The most advanced GUI tool for aiding in full compromises of MSSQL servers via SQL injection.
Author: Scott White, Senior Security Consultant
Release: August 10, 2008 by SecureState, 2pm at Defcon 16, Las Vegas, NV
SA Exploiter v.1 beta is the most advanced and only GUI tool available solely targeting SQL injection with excessive privileges to root MSSQL servers. SA Exploiter is a standalone windows portable executable that automates the generation of injection strings for use with popular attacks such as the “ftp answer file” attack, as well as other more advanced attacks using binary payload injection. The tool takes the widely known 64k limitation of Windows debug and successfully allows Metasploit shellcode to be copy/pasted or custom exe’s to be delivered for execution without the use of egress connections like ftp/tftp. The tool also features code generation of many tasks such as disabling antivirus, turning on xp_cmdshell, adding user accounts, etc.
System Requirements: Windows
Installation Instructions:Standalone exe, no install needed.
动画参考:
http://www.milw0rm.com/video/watch.php?id=98
本文还暂无回复