sqlninja logo

...a SQL Server injection & takeover tool

Sqlninja demo page

While sqlninja can be extremely effective in your penetration tests, is not a trivial tool to setup and use. While this is a good thing to keep script kiddies at bay, it can be also a problem for security professionals that have to deal with short deadlines. Therefore, here are a couple of flash movies that should make things a little clearer for people that have never used this tool before.

Sqlninja basic demo

A demo of all basic features:

  • How to configure the tool
  • How to fingerprint the remote server
  • How to bruteforce the 'sa' password
  • How to upload executables and obtain a shell

GUI access demo

A demo of the integration of sqlninja and metasploit, showing how to start from a simple SQL Injection to finally obtain a full GUI access on the remote DB server. Yes, while the other demo should be watched first, this happens to be the coolest one.

Both demos will open a new window