4/14/2023 0 Comments Sql injection tool get cc cvv dob![]() ![]() Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box.DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames.Direct and reverse bindshell, both TCP and UDP.Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe.Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter.Data extraction, time-based or via a DNS tunnel. ![]() Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode).The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |