Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Open Source SQL Inject, XSS, Remote File Include Testing
From: Marco Ivaldi <raptor () mediaservice net>
Date: Thu, 24 May 2007 12:06:02 +0200 (ora solare Europa occidentale)

Hey again pen-testers,

On Mon, 21 May 2007, Marco Ivaldi wrote:

You shouldn't expect anything too fancy (it's still v0.1 after all;), but it does its job:

I managed to work a bit more on my multi-purpose MSSQL injection script, and now (at version 0.9;) it can be considered a fairly powerful and usable attack tool. You can download it from:


Three modes of operation are available:

1) Information Gathering (-m info).
   Dump basic information about the MSSQL database (@@version, db_name(),
   user_name(), system_user, etc.), database names, tables/views/stored
   procedures, columns, data types, keys, and users.

2) Record Dump (-m dump).
   Dump N records from the specified columns/table|db..table

3) Brute Force (-m brute)
   Perform a brute force attack against the specified user(s), either
   using a password wordlist or testing weak passwords such as the empty
   one or password=username.


Marco Ivaldi, OPST
Chief Security Officer    Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]