Date: Wed, 17 Oct 2007 15:14:55 +0000 (UTC) From: valerio.daelli@gmail.com To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/117276: New port: security/sqlninja a Sql Server penetration testing tool -- revisited Message-ID: <20071017151456.3A92D13C4A6@mx1.freebsd.org> Resent-Message-ID: <200710171520.l9HFK0tM084924@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117276
>Category: ports
>Synopsis: New port: security/sqlninja a Sql Server penetration testing tool -- revisited
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 17 15:20:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Valerio Daelli
>Release: FreeBSD 6.2-RELEASE-p6 amd64
>Organization:
IFOM
>Environment:
System: FreeBSD sodio.ifom-ieo-campus.it 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #8: Tue Jul 24 17:16:37 CEST 2007 root@sodio.ifom-ieo-campus.it:/usr/obj/usr/src/sys/SODIO amd64
>Description:
SqlNinja is a tool to perform penetration testing on a Sql Server Database
>How-To-Repeat:
>Fix:
--- sqlninja.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# /root/sqlninja/
# /root/sqlninja/Makefile
# /root/sqlninja/distinfo
# /root/sqlninja/pkg-descr
# /root/sqlninja/pkg-plist
#
echo c - /root/sqlninja/
mkdir -p /root/sqlninja/ > /dev/null 2>&1
echo x - /root/sqlninja/Makefile
sed 's/^X//' >/root/sqlninja/Makefile << 'END-of-/root/sqlninja/Makefile'
X# New ports collection makefile for: sqlninja
X# Date created: 2007-10-17
X# Whom: Valerio Daelli <valerio.daelli@gmail.com>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sqlninja
XPORTVERSION= 0.2.1r1
XCATEGORIES= security
XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
XMASTER_SITE_SUBDIR= ${PORTNAME}
XDISTNAME= ${PORTNAME}-${PORTVERSION:S/r/-r/}
XEXTRACT_SUFX= .tgz
X
XMAINTAINER= valerio.daelli@gmail.com
XCOMMENT= Sql Server exploit toolkit
X
XRUN_DEPENDS= ${SITE_PERL}/Net/Pcap.pm:${PORTSDIR}/net/p5-Net-Pcap \
X ${SITE_PERL}/NetPacket/UDP.pm:${PORTSDIR}/net/p5-NetPacket \
X ${SITE_PERL}/Net/RawIP.pm:${PORTSDIR}/net/p5-Net-RawIP \
X ${SITE_PERL}/Net/DNS/Nameserver.pm:${PORTSDIR}/dns/p5-Net-DNS \
X ${SITE_PERL}/IO/Socket/SSL.pm:${PORTSDIR}/security/p5-IO-Socket-SSL
X
XUSE_PERL5= yes
X
Xdo-build:
X
Xdo-install:
X ${MKDIR} ${PREFIX}/etc/sqlninja
X ${MKDIR} ${PREFIX}/etc/sqlninja/scripts
X ${MKDIR} ${PREFIX}/etc/sqlninja/dnstun
X ${MKDIR} ${PREFIX}/share/doc/sqlninja
X. for i in sqlninja
X ${INSTALL_SCRIPT} ${WRKSRC}/${i} ${PREFIX}/bin
X. endfor
X. for i in dnstun.scr nc.scr
X ${INSTALL_SCRIPT} ${WRKSRC}/scripts/${i} ${PREFIX}/etc/sqlninja/scripts
X. endfor
X. for i in dnstun.c dnstun.exe
X ${INSTALL_SCRIPT} ${WRKSRC}/dnstun/${i} ${PREFIX}/etc/sqlninja/dnstun
X. endfor
X. for i in sqlninja-howto.html sqlninja.conf.example
X ${INSTALL_DATA} ${WRKSRC}/${i} ${PREFIX}/share/doc/sqlninja
X. endfor
X
X.include <bsd.port.mk>
END-of-/root/sqlninja/Makefile
echo x - /root/sqlninja/distinfo
sed 's/^X//' >/root/sqlninja/distinfo << 'END-of-/root/sqlninja/distinfo'
XSIZE (sqlninja-0.2.1-r1.tgz) = 118928
XMD5 (sqlninja-0.2.1-r1.tgz) = 4548b90a695eb0707fa38d6f3400cd29
XSHA256 (sqlninja-0.2.1-r1.tgz) = e1f2978750e3d86dc04e6d185157d4936156bc2761f67fb73ff822ccd721f704
END-of-/root/sqlninja/distinfo
echo x - /root/sqlninja/pkg-descr
sed 's/^X//' >/root/sqlninja/pkg-descr << 'END-of-/root/sqlninja/pkg-descr'
XSqlninja is a tool targeted to exploit SQL Injection
Xvulnerabilities on a web application
Xthat uses Microsoft SQL Server as its back-end.
X
XIts main goal is to provide a remote shell on the
Xvulnerable DB server, even in a very
Xhostile environment. It should be used by
Xpenetration testers to help and automate the
Xprocess of taking over a DB Server when
Xa SQL Injection vulnerability has been discovered.
X
XWWW: http://sqlninja.sourceforge.net/
END-of-/root/sqlninja/pkg-descr
echo x - /root/sqlninja/pkg-plist
sed 's/^X//' >/root/sqlninja/pkg-plist << 'END-of-/root/sqlninja/pkg-plist'
Xbin/sqlninja
Xetc/sqlninja/scripts/dnstun.scr
Xetc/sqlninja/scripts/nc.scr
Xetc/sqlninja/dnstun/dnstun.c
Xetc/sqlninja/dnstun/dnstun.exe
Xshare/doc/sqlninja/sqlninja-howto.html
Xshare/doc/sqlninja/sqlninja.conf.example
X@dirrm etc/sqlninja/scripts
X@dirrm etc/sqlninja/dnstun
X@dirrm etc/sqlninja
X@dirrm share/doc/sqlninja
END-of-/root/sqlninja/pkg-plist
exit
--- sqlninja.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071017151456.3A92D13C4A6>