Friday, 21 January 2011

SQL Data Thief

Here Its “SQL Data Thief” uses techniques Manipulating MS SQL Server using SQL injection, to retrieve information from databases of web applications vulnerable to SQL injection which use SQL Server as a backend database server and doesn’t filter well outbound connections.

Data Thief will extract tha data from tha databases of tha vulnerable web application & also it will display tha data after sending tha data to a SQL Server that you control..Here We Go..

Before using this tool you Guys Find tha Vulnerability in tha web application Or Any Site, And that is Tha Gate entry point to exploit SQL injection,hmmm hum,
Then,Try Using Havij SQL INJECTION TOOL,tat we Discussed Last Week Topic, ACUNETIX is also  Good To Scan Vulnerability..!!

Lemme Assume That U r Visiting something random Today..:)

“http://hackersbay.in/test.asp?search=random” And is vulnerable, than try to find an entry point in tha query string of tha vulnerable url to insert SQL like http://hackersbay.in/test.asp?search=random"’; select 1-- , after that you can start using Data Thief
.
After finding an entry point to exploit SQL injection in tha web application, tha only thing you have to do is to replace in tha SQL injection entry point in tha url query string or in tha Post Data if tha data is submited by HTTP POST method with <***>.
ie: http://hackersbay.in/test.asp?search=random’; <***>



1)
SQL Server : server name of a SQL Server that you control.
Login: login of a SQL Server that you control.
Pwd: login password of a SQL Server that you control.
Port: listening port of a SQL Server that you control.
Max. Rows: maximum number of rows returned in queries from tha victim.




2)
Url: complete url vulnerable to SQL injection.
Method: HTTP method used to submit tha data.
Post Data: data to be send when selected POST method.
Go: submit tha data and retrieve initial SQL Server information (linked servers, databases, version, user, etc.).

After clicking tha Go button tha main window will display :


1)
Linked Servers: displays tha linked servers in tha victim SQL Server.
Databases: displays tha databases in tha victim SQL Server.
2)
Results: displays version, login name, user name, etc. of tha victim SQL Server.


Once databases are displayed In tha Tool you can chose a database and click List Tables button to display tha database tables,And Guys you can set to tha option List system tables to display or not Show tha Fuckin sytem tables.

After displaying tha tables you can chose a table and click List Fields button to display tha table fields.
Than you can select tha fields to build a query that will be submited when clicking Run Query button, tha query will return as much rows you set in tha Max. Rows option.











1)
Tables: displays tha tables in tha selected database after clicking List Tables button.
Fields: displays tha fields in tha selected table after clicking List Fields buton. Tha fields names must b selected to build a query.

2)
Query: displays tha query build with tha selected fields.
Run Query: submits tha query.

3)
Results: displays tha result of tha query after clicking Run Query button. You can cut and paste tha results to import tham in MS Access, SQL Server, etc.

Data Thief also displays in a window tha HTML source code of every response of tha vulnerable Web application after submitions. You can look at tha HTML source code for error messages if Data Thief doesn’t work.




Tips:

-Look in tha HTML window for web application error messages when Data Thief doesn’t work, ie: if firewall is blocking outbound connections you will get : [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied. error message or a similar one.
-Change SQL Server port number to common outbound open ports at firewalls: 80, 53, 25, etc. if you think 1433 could be blocked.
-Decrease Max. Rows value if you or tha victim server have an slow connection.
-Edit Data Thief source code to fit your needs (or let me know so i can add tham)

Niggas You Kno Wat, Most Hackers Use tis retrieve tha Information, Like Emails ids, Passes, Credit Carders, And More Sensitive Information, And Posting it For Public Bulletin Boards, So If Some1 Posting Stuffs In Boards of Forums, Doesn’t Mean They Hacked Or Root Level Access Escalation, May Be Found Tha Vulnerabilty And they WILL Fetch tha Sensite Information From tha Security LoopHole In the Particular Website..!


TODO


  1. -Encode urls, post data to avoid detection.
  2. -Display more information.
  3. -Add to execute exploits to elevate privileges in tha victim SQL Server depending on version.
  4. -Execute OS commands on tha victim server and displays results.
  5. -Option to save query results.
  6. -Many things.


Offcial Website : http://datathief.org/ there is no more Information Or Tutorials u cant find there But only tha Tool..!!



LikeD it..!!! Drop yo Comments...Seee You :))

No comments:

Post a Comment