+++++ Dear ….. Thank you for visiting our booth at the Myanmar Black Hacking. We hope you will have a good time and enjoyed your visit to Underground. In case we won't answer some of your questions about our Real Info, we encourage you to visit our website at www.myanmarblackhacking.com +++++ It will give you a good idea of what we can do for +++++

Apr 4, 2015

0 SQL Ninja Download

sqlninja လို့ေခၚပါတယ္ sql attack နဲ့ လက္တဲ့စမ္းခ်င္သူေတြအတြက္ကေတာ့
ဒီဟာေလးဟာေကာင္းမြန္တဲ့ tool ေလးတစ္ခုပါ 
 

Beginners up to advanced level အထိ ဒီဟာေလးကေတာ္ေတာ္ေကာင္းပါတယ္ ဒီဟာေလးကိုေရးသားတဲ့သူကေတာ့ ေလ့လာသင္ယူသူေတြအတြက္ Sql Injection ေကာင္းေကာင္းေလးေတြကို ပိုလုပ္ေဆာင္နိုင္ေအာင္ၾကိဳးစားထားတာထင္ပါတယ္
DB server via remote  လုပ္နိုင္ေအာင္ target ထားတဲ့ဟာပါ အျပင္းစား shell ေတြသံုးနိုင္ပါတယ္ 


Fingerprint from a remote SQL Server on the information in the form: version, users who perform queries, user privileges, xp_cmdshell availability or not, the DB Server authentication mode.Password bruteforce technique of 'sa'Privilege escalation (privilege Escalation) to 'sa'Create an xp_cmdshell if the original has been disabledexecutable file uploadReverse scan to look for ports that can be used for a reverse shellShell access directly or otherwise, both TCP and UDPDNS tunneled pseudoshell, when no ports are available for a bindshellMetasploit wrapping, when you want to use meterpreter or when they want to gain access to the GUI on the DB server.OS Privilege Escalation on the remote DB server using token kidnappingAll of the above can be done with the SQL code in order to trick the IDS / IPS on the target system.on sqlninja there are 12 types of attacks, you can use it with -m command <Attack mode>:
testfingerprintbruteforceEscalationresurrectxpuploadsdirshellbackscanrevshelldnstunnelmetasploitSQLCMDas in the screenshot below ..



 

please download such tools here: Link 1 - SQL Ninja
Link 2 -  SQL Ninja
 
အဆင္ေျပၾကပါေစဗ်ာ :)

0 comments:

Post a Comment