diff options
-rw-r--r-- | network/sqlninja/README | 13 | ||||
-rw-r--r-- | network/sqlninja/doinst.sh | 21 | ||||
-rw-r--r-- | network/sqlninja/slack-desc | 19 | ||||
-rw-r--r-- | network/sqlninja/sqlninja.SlackBuild | 86 | ||||
-rw-r--r-- | network/sqlninja/sqlninja.info | 10 | ||||
-rw-r--r-- | network/sqlninja/sqlninja.patch | 26 |
6 files changed, 175 insertions, 0 deletions
diff --git a/network/sqlninja/README b/network/sqlninja/README new file mode 100644 index 000000000000..d7e1edb17607 --- /dev/null +++ b/network/sqlninja/README @@ -0,0 +1,13 @@ +Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web +application that uses Microsoft SQL Server as its back-end. Its main goal is +to provide a remote access on the vulnerable DB server, even in a very hostile +environment. It should be used by penetration testers to help automate the +process of taking over a DB Server when a SQL Injection vulnerability has been +discovered. + +This version includes Raul Siles' patch for better Metasploit Framework +integration which adds two new timers ($client_delay (30 secs) and +$server_delay (5 secs)). + +This requires perl-Net-DNS, perl-Net-Pcap, perl-IO-Socket-SSL, Net-SSLeay, +perl-NetPacket, and perl-Net-RawIP. diff --git a/network/sqlninja/doinst.sh b/network/sqlninja/doinst.sh new file mode 100644 index 000000000000..ba84419d5d92 --- /dev/null +++ b/network/sqlninja/doinst.sh @@ -0,0 +1,21 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on sqlninja.conf: +if [ -e etc/sqlninja.conf ]; then + cp -a etc/sqlninja.conf etc/sqlninja.conf.new.incoming + cat etc/sqlninja.conf.new > etc/sqlninja.conf.new.incoming + mv etc/sqlninja.conf.new.incoming etc/sqlninja.conf.new +fi + +config etc/sqlninja.conf.new + diff --git a/network/sqlninja/slack-desc b/network/sqlninja/slack-desc new file mode 100644 index 000000000000..80f2743e4830 --- /dev/null +++ b/network/sqlninja/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +sqlninja: sqlninja (a SQL Server injection & takeover tool) +sqlninja: +sqlninja: Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities +sqlninja: on a web application that uses Microsoft SQL Server as its back-end. +sqlninja: Its main goal is to provide a remote access on the vulnerable DB +sqlninja: server, even in a very hostile environment. It should be used by +sqlninja: penetration testers to help and automate the process of taking over a +sqlninja: DB Server when a SQL Injection vulnerability has been discovered. +sqlninja: +sqlninja: This version includes Raul Siles' patch for better Metasploit +sqlninja: Framework integration. diff --git a/network/sqlninja/sqlninja.SlackBuild b/network/sqlninja/sqlninja.SlackBuild new file mode 100644 index 000000000000..a82062808303 --- /dev/null +++ b/network/sqlninja/sqlninja.SlackBuild @@ -0,0 +1,86 @@ +#!/bin/sh + +# Slackware build script for sqlninja + +# Copyright 2009-2010 Marco Bonetti <sid77@slackware.it> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=sqlninja +SRCVERSION=0.2.3-r1 +VERSION=${SRCVERSION}p +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +DOCS="LICENSE README dnstun/ sqlninja-howto.html" + +if [ "$ARCH" = "i486" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + LIBDIRSUFFIX="64" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM +tar xvf $CWD/$PRGNAM-$SRCVERSION.tgz +cd $PRGNAM-$SRCVERSION +chown -R root:root . + +# Add Raul Siles' patch for better Metasploit integration +patch sqlninja -i $CWD/sqlninja.patch + +# Fix paths +sed -i -e "s:sqlninja.conf:/etc/sqlninja.conf:g" sqlninja.conf +sed -i -e "s:$uplfile = \"scripts/nc.scr\";:$uplfile = \"/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/nc.scr\";:g" sqlninja +sed -i -e "s:$uplfile = \"scripts/dnstun.scr\";:$uplfile = \"/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/dnstun.scr\";:g" sqlninja +sed -i -e "s:./makescr.pl:/usr/bin/makescr.pl:g" sqlninja + +# Install the program +install -d \ + $PKG/etc/ \ + $PKG/usr/bin/ \ + $PKG/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ +install -m 0644 sqlninja.conf $PKG/etc/sqlninja.conf.new +install -m 0644 scripts/* $PKG/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ +install -m 0755 sqlninja $PKG/usr/bin/ +install -m 0755 makescr.pl $PKG/usr/bin/ + +# Copy over important docs and scripts +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION/ +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/sqlninja/sqlninja.info b/network/sqlninja/sqlninja.info new file mode 100644 index 000000000000..b220043cede2 --- /dev/null +++ b/network/sqlninja/sqlninja.info @@ -0,0 +1,10 @@ +PRGNAM="sqlninja" +VERSION="0.2.3-r1p" +HOMEPAGE="http://sqlninja.sourceforge.net/" +DOWNLOAD="http://downloads.sourceforge.net/sqlninja/sqlninja-0.2.3-r1.tgz" +MD5SUM="7989a055785d9ede1c8fa331235f57bc" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Marco Bonetti" +EMAIL="sid77@slackware.it" +APPROVED="rworkman" diff --git a/network/sqlninja/sqlninja.patch b/network/sqlninja/sqlninja.patch new file mode 100644 index 000000000000..24b726a73bc9 --- /dev/null +++ b/network/sqlninja/sqlninja.patch @@ -0,0 +1,26 @@ +35c35 +< my $RELEASE = "0.2.3-r1"; +--- +> my $RELEASE = "0.2.3-r1p"; +70a71,73 +> # Sqlninja & Metasploit integration timeouts (Raul Siles) +> my $client_delay = 30; +> my $server_delay = 5; +3302,3304c3305,3313 +< $delaycli = 5; +< } else { +< $delaydb = 5; +--- +> # Metasploit remote payload must start prior to local msfcli handler +> # bind_tcp: local msfi handler connects to remote payload +> $delaycli = $client_delay; +> $delaydb = $server_delay; +> } else { +> # Metasploit local msfcli handler must start prior to remote payload +> # reverse_tcp: remote payload connects to local msfi handler +> $delaycli = $server_delay; +> $delaydb = $client_delay; +3313a3323,3325 +> if ($verbose == 1) { +> print "[v] Executing remote payload on target: ".$cmd."\n"; +> } |