[Shoryuken] Script en Bash para obtener una Shell por medio de un SQLi

Shoryuken es un sencillo script para bash que podemos utilizar para explotar rápidamente una aplicación web con el backend DBMS en la misma máquina, vulnerable a inyecciones SQL y pobremente pésimamente configurada.

La versión actual puede obtener una sesión remota por el puerto 80/HTTP explotando hosts con MSSQL o MySQL que se ejecutan con usuarios con privilegios elevados (system o root), todo ello con una única petición HTTP: el shoryuken (el famoso golpe de Ryu o Ken que significa "puño del dragón" en japonés).

Fácil de usar y bastante indetectable en TEST MODE (1 petición), necesitaremos tener curl instalado:

shoryuken=$(curl -A $agent -s -i "$target$mssqli&$param$mysqli")

Web del proyecto: http://code.google.com/p/shoryuken/

[Fuente]

[SQLSentinel] OpenSource tool for sql injection security testing

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled. 

Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.

Download SQLSentinel v0.2

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the many ways to possibly determine the version, but most of them require authentication, permissions and/or privileges on Microsoft SQL Server to succeed. 

Instead, ESF.pl uses a combination of crafted packets for SQL Server Resolution Protocol (SSRP) and Tabular Data Stream Protocol (TDS) (protocols natively used by Microsoft SQL Server) to accurately perform version fingerprinting and determine the exact Microsoft SQL Server version. ESF.pl also applies a sophisticated Scoring Algorithm Mechanism (Powered by Exploit Next Generation⁺⁺ Technology), which is a much more reliable technique to determine the Microsoft SQL Server version. It is a tool intended to be used by: 

This version is a completely rewritten version in Perl, making ESF.pl much more portable than the previous binary 
version (Win32), and its original purpose is to be used as a tool to perform automated penetration test. This version also includes the followingMicrosoft SQL Server versions to its fingerprint database:        

        • Microsoft SQL Server 2012 SP1 (CU1)
        • Microsoft SQL Server 2012 SP1
        • Microsoft SQL Server 2012 SP1 CTP4
        • Microsoft SQL Server 2012 SP1 CTP3
        • Microsoft SQL Server 2012 SP0 (CU4)
        • Microsoft SQL Server 2012 SP0 (MS12-070)
        • Microsoft SQL Server 2012 SP0 (CU3)
        • Microsoft SQL Server 2012 SP0 (CU2)
        • Microsoft SQL Server 2012 SP0 (CU1)
        • Microsoft SQL Server 2012 SP0 (MS12-070)
        • Microsoft SQL Server 2012 SP0 (KB2685308)
        • Microsoft SQL Server 2012 RTM

Download: http://code.google.com
Source: http://code.google.com/p/sql-fingerprint-next-generation