[sqlninja/f15] First commit - new package sqlninja

Arun SAG sagarun at fedoraproject.org
Sun Sep 4 04:21:10 UTC 2011 

commit 89a28fef5bb79cda2d6b0011a232300174634eb4
Author: Arun SAG <sagarun at gmail.com>
Date:   Sun Sep 4 09:50:46 2011 +0530

    First commit - new package sqlninja

 .gitignore                                      |    1 +
 README.fedora                                   |    7 ++
 sources                                         |    1 +
 sqlninja-binary-upload-mode-fix-0.2.6.rc1.patch |   33 +++++++++++
 sqlninja-move-config-file-to-etc-fix.patch      |   12 ++++
 sqlninja.spec                                   |   68 +++++++++++++++++++++++
 6 files changed, 122 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..66a1b19 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/sqlninja-0.2.6-rc2.tgz
diff --git a/README.fedora b/README.fedora
new file mode 100644
index 0000000..c893394
--- /dev/null
+++ b/README.fedora
@@ -0,0 +1,7 @@
+sqlninja -Fedora related modifications
+------------------------------------------
+
+1. By default sqlninja ships binary payload. In Fedora we cannot include prebuild binaries in RPMs.
+So as a workaround, you will be asked with a file path when you use upload mode of sqlninja 'sqlninja -m upload'.
+
+2. The default configuration file is moved to /etc/sqlninja.conf , you need super use privileges to edit the configuration file. 
diff --git a/sources b/sources
index e69de29..e887e77 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+3ec0127d300df9f7e1967c1ff0586f40  sqlninja-0.2.6-rc2.tgz
diff --git a/sqlninja-binary-upload-mode-fix-0.2.6.rc1.patch b/sqlninja-binary-upload-mode-fix-0.2.6.rc1.patch
new file mode 100644
index 0000000..3b11872
--- /dev/null
+++ b/sqlninja-binary-upload-mode-fix-0.2.6.rc1.patch
@@ -0,0 +1,33 @@
+diff -up ./sqlninja.fix ./sqlninja
+--- ./sqlninja.fix	2011-07-05 23:20:38.830051959 +0530
++++ ./sqlninja	2011-07-05 23:47:08.522271888 +0530
+@@ -256,29 +256,8 @@ if (($mode eq "test") || ($mode eq "t"))
+ 	my $uplfile;
+ 	while ($uplfile eq "") {
+ 		print "  Specify the binary or script file to upload\n";
+-		print "  shortcuts:\n".
+-		      "    1: apps/nc.exe\n".
+-		      "    2: apps/dnstun.exe\n".
+-		      "    3: apps/churrasco.exe\n".
+-		      "    4: apps/icmpsh.exe\n".
+-		      "    5: apps/vdmallowed.exe\n".
+-		      "    6: apps/vdmexploit.dll\n".
+-		      "  > ";
+ 		$uplfile = <STDIN>;
+ 		chomp $uplfile;
+-		if ($uplfile eq "1") {
+-			$uplfile = "apps/nc.exe";
+-		} elsif ($uplfile eq "2") {
+-			$uplfile = "apps/dnstun.exe";
+-		} elsif ($uplfile eq "3") {
+-			$uplfile = "apps/churrasco.exe";
+-		} elsif ($uplfile eq "4") {
+-			$uplfile = "apps/icmpsh.exe";
+-		} elsif ($uplfile eq "5") {
+-			$uplfile = "apps/vdmallowed.exe";
+-		} elsif ($uplfile eq "6") {
+-			$uplfile = "apps/vdmexploit.dll";
+-		}
+ 	}
+ 	upload($uplfile);
+ } elsif (($mode eq "dirshell") || ($mode eq "s")) {
diff --git a/sqlninja-move-config-file-to-etc-fix.patch b/sqlninja-move-config-file-to-etc-fix.patch
new file mode 100644
index 0000000..668f86d
--- /dev/null
+++ b/sqlninja-move-config-file-to-etc-fix.patch
@@ -0,0 +1,12 @@
+diff -up ./sqlninja.p1 ./sqlninja
+--- ./sqlninja.p1	2010-09-30 23:39:37.274412599 +0530
++++ ./sqlninja	2010-09-30 23:38:36.257412780 +0530
+@@ -64,7 +64,7 @@ my %options;
+ my $ask;_();getopts('gvm:f:p:w:u:d:',\%options) or usage();
+ my $genscript = "";
+ my $verbose = $options{v};
+-my $confile = $options{f} || "sqlninja.conf";
++my $confile = $options{f} || "/etc/sqlninja.conf";
+ my $password = $options{p} || "";
+ my $wordlist = $options{w};
+ my $user = $options{u};
diff --git a/sqlninja.spec b/sqlninja.spec
new file mode 100644
index 0000000..63d9dc0
--- /dev/null
+++ b/sqlninja.spec
@@ -0,0 +1,68 @@
+Name:           sqlninja
+Version:        0.2.6        
+Release:        0.2.rc2%{?dist}
+Summary:        A tool for SQL server injection and takeover
+
+Group:          Applications/Databases
+License:        GPLv2+
+URL:            http://sqlninja.sourceforge.net/index.html
+Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}-rc2.tgz
+Source1:        README.fedora
+Patch0:         sqlninja-binary-upload-mode-fix-0.2.6.rc1.patch
+Patch1:         sqlninja-move-config-file-to-etc-fix.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildArch:      noarch
+
+Requires:       perl-Net-DNS-Nameserver 
+Requires:       perl-Net-Pcap
+Requires:       perl-IO-Socket-SSL
+Requires:       perl-NetPacket
+Requires:       perl-Net-RawIP
+Requires:       perl
+
+%description
+Sqlninja is a tool targeted to exploit SQL Injection
+ vulnerabilities on a web application that uses 
+Microsoft SQL Server as its back-end. Its main goal 
+is to provide remote access to vulnerable DB server.
+
+%prep
+%setup -q -n %{name}
+%patch0
+%patch1
+cp %{SOURCE1} .
+
+%build
+
+
+%install
+rm -rf %{buildroot}
+install -pm 755  -d %{buildroot}%{_sysconfdir}
+install -pm 644 %{name}.conf %{buildroot}%{_sysconfdir}/
+install -pm 755 -d  %{buildroot}%{_sbindir}
+install -pm 755 %{name} %{buildroot}%{_sbindir}
+
+
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE ChangeLog README sqlninja-howto.html README.fedora 
+%config(noreplace) %{_sysconfdir}/%{name}.conf
+%{_sbindir}/%{name}
+
+
+%changelog
+* Sun Sep 4 2011 Arun SAG <sagarun [AT] gmail dot com> - 0.2.6-0.2.rc2
+- Updated to new upstream release
+
+* Sun Jul 3 2011 Arun SAG <sagarun [AT] gmail dot com> - 0.2.6-0.1.rc1
+- Remove clean section
+- Fix twise listed config file
+- Fix license
+- Updated to 0.2.6-0.1.rc1
+
+* Sat Sep 30 2010 Arun SAG <sagarun [AT] gmail dot com> - 0.2.5-2
+- Pre-build binaries are no longer included 
+
+* Sat Sep 25 2010 Arun SAG <sagarun [AT] gmail dot com> - 0.2.5-1
+- First release

More information about the scm-commits mailing list