Vaio Z (2021) was released as the last laptop of Vaio Corporation based in Japan. The laptop comes with a border ...