sqlninja လို့ေခါ္ပါတယ္ ဘယ္သူပဲျဖစ္ျဖစ္ sql attack နဲ့ လက္တဲ့စမ္းခ်င္သူေတြအတြက္ကေတာ့
ဒီဟာေလးဟာတည္ညိမ္ျပီးေကာင္းမြန္တဲ့ tool ေလးပါ beginners up to advanced level အထိကိုယ္ကိုယ္ကုိုျမင္တင္ခ်င္ရင္ေတာ့ ဒီဟာေလးကေတာ္ေတာ္ေကာင္းပါတယ္ တစ္ကယ္ဟက္ကာအစစ္
ေတြလည္းေဆာင္ထားသင့္ပါတယ္ဒီဟာေလးကိုေရးသားတဲ့ပိုင္ရွင္ကေတာ့ ေလ့လာသင္ယူသူေတြအတြက္Sql Injection ေကာင္းေကာင္းေလးေတြကို ပိုးတိုးျပီးေတာ့လုပ္ေဆာင္နိုင္ေအာင္ပါ
DB server via remote လုပ္နိုင္ေအာင္target ထားတဲ့ဟာပါ အျပင္းစား shell ေတြသံုးနိုင္ေအာင္တည္ညိမ္ပါတယ္Fingerprint from a remote SQL Server on the information in the form: version, users who perform queries, user privileges, xp_cmdshell availability or not, the DB Server authentication mode.Password bruteforce technique of 'sa'Privilege escalation (privilege Escalation) to 'sa'Create an xp_cmdshell if the original has been disabledexecutable file uploadReverse scan to look for ports that can be used for a reverse shellShell access directly or otherwise, both TCP and UDPDNS tunneled pseudoshell, when no ports are available for a bindshellMetasploit wrapping, when you want to use meterpreter or when they want to gain access to the GUI on the DB server.OS Privilege Escalation on the remote DB server using token kidnappingAll of the above can be done with the SQL code in order to trick the IDS / IPS on the target system.on sqlninja there are 12 types of attacks, you can use it with -m command <Attack mode>:
testfingerprintbruteforceEscalationresurrectxpuploadsdirshellbackscanrevshelldnstunnelmetasploitSQLCMDas in the screenshot below ..
please download such tools here: SQL Ninja
ဘယ္လိုလုပ္ေဆာင္သံုးရမလဲဆိုတဲ့ help ေလးပါပါတယ္ သင္ကဒီ software ကိုအျခားလူးတစ္ေယာက္ကိုshar လုပ္မယ္ဆိုရင္မေကာင္းတာလုပ္မဲ့သူကိုမေပးမိပါေစနဲ့လို့ေတာင္ဆိုပါတယ္can share, may be useful ....carefully :(
ေနေသာ္ေအာင္