Tool: Blind SQL Injection exploit tool

Sec-1 Blind Injector (sec1blindinjector.rb)

The sec1blindinjector.rb tool is designed to exploit blind SQL injection vulnerabilities in Microsoft SQL Server  based applications. Whilst there are many good tools already out there such as SQLMap, this tool offers a number of unique features we have found useful during penetration testing.

Features

  • Search tables for columns names containing a specific key word (e.g. password)
  • Search all tables and databases for columns containing specific data (e.g admin)
  • Enumerate table and column names
  • Extract table data
  • Perform a dictionary attack against the local or accessible SQL server (SQL server 2000 only)
  • Execute operating system commands via cracked “sa” account

Download here: sec1blindinjector

This entry was posted in Tools. Bookmark the permalink.

Comments are closed.