FROM:http://pauldotcom.com/2009/11/attacking-mssql-with-metasploi.html
Now a days hacking has shifted from attacking systems to know how they work or for the trill of getting into a system for the sake of the hunt but many hackers are doing it for profit, in fact many companies around the world and states are employing hacker for information both for political and financial gain. One of the places where most of this information resides is in databases and one of the most popular databases in enterprises and governments now a days is Microsoft SQL Server and on this blog post I will cover some of the attacks you can do against this system with Metasploit 3.3.
阅读全文
From:拉神
介绍2种留 webshell的办法
第一种:
是在管理员的后台登陆界面隐藏我们的后门,这是相对比较安全的
因为管理员的入口不是经常换的,只要他的登陆界面在,我们的后门就在!
当然,你也可以灵活的插入其他文件中,只要这个文件不是经常换的
1.从我们的SHELL上找到管理员的入口页面
2.编辑它 在最后面写上一段代码复制内容到剪贴板代码:
阅读全文
The most advanced GUI tool for aiding in full compromises of MSSQL servers via SQL injection.
Author: Scott White, Senior Security Consultant
Release: August 10, 2008 by SecureState, 2pm at Defcon 16, Las Vegas, NV
SA Exploiter v.1 beta is the most advanced and only GUI tool available solely targeting SQL injection with excessive privileges to root MSSQL servers. SA Exploiter is a standalone windows portable executable that automates the generation of injection strings for use with popular attacks such as the “ftp answer file” attack, as well as other more advanced attacks using binary payload injection. The tool takes the widely known 64k limitation of Windows debug and successfully allows Metasploit shellcode to be copy/pasted or custom exe’s to be delivered for execution without the use of egress connections like ftp/tftp. The tool also features code generation of many tasks such as disabling antivirus, turning on xp_cmdshell, adding user accounts, etc.
阅读全文
破解MSSQL的HASH密码
原文名称 :Microsoft SQL Server Passwords (Cracking the password hashes)
原文地址 :http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf
作者 
avid Litchfield <david@ngssoftware.com>
Term : FreeXploiT
Author : ALLyeSNO
Date : 2005-3-25
翻译:ALLyeSNO <shellget@hotmail.com> http://blog.csdn.net/freexploit
参考文章:flashsky《浅谈SQL SERVER数据库口令的脆弱性》
阅读全文
转自Trace
Trace注:新版本的SQL_2005_Inj就 是用的SELECT FOR XML,本来想首发的,没想到老外先丢出来了,不过他的功能比较少,等我们群[BK瞬间群]内测完之后再发布吧。Select For XML SQL INJECTION是一种比较快速抓取数据的方法,和UNION配合起来那种快感是相当XX的。
I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.
阅读全文
