Bluelol’s Blog

Just another WordPress.com weblog

Anti-VirusNorton Internet Security 2009

Strong on protection, light on system resources, award winning! Stay protected from the latest online threats. Norton Internet Security runs quietly in the background to detect and block today’s complex threats and to protect your identity when you buy, bank, or browse online. The friendly and efficient product design helps minimize confusing security alerts and system slowdowns that can get in the way of your online experience. Norton Internet Security? provides essential protection from viruses, hackers, spyware, spam and other privacy threats. A comprehensive set of security tools, Norton Internet Security helps keep you safe online as you surf and email, swap files, download programs, and chat. In addition to protecting against viruses and unwelcome intrusions from the Internet, NIS also allows you to automatically block annoying banner ads and pop-up windows, set up parental site blocking options for restricting access to specific Web sites, 続きを読む

5月 12, 2009 Posted by | About SQLninja, Anti-VirusNorton Internet Security 2009 | コメントをどうぞ

About SQLninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. It is released under the GPLv2 and it has been featured on SecurityHack’s Top 15 Free SQL Injection Scanners, which is a good result for something that started as a small script written on-the-fly during a pen-test.

The full documentation can be found in the tarball and also here, but here’s a list of what the Ninja does :

  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
  • Bruteforce of ’sa’ password (in 2 flavors: dictionary-based and incremental)
  • Privilege escalation to sysadmin group if ’sa’ password has been found
  • Creation of a custom xp_cmdshell if the original one has been removed
  • Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
  • Evasion techniques to confuse a few IDS/IPS/WAF
  • Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection

Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on :

  • Linux
  • FreeBSD
  • Mac OS X

5月 10, 2009 Posted by | About SQLninja | コメントをどうぞ