Need to query Google for vulnerable SQL servers and extract MD5 hashes? The sqlscan.py Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix sqlscan.py by following the instructions here and here. Once you have sqlscan.py functioning without errors proceed to the example below.
Backtrack Linux is full of really great tools including SQLScan which is a SQL Scanner that provides the ability to query Google for vulnerable hosts and extract MD5 hashes from the results. Unfortunately sqlscan.py was written for Python 2.3 or Python 2.4 and has not been maintained to be compatible with Python 2.6 which is the current version of Python installed on Backtrack Linux 5 R3. Backtrack 5 R3 is based off of Ubuntu 10.04 which had a release date of April, 2010 so needless to say some packages are out of date. It should be noted though that there is a lot to be said for stability in your operating system versus bleeding edge capabilities and I am sure when the time is correct the Backtrack team will be releasing a new version of Backtrack based on a newer version of Ubuntu.
Some tools in Backtrack Linux version 5 R3 were written for older versions of Python so if you are interested in using some of these tools in can be beneficial to install older versions of Python such as Python 2.4. Below I describe how to easily install Python 2.4 without causing issues with the Python 2.6 that is installed by default on Backtrack Linux 5 R3 or Ubuntu 10.04.
The dictstat Python script is a great little tool for password cracking results analysis or for regular wordlist analysis. The dictstat application is located in the /pentest/passwords/pack directory on Backtrack 5 R3 and can be run using “python dictstat.py” from within that directory. Written by iphelix during the 2010 Crack Me If You Can password cracking competition and is part of a larger toolset called PACK or Password Analysis and Cracking Kit. Below we show some examples of dictstat in action along with some details of the available parsing mechanisms that are in place.
In the Backtrack menu under Information Gathering > Network Analysis > SMB Analysis there is a menu item named smbclient which should actually be named smbclient.py. While the smbclient.py script does actually use smbclient it provides a different interface, commands, no switches, etc. making it fairly different than smbclient itself. While both smbclient and smbclient.py are supposed to provide the same end results they don’t because smbclient.py is extremely buggy so I will be writing an article on each so there is no confusion.