本文來自:http://www.daxigua.com/archives/2268
最近在找Linux下的Sql注入軟件,以前只用過Sqlmap,今天嘗試了一下在Ubuntu 9.04上安裝Sqlninja,這款軟件的簡介:
Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here’s what it does:
Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
Bruteforce of the ’sa’ password
Privilege escalation to ’sa’
Creation of a custom xp_cmdshell if the original one has been disabled
Upload of executables
Reverse scan in order to look for a port that can be used for a reverse shell
Direct and reverse shell, both TCP and UDP
DNS tunneled pseudoshell, when no ports are available for a bindshell
Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems
As you probably have figured out, sqlninja does not look for SQL injection vulnerabilities. Again, there are already several tools that perform that task already, like WebScarab.
For the latest release and a flash demo (very recommended to get a general idea of the tool), check out the address http://sqlninja.sourceforge.net.
Read this manual carefully (yes, I mean all of it), as it will explain you what it is all about and how to make your way through all sqlninja options. Yes, I know that it’s terribly long and boring, but since sqlninja has a plethora of options to play with (and no shiny red buttons), try to read the whole thing: it will help you to get the most of the tool and will save you a lot of time later.
下面說說在Ubuntu 9.04上安裝過程:
這個軟件是用Perl寫的,所以出去Perl是必須的外,還需要:
NetPacket
Net-Pcap
Net-DNS
Net-RawIP
IO-Socket-SSL
所以在使用前先要把這些東西裝上去,
按照上面的對應關系,
1. 下載NetPacket
wget http://www.cpan.org/modules/by-module/NetPacket/NetPacket-0.04.tar.gz
tar zxvf NetPacket-0.04.tar.gz
解壓縮後放到/usr/lib/perl5 目錄下
cp -r NetPacket-0.04 /usr/lib/perl5/
