Making SQLBrute module

From OWASP Live CD 2008

Contents 1 Get the Source for SQL Brute 2 Create the needed directories in fakeroot 3 Create and put the module's files into the fakeroot directory 4 Generate the .lzm module 5 Add the modules to the ISO build directory 6 Test the new module 7 Clean up and archive

Get the Source for SQL Brute

Go to the SQLBrute website and navigate to the download link. Its just a link to the python source for Linux. According to the source, its version 1.0. The .py file is all we need so download it to your temp directory under the working directory.

Create the needed directories in fakeroot

Eventually, we'll use dir2lzm to make the module, so lets get the directories created that we need:

 $ mkdir -p ./fakeroot/opt/owasp/
 $ mkdir -p ./fakeroot/usr/bin
 $ mkdir -p ./fakeroot/usr/share/aplications
 $ mkdir -p ./fakeroot/usr/share/pixmaps

Create and put the module's files into the fakeroot directory

Since we are getting Python code which is interpreted, lets get the application file where it needs to go.

  $ chmod 775 temp/sqlbrute.py
 $ mkdir fakeroot/opt/owasp/sqlbrute
 $ mv temp/sqlbrute.py fakeroot/opt/owasp/sqlbrute/

Next, well need a script to start SQLBrute in fakeroot/usr/bin. This one is very easy:

 $ vi fakeroot/usr/bin/sqlbrute
   [create script]
 $ cat fakeroot/usr/bin/sqlbrute
#!/bin/bash

cd /opt/owasp/sqlbrute
./sqlbrute.py "$@"

 $ chmod 775 fakeroot/usr/bin/sqlbrute

Because SQLBrute is a command line tool, we're going to create two startup scripts to be used by the menu item:

 $ vi fakeroot/usr/bin/startup-sqlbrute
   [create script]
 # cat fakeroot/usr/bin/startup-sqlbrute 
#/bin/sh

echo "      ___  _____  __    ____  ____  __  __  ____  ____  "
echo "     / __)(  _  )(  )  (  _ \(  _ \(  )(  )(_  _)( ___) "
echo "     \__ \ )(_)(  )(__  ) _ < )   / )(__)(   )(   )__)  "
echo "     (___/(___/\\(____)(____/(_)\_)(______) (__) (____) "
echo " "
echo "                         v.1.0 "
echo " "
echo "  Usage: sqlbrute options url "
echo "  [--help|-h]                    - this help "
echo "  [--verbose|-v]                 - verbose mode "
echo "  [--server|-d oracle|sqlserver] - type of database server (default MS SQL Server) "
echo "  [--error|-e regex]             - regex to recognize error page (error testing only) "
echo "  [--threads|-s number]          - number of threads (default 5) "
echo "  [--cookie|-k string]           - cookies needed "
echo "  [--time|-n]                    - force time delay (waitfor) testing "
echo "  [--data|-p string]             - POST data "
echo "  [--database|-f database]       - database to enumerate data from (SQL Server) "
echo "  [--table|-t table]             - table to extract data from "
echo "  [--column|-c column]           - column to extract data from "
echo "  [--where|-w column=data]       - restrict data returned to rows where column \"column\" matches \"data\" "
echo "  [--header|-x header::val]      - header to add to the request (i.e. Referer::http://foobar/blah.asp) "
echo "  [--output|-o file]             - file to send output to "
echo " "
echo " e.g. sqlbrute --data \"searchtype=state&state=1'\" --error \"NO RESULTS\" --database webapp "
echo "       --table customer --column custnum --where password=password http://myapp/locator.asp "
echo " "

 $ chmod 775 fakeroot/usr/bin/startup-SQLBrute

Creating SQLBrute's menu file is rather simple. Use a text editor and create the file sqlbrute.desktop

 $ vi fakeroot/usr/share/applications/sqlbrute.desktop
   [create the file]
 $ cat fakeroot/usr/share/applications/sqlbrute.desktop 
[Desktop Entry]
Encoding=UTF-8
Exec=startup-sqlbrute; bash
Icon=/usr/share/pixmaps/sqlbrute-icon.png
Type=Application
Categories=Application;Network;
Name=Blind SQL Injection Tool
Terminal=1
TerminalOptions=-T "SQLBrute - multi threaded blind SQL injection bruteforcer"
GenericName=SQLBrute
MimeType=
X-KDE-StartupNotify=true

The icon was a bit interesting. I decided to use Google Images to search for "blind" then applied some Gimp-foo. I then moved that into fakeroot.

 cp ./temp/sqlbrute-icon.png ./fakeroot/usr/share/pixmaps/

Everything is in place to create the modules, a quick final check:

find fakeroot
fakeroot/
fakeroot/opt
fakeroot/opt/owasp
fakeroot/opt/owasp/sqlbrute
 ...

Generate the .lzm module

This is the easy part.

 $ ./dir2lzm ./fakeroot sqlbrute-1.0.lzm

Add the modules to the ISO build directory

Also cake

 $ cp -i sqlbrute-1.0.lzm ../contents/slax/base/
 $ chmod 775 ../contents/slax/base/sqlbrute-1.0.lzm

Test the new module

I like scp'ing the new modules into a running Live CD and using the Module Manager to Add modules to a running system. I typically have the Live CD running in a VM while I create modules so its already up and ready.

You can also gen a new ISO and run it in a VM of your choice.

 $ cd ../contents/slax/
$  ./make_iso.sh /home/mtesauro/isos/new-owasp.iso

If anything doesn't work as expected, make the changes needed to ./fakeroot and try again.

Clean up and archive

Once you've got a working module, lets clean up a bit.

 $ $ mkdir ./completed_modules/sqlbrute
 $ mv sqlbrute-1.0.lzm ./completed_modules/sqlbrute/
 $ mv temp/sqlbrute.py ./completed_modules/sqlbrute/
 $ rm -rf ./temp/*

I usually delete anything under ./fakeroot also.

 $ rm -rf ./fakeroot/*