aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/sqlninja/README13
-rw-r--r--network/sqlninja/doinst.sh21
-rw-r--r--network/sqlninja/slack-desc19
-rw-r--r--network/sqlninja/sqlninja.SlackBuild86
-rw-r--r--network/sqlninja/sqlninja.info10
-rw-r--r--network/sqlninja/sqlninja.patch26
6 files changed, 175 insertions, 0 deletions
diff --git a/network/sqlninja/README b/network/sqlninja/README
new file mode 100644
index 000000000000..d7e1edb17607
--- /dev/null
+++ b/network/sqlninja/README
@@ -0,0 +1,13 @@
+Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web
+application that uses Microsoft SQL Server as its back-end. Its main goal is
+to provide a remote access on the vulnerable DB server, even in a very hostile
+environment. It should be used by penetration testers to help automate the
+process of taking over a DB Server when a SQL Injection vulnerability has been
+discovered.
+
+This version includes Raul Siles' patch for better Metasploit Framework
+integration which adds two new timers ($client_delay (30 secs) and
+$server_delay (5 secs)).
+
+This requires perl-Net-DNS, perl-Net-Pcap, perl-IO-Socket-SSL, Net-SSLeay,
+perl-NetPacket, and perl-Net-RawIP.
diff --git a/network/sqlninja/doinst.sh b/network/sqlninja/doinst.sh
new file mode 100644
index 000000000000..ba84419d5d92
--- /dev/null
+++ b/network/sqlninja/doinst.sh
@@ -0,0 +1,21 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Keep same perms on sqlninja.conf:
+if [ -e etc/sqlninja.conf ]; then
+ cp -a etc/sqlninja.conf etc/sqlninja.conf.new.incoming
+ cat etc/sqlninja.conf.new > etc/sqlninja.conf.new.incoming
+ mv etc/sqlninja.conf.new.incoming etc/sqlninja.conf.new
+fi
+
+config etc/sqlninja.conf.new
+
diff --git a/network/sqlninja/slack-desc b/network/sqlninja/slack-desc
new file mode 100644
index 000000000000..80f2743e4830
--- /dev/null
+++ b/network/sqlninja/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+sqlninja: sqlninja (a SQL Server injection & takeover tool)
+sqlninja:
+sqlninja: Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities
+sqlninja: on a web application that uses Microsoft SQL Server as its back-end.
+sqlninja: Its main goal is to provide a remote access on the vulnerable DB
+sqlninja: server, even in a very hostile environment. It should be used by
+sqlninja: penetration testers to help and automate the process of taking over a
+sqlninja: DB Server when a SQL Injection vulnerability has been discovered.
+sqlninja:
+sqlninja: This version includes Raul Siles' patch for better Metasploit
+sqlninja: Framework integration.
diff --git a/network/sqlninja/sqlninja.SlackBuild b/network/sqlninja/sqlninja.SlackBuild
new file mode 100644
index 000000000000..a82062808303
--- /dev/null
+++ b/network/sqlninja/sqlninja.SlackBuild
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+# Slackware build script for sqlninja
+
+# Copyright 2009-2010 Marco Bonetti <sid77@slackware.it>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=sqlninja
+SRCVERSION=0.2.3-r1
+VERSION=${SRCVERSION}p
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+DOCS="LICENSE README dnstun/ sqlninja-howto.html"
+
+if [ "$ARCH" = "i486" ]; then
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ LIBDIRSUFFIX="64"
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM
+tar xvf $CWD/$PRGNAM-$SRCVERSION.tgz
+cd $PRGNAM-$SRCVERSION
+chown -R root:root .
+
+# Add Raul Siles' patch for better Metasploit integration
+patch sqlninja -i $CWD/sqlninja.patch
+
+# Fix paths
+sed -i -e "s:sqlninja.conf:/etc/sqlninja.conf:g" sqlninja.conf
+sed -i -e "s:$uplfile = \"scripts/nc.scr\";:$uplfile = \"/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/nc.scr\";:g" sqlninja
+sed -i -e "s:$uplfile = \"scripts/dnstun.scr\";:$uplfile = \"/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/dnstun.scr\";:g" sqlninja
+sed -i -e "s:./makescr.pl:/usr/bin/makescr.pl:g" sqlninja
+
+# Install the program
+install -d \
+ $PKG/etc/ \
+ $PKG/usr/bin/ \
+ $PKG/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/
+install -m 0644 sqlninja.conf $PKG/etc/sqlninja.conf.new
+install -m 0644 scripts/* $PKG/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/
+install -m 0755 sqlninja $PKG/usr/bin/
+install -m 0755 makescr.pl $PKG/usr/bin/
+
+# Copy over important docs and scripts
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION/
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/sqlninja/sqlninja.info b/network/sqlninja/sqlninja.info
new file mode 100644
index 000000000000..b220043cede2
--- /dev/null
+++ b/network/sqlninja/sqlninja.info
@@ -0,0 +1,10 @@
+PRGNAM="sqlninja"
+VERSION="0.2.3-r1p"
+HOMEPAGE="http://sqlninja.sourceforge.net/"
+DOWNLOAD="http://downloads.sourceforge.net/sqlninja/sqlninja-0.2.3-r1.tgz"
+MD5SUM="7989a055785d9ede1c8fa331235f57bc"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Marco Bonetti"
+EMAIL="sid77@slackware.it"
+APPROVED="rworkman"
diff --git a/network/sqlninja/sqlninja.patch b/network/sqlninja/sqlninja.patch
new file mode 100644
index 000000000000..24b726a73bc9
--- /dev/null
+++ b/network/sqlninja/sqlninja.patch
@@ -0,0 +1,26 @@
+35c35
+< my $RELEASE = "0.2.3-r1";
+---
+> my $RELEASE = "0.2.3-r1p";
+70a71,73
+> # Sqlninja & Metasploit integration timeouts (Raul Siles)
+> my $client_delay = 30;
+> my $server_delay = 5;
+3302,3304c3305,3313
+< $delaycli = 5;
+< } else {
+< $delaydb = 5;
+---
+> # Metasploit remote payload must start prior to local msfcli handler
+> # bind_tcp: local msfi handler connects to remote payload
+> $delaycli = $client_delay;
+> $delaydb = $server_delay;
+> } else {
+> # Metasploit local msfcli handler must start prior to remote payload
+> # reverse_tcp: remote payload connects to local msfi handler
+> $delaycli = $server_delay;
+> $delaydb = $client_delay;
+3313a3323,3325
+> if ($verbose == 1) {
+> print "[v] Executing remote payload on target: ".$cmd."\n";
+> }