Форум АНТИЧАТ - MultiInjector - Automated Stealth SQL Injection Tool

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)

- Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)

- - MultiInjector - Automated Stealth SQL Injection Tool (https://forum.antichat.xyz/showthread.php?t=90570)

MultiInjector - Automated Stealth SQL Injection Tool

MultiInjector - Automated Stealth SQL Injection Tool

Цитата:

MultiInjector claims to the first configurable automatic website defacement software

Features

* Receives a list of URLs as input
* Recognizes the parameterized URLs from the list
* Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
* Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
* OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
* Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks
* Optional use of an HTTP proxy to mask the origin of the attacks

The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.

Requirements

* Python >= 2.4
* Pycurl (compatible with the above version of Python)
* Psyco (compatible with the above version of Python)

Код:

http://www.darknet.org.uk/2008/11/mu...njection-tool/

Released MultiInjector v0.3

Released MultiInjector v0.3

CHANGELOG

Цитата:

- Added 4 more menu options. Now supports the following list of actions:

1) Automatic defacement:
Try to concatenate a string to all user-defined text fields in DB

2) Run OS shell command on DB server:
Run any OS command as if you're running a command console on the DB machine

3) Run SQL query on DB server:
Execute SQL commands of your choice

4) Enable OS shell procedure on DB:
Revive the good old XP_CMDSHELL where it was turned off
(default mode in MSSQL-2005)

5) Add administrative user to DB server with password: T0pSeKret
Automagically join the Administrators family on DB machine

6) Enable remote desktop on DB server:
Turn remote terminal services back on...

- Fixed nvarchar cast to varchar. Verified against MS-SQL 2000
- Added numeric / string parameter type detection
- Improved defacement content handling by escaping quotation marks
- Improved support for Linux systems
- Fixed the "invalid number of concurrent connections" failure due to non-parameterized URLs

Download

MORE FOR script kiddies :D