http://labs.portcullis.co.uk Labs Portcullis updates. en Labs portcullis Tue, 22 Feb 2011 11:21:21 GMT http://backend.userland.com/rss 60 hhttp://labs.portcullis.co.uk/mg/logo.gif http://labs.portcullis.co.uk Wed, 29 Oct 2008 15:28:02 GMT http://labs.portcullis.co.uk/application/bsql-hacker/ <p>BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.</p> <p>BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).</p> <p>It allows metasploit alike exploit repository to share and update exploits.</p> <ul> <li><a rel="nofollow" href="http://www.vimeo.com/1536040?pg=embed&amp;sec=1536040">See a sample exploitation video.</a></li> <li><a href="http://code.google.com/p/bsqlhacker/issues/list">Bug Report</a></li> <li><a href="http://bsql.uservoice.com/">Feature Request</a><a href="http://code.google.com/p/bsqlhacker/issues/list"><br /> </a></li> </ul> <h2>Source Code Repository</h2> <ul> <li><a href="http://code.google.com/p/bsqlhacker/ ">Public SVN Server</a> <i>(including nightly builds development environment)</i></li> </ul> <h2>Download Installer</h2> <ul> <li><a href="/download/BSQLHackerSetup-0909.exe">BSQLHackerSetup-0909.exe<br /> </a></li> </ul> <h2>Key Features</h2> <ul> <li>Easy Mode <ul> <li>SQL Injection Wizard</li> <li>Automated Attack Support (database dump) <ul> <li>ORACLE</li> <li>MSSQL</li> <li>MySQL (experimental)</li> </ul> </li> </ul> </li> <li>General <ul> <li>Fast and Multithreaded</li> <li>4 Different SQL Injection Support <ul> <li>Blind SQL Injection</li> <li>Time Based Blind SQL Injection</li> <li>Deep Blind (based on advanced time delays) SQL Injection</li> <li>Error Based SQL Injection</li> </ul> </li> <li>Can automate most of the new SQL Injection methods those relies on Blind SQL Injection</li> <li>RegEx Signature support</li> <li>Console and GUI Support</li> <li>Load / Save Support</li> <li>Token / Nonce / ViewState etc. Support</li> <li>Session Sharing Support</li> <li>Advanced Configuration Support</li> <li>Automated Attack mode, Automatically extract all database schema and data mode</li> </ul> </li> </ul> <ul> <li>Update / Exploit Repository Features <ul> <li>Metasploit alike but exploit repository support</li> <li>Allows to save and share SQL Injection exploits</li> <li>Supports auto-update</li> <li>Custom GUI support for exploits (cookie input, URL input etc.)</li> </ul> </li> </ul> <ul> <li>GUI Features <ul> <li>Load and Save</li> <li>Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)</li> <li>Visually view true and false responses as well as full HTML response, including time and stats</li> </ul> </li> </ul> <ul> <li>Connection Related <ul> <li>Proxy Support (Authenticated Proxy Support)</li> <li>NTLM, Basic Auth Support, use default credentials of current user/application</li> <li>SSL (also invalid certificates) Support</li> <li>Custom Header Support</li> </ul> </li> </ul> <ul> <li>Injection Points (only one of them or combination) <ul> <li>Query String</li> <li>Post</li> <li>HTTP Headers</li> <li>Cookies</li> </ul> </li> </ul> <ul> <li>Other <ul> <li>Post Injection data can be stored in a separated file</li> <li>XML Output (not stable)</li> <li>CSRF protection support</li> </ul> </li> </ul> <p>one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.</p> <hr /> <p><strong>It's still beta and there are known issues :</strong></p> <ul> <li>Automated Attack for MySQL is experimental, might not work properly</li> </ul>