SQL INJECTOR V1.0.2

SqlInjector is an application to perform completely blind SQL injection. Currently it only supports MS
SQL Server. It uses time and true/false based inference to conditions to extract data. The key feature
is that it uses a binary search mechanism to reduce the character search address space; this means it
can get each character value within 7 to 8 requests.

Features
Binary search for faster character identification
Completely blind injection using time based inference
True/False inference
Supports MS SQL Server
Extracts database name
Extracts current user
Extracts server version
Extracts table names
Extracts column names
Extracts column data types
Extracts column lengths
Configurable space encoding
Configurable wait timing
Tree view display of enumerated data
Resume support
Save/Loading of project files
Proxy support
Authentication support (Basic, Negotiate, Digest, NTLM, X509)

Download

Read More

BSQL HACKER

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits. 


Key Features

Easy Mode
SQL Injection Wizard
Automated Attack Support (database dump)
ORACLE
MSSQL
MySQL (experimental) 
General
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection 
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode 

Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Supports auto-update
Custom GUI support for exploits (cookie input, URL input etc.) 

GUI Features
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats 

Connection Related
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support 

Injection Points (only one of them or combination)
Query String
Post
HTTP Headers
Cookies 

Other
Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.) 


BSQL Hacker Manual.pdf 1.1 MB


Download

Read More

SQL Power Injector v1.2

Introduction

SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.

For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.

If the aspect of inline SQL injection is powerful in itself, its main strength dwells in the multithreaded automation of the injection. Not only there is a possibility to automate tedious and time consuming queries but you can also modify the query to get only what you want. It is obviously more useful in the blind SQL injection since the other ways to exploit the SQL injection vulnerability is more effusive and much faster when the results are displayed on the web page (union select in a HTML table and generated 500 error for instance).

The automation can be realized in two ways: comparing the expected result or by time delay. The first way is generally compared against an error or difference between positive condition with a negative one and the second way will turn out positive if the time delay sent to the server equals to the one parameterized in the application.

The main effort done on this application was to make it as painless as possible to find and exploit a SQL injection vulnerability without using any browser. That is why you will notice that there is an integrated browser that will display the results of the injection parameterized in a way that any related standards SQL error will be displayed without the rest of the page. Of course, like many other features of this application, there are ways to parameterize the response of the server to make it as talkative to you as possible.



Features:
Supported on Windows, Unix and Linux operating systems
SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
SSL support
Load automatically the parameters from a form or a IFrame on a web page (GET or POST)
Detect and browse the framesets
Option that auto detects the language of the web site
Detect and add cookies used during the Load Page process (Set-Cookie detection)
Find automatically the submit page(s) with its method (GET or POST) displayed in a different color
Can create/modify/delete loaded string and cookies parameters directly in the Datagrids
Single SQL injection
Blind SQL injection
Comparison of true and false response of the page or results in the cookie
Time delay
Response of the SQL injection in a customized browser
Can view the HTML code source of the returned page in HTML contextual colors and search in it
Fine tuning parameters and cookies injection
Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
Create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed

Multithreading (configurable up to 50)
Option to replace space by empty comments /**/ against IDS or filter detection
Automatically encode special characters before sending them
Automatically detect predefined SQL errors in the response page
Automatically detect a predefined word or sentence in the response page
Real time result
Save and load sessions in a XML file
Feature that automatically finds the differences between the response page of a positive answer with a negative one
Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
Automatic replaying a variable range with a predefined list from a text file
Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context (parameters and cookies)
Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
Can edit the Referer
Can choose a User-Agent (or even create one in the User-Agent XML file)
Can configure the application with the settings window
Support configurable proxies


Click here to download the tutorial


Download Version 1.2

Installation file MSI

Source code in C# and .Net 1.1

Same document as the one of the tutorial and Databases "Aide Memoire" Help file (chm)

Plugin Firefox (XPI Plugin Installation file)

Read More