Information Security

sqlscan – Backtrack 5 – Information Gathering – Web Application Analysis – Web Crawlers – sqlscan

Need to query Google for vulnerable SQL servers and extract MD5 hashes? The sqlscan.py Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix sqlscan.py by following the instructions here and here. Once you have sqlscan.py functioning without errors proceed to the example below.

Technology Errors

sqlscan Error: sqlscan.py:8: DeprecationWarning: the sets module is deprecated

Backtrack Linux is full of really great tools including SQLScan which is a SQL Scanner that provides the ability to query Google for vulnerable hosts and extract MD5 hashes from the results. Unfortunately sqlscan.py was written for Python 2.3 or Python 2.4 and has not been maintained to be compatible with Python 2.6 which is the current version of Python installed on Backtrack Linux 5 R3. Backtrack 5 R3 is based off of Ubuntu 10.04 which had a release date of April, 2010 so needless to say some packages are out of date. It should be noted though that there is a lot to be said for stability in your operating system versus bleeding edge capabilities and I am sure when the time is correct the Backtrack team will be releasing a new version of Backtrack based on a newer version of Ubuntu.