Jump to content

Get our Exclusive PureVPN offer

PureVPN and LeakPortal have partnered to provide our members with an exclusive offer!
5 Years for
$10.95 $1.65/month
Save 85% - $99 every 5 Years

Buy Now
Sign in to follow this  
watchopolis

SQLMap Automatic SQL injection and database takeover tool

Recommended Posts

About

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features

  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
  • Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
  • Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  • Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  • Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
  • Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
  • Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
  • Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.

Screenshot

aztBoLp.png

Download

Hidden Content

    Reply to this topic to see the hidden content.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By DreeyZnn
      Kali 2018.1
       
       
      File size: 2.88/2.82 GiB | Languages: English, Deutsch

      Kali contains a vast array of hacker tools and utilities (password attacks, sniffing and spoofing, reverse engineering, ...). Hacking foreign WiFi/WLAN (wireless attacks) and more. Kali is designed for digital forensics and penetration testing.
      Kali is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali can be run from a hard disk, live DVD, or live USB.
      The most advanced penetrating testing distribution, ever.
      Kali, the most advanced and versatile penetration testing distribution ever created. Kali has grown far beyond its humble roots as a live DVD and has now become a full-fledged operating system.
      Note: Kali is Linux based, but suitable for all Windows versions.
      Release Notes
      Changes in 2018.1: some minor improvements.
      Homepage: https://www.kali.org
      Documentation: https://www.kali.org/kali-linux-documentation


      Hidden Content
      Reply to this topic to see the hidden content. Password; DrAvIdGrOvEr

  • Recent Status Updates

×