sqlninja 0.1.1 released !

sqlninja is a SQL Injection exploitation tool for Microsoft SQL Server 2000 and 2005. Its goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
In a nutshell, here's what it does:
- fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability)
- bruteforce of the 'sa' password
- privilege escalation to 'sa'
- creation of a custom xp_cmdshell if the original one has been disabled
- upload of netcat or other executables using only 100% ascii HTTP requests
- reverse scan in order to look for a port that can be used for a reverse shell
- direct and reverse shell, both TCP and UDP
- DNS tunneled pseudoshell, when no ports are available for a bindshell
It is written in perl and runs on Unix. Enjoy !