[SEC-1 LTD] Automagic SQL Injector

From: Gary Oleary-Steele (garyo_at_sec-1.com)
Date: 11/21/05

Next message: Jason T. Hallahan: "Solaris/UNIX Network Performance & Security"

Previous message: Javier Fernandez-Sanguino: "Re: mac to ip address tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Nov 2005 11:35:29 -0000
To: <pen-test@securityfocus.com>

                [SEC-1 LTD]
        Sec-1 Research Labs Release

Release Name: Sec-1 Automagic SQL injector 0.1 Beta
Release Date: 21/November/2005
     Platform: Active Perl Windows
       Author: Gary O'Leary-Steele

The Automagic SQL Injector is part of the Sec-1 Exploit Arsenal
provided as part of the Applied Hacking & Intrusion Prevention
training courses.

In a nutshell it's an automated SQL injection tool designed to help
save time on pen tests. It is only designed to work with vanilla
Microsoft SQL injection holes where errors are returned.

For a demonstration please visit http://scoobygang.org/magicsql/

The following features are currently supported:

[*] Browse tables and dump table data to a CSV file (2 methods).

[*] Upload files using debug script method.

[*] Automagical UDP reverse shell

[*] Interactive xp_cmdshell (simulated cmd.exe shell)

I plan to add other features such as a brute force account cracker
and a module to search for other SQL servers using OPENROWSET().

Download: http://scoobygang.org/automagic.zip

Written for Active Perl (Windows), doesn't work too well on *nix.

Usage:

[*] Sec-1 Automagical SQL injection tool [*]
Gary O'leary-Steele @ Sec-1 Ltd

Usage: perl C:\Automagic SQL injector\injector.pl <Options>

        -h Target Host
        -f Target File (e.g. /process_login.asp)
        -t Type (POST|GET)
        -q Is a leading single quote required (YES|NO)
        -a Additional header such as a cookie. Enclose within ""
        -d Database creation type (T|R). TEMP ## or regular table
                (Default is TEMP)

[THANKS!]

Thanks to Ollie Whitehouse for his srcmake.exe and UDP Revshell tool.
Thanks to Northern Monkee for the SQL help.

Note: Most of the supported features have been incorporated into
bobcat by Northern Monkee, this simply offers an alternative.

**************************************************************
NEW: Sec-1 Hacking Training - Learn to breach network security
to further your knowledge and protect your network
http://www.sec-1.com/applied_hacking_course.html
**************************************************************

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Next message: Jason T. Hallahan: "Solaris/UNIX Network Performance & Security"

Previous message: Javier Fernandez-Sanguino: "Re: mac to ip address tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]