> Direct and reverse bindshell, both TCP and UDP To find a port that is allowed by the firewall of the target network > TCP/UDP portscan from the target SQL Server to the attacking machine, in order > Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed). > Creation of a custom xp_cmdshell if the original one has been removed
> Bruteforce of ‘sa’ password (in 2 flavors: dictionary-based and incremental). > Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique. Mole is an automatic SQL Injection exploitation tool. The Mole: Automatic SQL Injection Exploitation Tool