服务器评测
本文来自:http://www.daxigua.com/archives/2268
最近在找Linux下的Sql注入软件,以前只用过Sqlmap,今天尝试了一下在Ubuntu 9.04上安装Sqlninja,这款软件的简介:
Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here’s what it does:
Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
Bruteforce of the ’sa’ password
Privilege escalation to ’sa’
Creation of a custom xp_cmdshell if the original one has been disabled
Upload of executables
Reverse scan in order to look for a port that can be used for a reverse shell
Direct and reverse shell, both TCP and UDP
DNS tunneled pseudoshell, when no ports are available for a bindshell
Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems
As you probably have figured out, sqlninja does not look for SQL injection vulnerabilities. Again, there are already several tools that perform that task already, like WebScarab.
For the latest release and a flash demo (very recommended to get a general idea of the tool), check out the address http://sqlninja.sourceforge.net.
Read this manual carefully (yes, I mean all of it), as it will explain you what it is all about and how to make your way through all sqlninja options. Yes, I know that it’s terribly long and boring, but since sqlninja has a plethora of options to play with (and no shiny red buttons), try to read the whole thing: it will help you to get the most of the tool and will save you a lot of time later.
下面说说在Ubuntu 9.04上安装过程:
这个软件是用Perl写的,所以出去Perl是必须的外,还需要:
NetPacket
Net-Pcap
Net-DNS
Net-RawIP
IO-Socket-SSL
所以在使用前先要把这些东西装上去,
按照上面的对应关系,
1. 下载NetPacket
wget http://www.cpan.org/modules/by-module/NetPacket/NetPacket-0.04.tar.gz
tar zxvf NetPacket-0.04.tar.gz
解压缩后放到/usr/lib/perl5 目录下
cp -r NetPacket-0.04 /usr/lib/perl5/
2. 安装Pcap
首先要确认已经安装gcc(这个基本上都装了)
没有安装的请:sudo apt-get install gcc
然后安装Flex m4 和bison
sudo apt-get install flex m4 bison
选择Y,进行安装
下载libpcap包
wget ftp://ftp.mimuw.edu.pl/mirror/ftp.openwall.com/pub/projects/scanlogd/lib/libpcap-0.9.8.tar.gz
tar zxvf libpcap-0.9.8.tar.gz
cd libpcap-0.9.8
./configure
make
sudo make install(普通用户没有权限)
这个时候安装好了libpcap
3. 安装libnet-rawip
sudo apt-get install libnet-rawip-perl
4. 安装libnet-dns-perl
sudo apt-get install libnet-rawip-perl
5. 安装IO-Socket-SSL
sudo apt-get install libio-socket-ssl-perl
等这些附加的支持工具装好后,就可以下载软件了
wget http://downloads.sourceforge.net/sqlninja/sqlninja-0.2.3-r1.tgz
解压后就可以正常使用了。
