1================== 2sqlninja changelog 3================== 4Verion 0.2.6 5+ Added ICMP shell 6 7+ Added support for CVE-2010-0232 (KiTrap0d) 8 9+ Added header-based injection 10 11+ Removed conf file autogen (unsuited to new way to configure injection) 12 13+ Bug fixes 14 15Version 0.2.5 16+ Added HTTP proxy support 17 18+ Upload mode supports multiple script lines per request 19 20+ Upload mode supports files larger than 64k 21 22+ SSL is enabled by default for 443, disabled for 80 23 24+ SSL is now disabled by default (unless port is 80 of course) 25 26+ Added switch for HTTP/1.0 and HTTP/1.1 27 28+ Support for token kidnapping via churrasco.exe 29 30+ Incorporated makescr.pl into the main program 31 32+ DEP checking/disabling is now optional 33 34+ Added support for msfencode 35 36+ Added fingerprint of user running SQL Server 37 38Version 0.2.3-r1 39+ Added unobfuscated SQL in debug output 40 41+ Fixed a bug in the Metasploit module 42 43+ Fixed a few minor bugs 44 45Version 0.2.3 46+ Added metasploit module 47 48+ Added makescr.pl 49 50+ Dirshell module now allows to specify an alternate host 51 52Version 0.2.2 53+ Added evasion techniques 54 55+ Added single command mode 56 57+ Added diagnostics to upload mode 58 59+ Upload mode handles scripts generated by (hopefully) all tools 60 61+ Automatic URL-encoding now performed only on the injected query 62 63+ Minor optimizations and fixes 64 65Version 0.2.1 66+ Added fingerprint of authentication mode 67 68Version: 0.2.0 69+ Added incremental bruteforce mode 70 71+ Escalation is automatically performed at the end of the bruteforce 72 73+ In escalation mode, '-u' is not needed anymore 74 75+ Documentation now in HTML format (and WYSIWYG editors really suck) 76 77+ A few minor fixes 78 79Version: 0.1.3 80+ Optimized bruteforce mode 81 82+ Exploit strings now accepts spaces 83 84+ Comment ("--") is appended at user's discretion 85 86+ Default domain name set to 250, to cope with crappy DNS servers that do not follow the RFCs 87 88+ Doubled the 'check sa' queries to avoid false positives 89 90+ Minor bugfixes 91 92Version: 0.1.2 93+ Added test mode 94 95+ Added debug option 96 97+ Upload to directory %TEMP% 98 99+ Added interactive generation of conf file 100 101+ Simplified parameters: now same params for GET and POST 102 103+ Sqlninja automatically appends '--' at the end of the query 104 105+ Use of equal signs minimized (sometimes they get filtered...) 106 107+ Print warning message when error detected in the response 108 109+ Minor bugfixes 110 111Version: 0.1.1 112 113+ Added fingerprint mode 114 115+ Added bruteforce mode 116 117+ Added escalation mode 118 119+ Added resurrectxp mode 120 121+ Changed command syntax 122 123+ Fixed post request syntax 124 125+ Added URL-Encoding 126 127+ DNS Server bind on 0.0.0.0 128 129- Removed ssql mode 130 131+ A whole bunch of other minor fixes 132 133Version: 0.1.0alpha 134 135+ Added dnstunnel mode (a good reason for the huge versioning leap) 136 137+ ssql mode is now mode 6 138 139+ Number of lines to upload at each request has been fixed to 40. This should 140be allright for most situations 141 142+ nc.scr compressed with upx (http://upx.sourceforge.net) 143 144+ Other fixes to upload function 145 146+ Fixes to the config file parsing function 147 148+ A few other minor changes 149 150Version: 0.0.3 151 152+ Used "\r\n" in HTTP requests instead of "\n", as IIS6 seems to be picky 153about it 154 155Version: 0.0.2 156 157+ Added birthday function 158 159+ Added friendly messages when missing modules 160 161+ No more "vhost" parameter. The virtual host header is simply included in the 162other headers, if needed 163 164+ Increased CheckSSL() socket timeout 165 166+ Added Net::RawIP module to use linkoffset function and make sqlninja usable 167on every datalink type (and NetPacket::Ethernet isn't needed anymore) 168 169+ Randomized UNIX socket name 170 171+ Added EUID checks 172 173+ Fixed a bug on the UDP reverse shell function 174 175+ Minor bugfixes 176