Hey again pen-testers,
On Mon, 21 May 2007, Marco Ivaldi wrote:
You shouldn't expect anything too fancy (it's still v0.1 after all;), but it
does its job:
I managed to work a bit more on my multi-purpose MSSQL injection script,
and now (at version 0.9;) it can be considered a fairly powerful and
usable attack tool. You can download it from:
http://www.0xdeadbeef.info/code/mssql-hax0r
Three modes of operation are available:
1) Information Gathering (-m info).
Dump basic information about the MSSQL database (@@version, db_name(),
user_name(), system_user, etc.), database names, tables/views/stored
procedures, columns, data types, keys, and users.
2) Record Dump (-m dump).
Dump N records from the specified columns/table|db..table
3) Brute Force (-m brute)
Perform a brute force attack against the specified user(s), either
using a password wordlist or testing weak passwords such as the empty
one or password=username.
Cheers,
--
Marco Ivaldi, OPST
Chief Security Officer Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
|