[WEB SECURITY] Database tools required

Liu Yu yu.liu at nosec.org
Wed May 12 11:29:45 EDT 2010


I think you are talking about Penetrate Testing Tools.

Matt Parsons Suggest SQL Map.
And there are another tool--Pangolin. You can take a try.


BEST REGARDS TO YOU AND YOUR FAMILY

Liu Yu
MSN:zwell at yeah.net <MSN%3Azwell at yeah.net>
Tel: +86 755 8251 9327
NOSEC Technologies Co., Ltd

NOTICE: This communication is intended ONLY for the use of the person or
entity named above and may contain information that is confidential or
legally privileged. If you are not the intended recipient named above or a
person responsible for delivering messages or communications to the intended
recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of
this communication or any of the information contained in it is strictly
prohibited. If you have received this communication in error, please notify
us immediately by telephone and then destroy or delete this communication,
or return it to us by mail if requested by us.




On 12 May 2010 03:38, Will Vandevanter <Will_Vandevanter at rapid7.com> wrote:

>  Check out the following auxiliaries in metasploit:
>
> admin/oracle/oracle_login
> admin/oracle/oracle_sql
> scanner/mssql/mssql_login
> admin/mssql/mssql_sql
> scanner/mysql/mysql_login
> admin/mysql/mysql_sql
> scanner/db2/db2_auth
>
> -Will
>
>  ------------------------------
> *From:* Jorge Correa [jacorream at gmail.com]
> *Sent:* Tuesday, May 11, 2010 3:15 PM
> *To:* Will Vandevanter
> *Cc:* p0wnsauc3 at gmail.com; Parmendra Sharma; websecurity at webappsec.org
>
> *Subject:* Re: [WEB SECURITY] Database tools required
>
>  Could you recommend us some of these Metasploit tools?
>
>
> Thank you,
> Jorge Correa
>
>
>
> On Tue, May 11, 2010 at 13:36, Will Vandevanter <
> Will_Vandevanter at rapid7.com> wrote:
>
>> Also, check out Metasploit which has some great modules for connecting to
>> specific DBs.
>>
>> ________________________________________
>> From: TAS [p0wnsauc3 at gmail.com]
>> Sent: Tuesday, May 11, 2010 1:59 PM
>> To: Parmendra Sharma; websecurity at webappsec.org
>> Subject: Re: [WEB SECURITY] Database tools required
>>
>> Hi,
>>
>> Though your are not very clear with your question, I assume, since you
>> have got the DB credentials, you want to connect to the database at the
>> backend directly. If that is so, every database has its client. Download and
>> install the client and connect to the backend.
>>
>> TAS!
>>
>> Sent from BlackBerry® - Vodafone
>>
>> ________________________________
>> From: Parmendra Sharma <s.parmendra at gmail.com>
>> Date: Tue, 11 May 2010 11:07:20 +0530
>> To: <websecurity at webappsec.org>
>> Subject: [WEB SECURITY] Database tools required
>>
>> Hi All,
>>
>> While performing a VA / PT exercise of an application i got the database
>> credentials. Kindly suggest any tool which connects me to the database
>> through the application.
>>
>> --
>> Thanks and Regards:
>>
>> Parmendra Sharma
>> Computer Security Analyst
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100512/d4038e72/attachment.html>


More information about the websecurity mailing list