SQLi to RCE Escalation Script

SQLi to RCE — Escalation Automation

Cuando tienes a SQL injection consignsda, this script automatiza the salto a command execution of the system operatestivo:

n
• MySQL/MariaDB: INTO OUTFILE for webshell, UDF loading for execution directa of commands of the SO.
n
• MSSQL: Enablement of xp_cmdshell, command execution, and technique of OLE Automation as fallback.
n
• PostgreSQL: COPY TO for escritura of files, CREATE FUNCTION with lenguaje C for command execution.
n
• Detection automatic — Identifica el DBMS, version, privilegios of the user actual, and selecciona the technique optimal.
n
• Integration with sqlmap — Acepta output of sqlmap (--dump) as input for continuar the cadena.
n

Requirements: Python 3.8+, SQLi consignsda with capacidad of execute queries arbitrarias.