Who's Online
There are currently, 192 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
xSQLScanner 1.2 MS-SQL and My-SQL servers audit tool
Posted by cdupuis on Thursday, 03 November 2011 @ 10:05:17 EDT (616 reads)
Topic SQL Security
Anonymous writes "
On Sun, Oct 23, 2011 at 19:47, Rodrigo Matuck wrote:
Hi everyone
I published at my blog a new tool called xSQLScanner. This program allow the user audit MS-SQL and My-SQL servers.
Some features:
Vulnerability Audit options;
- Test for weak password fast;
- Test for wear/user passwords;
- Wordlist option;
- Userlist option;
Portscanner
Range IP Address audit and more.
Now the good news, i made 2 versions. Windows & Linux. The linux version use the Mono Project, so i compiled mono version to run under Linux (BackTrack 5 - GNOME).
Here the instructions to install under linux:
1 - get http://www.4shared.com/file/ykeEX3TV/xsqlscan-mono.html
2 - tar -xzvf xsqlscan.tar.gz
3 - cd xsqlscan
4 - ./xsqlscanw
5 - The program will verify if you have Mono Core files. If you already have it, the application will launch
5.1 - If the Mono Core Files are not installed, Answer 'yes' to download the libs and mono core files
6 - Restart the application typing: ./xsqlscanw
7 - Enjoy
The link for Windows version: http://www.4shared.com/file/9evD9RTY/xsqlscanner-12.html
Remember: any bugs, suggestions please contact me.
Regards "
Great SQL Injection (SQLi) Collection of tools by Sourabh
Posted by cdupuis on Thursday, 30 September 2010 @ 12:57:19 EDT (2120 reads)
Topic SQL Security
Anonymous writes "NOTE FROM CLEMENT:
I would like to thank Sourabh for putting together the packs and sharing them with the community. As mentioned it is a collection of tools and information from different sources, the author deserve great credit as well for they work and for sharing with the community. Enjoy! Clement
See his post below:
Hello everybody,
Since i started learning SQL Injection, i have collected lots of good tools and documents , I am still collecting more and more day by day as my scope of knowledge is increasing. So I thought that I should share what i have collected till now with everyone here to help them in their learning quest.
MAIN DOWNLOAD LINKS:
SQLI SCANNER PACK : http://www.mediafire.com/download.php?fer74n4rlxwf3uc
MD5 tools pack : http://www.mediafire.com/download.php?f14s7tpc9zyos7s
ADMIN FINDR : http://www.mediafire.com/download.php?ye0fx80wzjni1z9
SQLI TUTORIAL PACK : http://www.mediafire.com/download.php?mup5itjeu391fcy
DORKS PACK : http://www.mediafire.com/download.php?c8w4chtjcak4i7y
SHELLS PACK : http://www.mediafire.com/download.php?ce6ka8vcd875nog
MISC UTILITIE PACK : http://www.mediafire.com/download.php?eo8j5w3zyyv28qp
WHAT IS INCLUDED?
My tool pack includes the following things:
1) SQL SCANNER PACK
The sqli scanner/automating injection pack : contains 5 different tools for scanning, and automating the hacking process
(a) Exploit scanner - for finding websites with dorks , and testing them for vulnerabilities. very famous.
(b) Turkish ARTA - same as exploit scanner but not as famous because its Turkish . i find it better then exploit scanner. but that my personal opinion.
(c) Havij 1.12 free version : i guess everyone knows about it. it automates the process of performing sqli attack on any site. It is extremely famous and efficient. but still it a tool :) nothing can be better than the manual process
(d) SQLI helper 2.7 : same like havij , but little fast .
(e) sqlinj Version 2 - another nice sql injection tool . i will write a tutorial later how to use this tool
2) ADMIN FINDER PACK
After getting the logins from the database one needs to get the admin page. For some sites its very easy while for some site its very hard. Here are some nice admin finder tools and lists that u may use. These tools by themselves are never enough. I will keep uploading the admin finder lists as i get more
(a)reiiuke admin finder ( u can update the original admin finder lists with the list i am providing)
(b)5 Perl and python admin finder tools/scripts. update them as per your need
(c) misc software : admin pass locater , to brute force admin pass if u cant find it
YOU MIGHT ALSO LIKE THIS SITE to try to find admin page http://th3-0utl4ws.com/tools/admin-finder/
3) DORKS PACK
This pack ontains many files containing more then 7000 dorks.
4) SHELLS
This pack contains many shells and source codes , like c99 ,c100 , jackal and many more. Be aware that many shells like c99 are identified as Trojans by many antivirus. so u might find your antivirus shouting about this pack. What else would you expect :-)
Description of some of the shells :
(a) ZaraByte CMS: ZaraByte CMS if for testing CMS for vulnerabilities. Put your skill to the test and see if you can discover the vulnerabilities!
(b) Php DDoS Shell: You might need a good Connection or good Connection with the hosted server.
(c) c99 Shell: c99 shell the shell I use for testing. (Not that great you can find other c99's by going to google and typing inurl:c99.txt within the search field.
(d) Php file Uploader: File Uploader script is small so it bypasses just about any file limit. It also has the backdoor
(e) Cookie Stealer: Cookie Stealer script save it as a php file just read the txt file.
(f) HTTP Proxy Script : upload this to a server and when browsing using the HTTP Proxy script on a server it will show the Web servers IP and not yours. besure to edit the "index.inc.php"
U might also wanna see this site : THIS SITE CONTAIN MANY SHELLS -> http://www.kinginfet.net/shells/
5) MD5 cracking tools
Although havij has and md5 tool for some reason it never worked for me . so this pack contains some tools.
ALSO THESE SITES WILL PROVE YOU GREAT HELP:
http://www.md5decrypter.com/
http://www.md5decrypter.co.uk/
http://md5.rednoize.com/
http://md5decryption.com/
http://passcracking.com/
http://www.xmd5.org/
http://www.md5cracker.com/index.php
http://md5.noisette.ch/index.php
http://md5cracker.org
6) SQLI TUTORIALS PACK
This pack contain complete html pages of sqli tutorails that i found useful from various forums and websites such as hackforum, elitesoft, warex, outlaws etc etc. I bet every newbe will love this pack . All you need is Firefox to open these html files.
NOTE:
This pack also contain 2 of my own created sqli help files which i created myself, serves me as a very useful docment wheneever i am on to hack some site.
7) MISC UTILITIES PACK
a)Text2Ascii Converter
b)Text2SQL Converter
c)Text2Hex Converter (NEW)
d)SQL Column Gen (NEW)
NOTE: Virus information
All files are in winrar format so if u dont want to extract due to virus suspicion then dont extract that particular file.
1) The sqli helper 2.7 is identified as some trojan.even if u download the tool form the original site u will get that virus alert as well. So i guess its false postive strictly based on a fix signature that exist within the helper file.
2) SHELL pack will definately alert you for virus, bcos it contains many shell that are considered as trojna, extract it or not, choice is urs.
If you click on Read More... below you will see the results of common scanners that were run against the different files that are included within the pack.
Please do not write to us to tell us that there are virus, malware, etc... within the package. We know there are some of the files that will turn your virus scanner read, after all it would not be called an exploitation pack if there was no malicious software in it.
TIP: Before start your path on learning sqli injection I recommend you get these three firefox addons:
1) hackbar
2) tamper data
2) add and edit cookie
This is a collection I have put together from many sources, there are tons of websites and hacking forums where u can get more info on Sql Injection attacks or any other aspects of Hacking
NOTE FROM CLEMENT:
Remember: Google, a Good Browser, and your Brain are your best friend for security testing "
Bizploit -- ERP Penetration Testing Framework
Posted by cdupuis on Tuesday, 01 June 2010 @ 22:35:56 EDT (2203 reads)
Topic SQL Security
Dear colleague,
We are proud to announce the release of Onapsis Bizploit, the first opensource ERP Penetration Testing framework.
Presented at the renowned HITB Dubai security conference, Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems.
The term "ERP Security" has been so far understood by most of the IT Security and Auditing industries as a synonym of “Segregation of Duties”. While this aspect is absolutely important for the overall security of the Organization's core business platforms, there are many other threats that are still overlooked and imply much higher levels of risk.
Onapsis Bizploit is designed as an academic proof-of-concept that will help the general community to illustrate and understand this kind of risks.
Currently Onapsis Bizploit provides all the features available in the sapyto GPL project, plus several new plugins and connectors focused in the security of SAP business platforms. Updates for other popular ERPs are to be released in the short term.
Your can download the software freely from http://www.onapsis.com
Best regards,
sqlninja 0.2.5 released!
Posted by cdupuis on Sunday, 09 May 2010 @ 13:32:24 EDT (6214 reads)
Topic SQL Security
Anonymous writes "Hello security enthusiasts, It's been 2 years, but a new version of sqlninja is out at Sourceforge!
Introduction
=========
Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide an interactive access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
It is written in Perl, it is released under the GPLv2 and so far has been successfully tested on: - Linux - FreeBSD - Mac OS X
You can find it, together with a flash demo of its features, at the address http://sqlninja.sourceforge.net
What's new
========
# Proxy support (it was about time!)
# No more 64k bytes limit in upload mode
# Upload mode is also massively faster
# Privilege escalation through token kidnapping (kudos to Cesar Cerrudo)
# Other minor improvements
What's not so new
============
# Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
# Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
# Privilege escalation to sysadmin group if 'sa' password has been found
# Creation of a custom xp_cmdshell if the original one has been removed
# Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
# TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
# Direct and reverse bindshell, both TCP and UDP
# DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
# Evasion techniques to confuse a few IDS/IPS/WAF
# Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection Happy hacking !
-- icesurfer "
DBAPPSecurity web application scanner MatriXay 3.6 was released
Posted by cdupuis on Tuesday, 30 March 2010 @ 12:04:57 EDT (2509 reads)
Topic SQL Security
DBAPPSecurity web application scanner MatriXay 3.6 was released.
Web Application Vulnerabilities Scanner (MatriXay 3.6) not only has the remarkable scanning ability, but also provides powerful penetration testing functions and web Trojan detection.
MatriXay 1.0 was first released at the BlackHat Security Conference and Def-Con in August 2006; then in December 2007 , version 2.0 was released and it played an important role in Web security protection for the 2008 Olympic Games.
Released in 2009, MatriXay 3.0 not only has the remarkable scanning ability,but also provides powerful penetration testing tools and web Trojan detection. Therefore it is appraised as “The Best Web Security Evaluation Tool”.
MatriXay 3.6 was released recently:
Features:
- In-depth Scan: risk-oriented in-depth scanning on web application can access to back-end database information and web application list.
- Web Vulnerability Detection: detect all kinds of typical web vulnerabilities deeply (such as SQL injection, Xpath injection, XSS, the form around, form weak password, all kinds of CGL vulnerabilities.)
- Web Trojan Detection: analyze a variety of linked Trojan automatically, effectively and intellectually; make an accurate analysis to the spreading Trojan virus type; make the position for web Trojan host.
- Penetration Testing: make deep analysis to the target web application and implement sound attack to obtain direct evidence of system security threats by imitating the vulnerability discovery techniques and attack methods of the hacker to current vulnerability.
- DB Audit: By fully simulating hijack attack through current weakness, to realize database Audit function,to obtain configuration information such as background database connection information, database name, database version, Data Dictionary etc.
Benefits
- Complete, in-depth and accurate assessment of web application vulnerabilities can effectively enhance the active defense capabilities.
- Flexible and defined scanning working pattern
- Deep and intellectual Scan Engine
- Unique "evidence" model to ensure accurate and reliable results of the assessment
- Baseline audit of more than 10 kinds of database
- Complete risk assessment report
- Risk assessment report can support all kinds of file formats and can fully customize the content
- No third-party software support for installation and operation
More information, please check http://www.dbappsecurity.com/webscan.html
For Demo and free trial version, please check http://www.dbappsecurity.com/Download.html
Thanks
DBAPPSecurity
sqlmap 0.8 has been released
Posted by cdupuis on Thursday, 18 March 2010 @ 02:00:00 EDT (1774 reads)
Topic SQL Security
Hi,
I am glad to release sqlmap version 0.8.
Introduction
========
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Changes
======
Some of the new features include:
* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'. Useful to identify for instance tables containing custom application credentials (Bernardo).
* Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo).
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav).
* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav).
* Major bug fix and enhancements to the multi-threading (--threads) functionality (Miroslav).
Complete list of changes at:
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.
Download
======
You can download it in various formats:
* Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.gz
* Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.bz2
* Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.zip
* DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.8-1_all.deb
* RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8-1.noarch.rpm
* Portable executable for Windows that does not require the Python interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8_exe.zip
Documentation
==========
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* Conferences' material (whitepaper and slides): http://sqlmap.sourceforge.net/#docs
Contribute
=======
I am looking for security geeks who can write some "clean" Python code, know about web application security, database takeover, post-exploitation techniques, software refactoring and are motivated to join the development team. If you are interested, please get back to me (bernardo.damele@gmail.com).
If you have no clue what the tool is about, are excited about joining the effort, but has never written a single line of code or you want only to appear in the AUTHORS file, please don't waste my and your time.
For the sceptical.. No, it's not only about web application. Yes, it helps you also to get a command prompt on the target system. Yes, it can be used to privilege escalate to SYSTEM if the target system is Windows.
Not yet convinced that this tool is worth a try? Get some popcorns, head to http://sqlmap.sourceforge.net/demo.html and watch some video demonstrations.
Happy hacking!
Bernardo and Miroslav
SQL Injection and Parameter Manipulation Video Clips
Posted by cdupuis on Wednesday, 03 March 2010 @ 11:13:58 EST (1666 reads)
Topic SQL Security
NOTE FROM CLEMENT:
These two videos are very nice videos that demonstrate in simple terms what SQL Injections are and also what is Parameter Tampering. It is not for the purpose to learn everything there is to know about the subject, that would take weeks, the goal is to educate people and developers on the issue. They are great because of their short length and I like the animations as well. One picture is worth a thousand words they say. In this case on minute of video clip is worth 10 minutes of talks. I will most certainly use them in some of my classes. Job well done. Clement
One of the biggest challenges of the security community is to build true SDLC (Secure development Life Cycle).
The biggest obstacle is that application developers at large lack the know-how and motivation to address application risk.
At Checkmarx labs we thought that a new approach to application developers might help them cross the barrier.
We have developed as a pilot including two short animated clips that should help developers understand security flaws, how they can be detected and consequently prevented.
We built one clip for SQL Injection and another for Parameter Tampering - limited up to 5 minutes each.
We would appreciate feedback from the OWASP community whether the effort is meaningful and should it be extended.
Please feel free to use the clips freely.
The clips can be found at:
SQL Injection : http://www.youtube.com/watch?v=vjDrseRLyuA&hd=1
Parameter Tampering: http://www.youtube.com/watch?v=l5LCDEDn7FY&hd=1
Yours,
Maty Siman, CISSP
CTO
Checkmarx
Sqlmap version 0.7 has been released
Posted by cdupuis on Thursday, 06 August 2009 @ 22:01:06 EDT (2497 reads)
Topic SQL Security
Anonymous writes "Hi,
I am glad to release sqlmap version 0.7.
Introduction
============
sqlmap is an open source command-line automatic SQL injection tool.
Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's
specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Changes
=======
Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:
* Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
* Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.
* Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.
Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
Download
========
You can download it in various formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7.tar.gz
* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7.tar.bz2
* Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.7.zip
* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.7-1_all.deb
* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7-1.noarch.rpm
* Portable executable for Windows that does not require the Python interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7_exe.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
Happy hacking!
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
"
sqlmap version 0.7rc1 has been released
Posted by cdupuis on Thursday, 21 May 2009 @ 08:13:47 EDT (2105 reads)
Topic SQL Security
Anonymous writes "Hi,
I am glad to release sqlmap version 0.7rc1.
WARNING: This release is a candidate, it only works on Linux so please do not complain that it does not work on your Windows or Mac OS X systems.
Introduction
============
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Changes
=======
Some of the new features include:
* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell()
stored procedure on Microsoft SQL Server;
* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell
and VNC payloads for both Windows and Linux;
* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;
* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;
* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable.
Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
Download
========
You can download it in two formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.tar.gz
* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* "Advanced SQL injection to operating system full control" whitepaper[1] and slides[2] presented at Black Hat Europe 2009 in Amsterdam (The Netherlands) on April 16, 2009
[1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf
[2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides
Happy hacking!
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F "
A new version of sqlsus has been released
Posted by cdupuis on Friday, 10 April 2009 @ 21:55:09 EDT (1877 reads)
Topic SQL Security
Hi everyone,
A new version of sqlsus has been released and is available at http://sqlsus.sf.net/
You will find on the website a description of the features, along with some documentation and flash demos showing how the tool can be used.
sqlsus is a MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure / contents, inject a SQL query, download files from the web server, upload and control a backdoor, and much more...
It is designed to maximize the amount of data gathered per web server hit, making the best use (I can think of) of MySQL functions to optimize the available injection space. sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of which are really specific to this DBMS.
What's new
==========
- Full SQLite backend, storing queries / results as they come, databases structure, variables... into a local SQLite database.
- Added "clone" command to clone some columns, a table, or the full database into a local SQLite database.
- "clone" has a resume ability, allowing to continue accross sessions.
- Rewrite of the blind injection engine (A LOT faster now):
- keep all the threads busy with micro tasks (huge speed improvement)
- regular expression matching for each item, prior to bruteforcing
(huge drop in the number of hits required)
- progress meter
- Added cookie support.
- Possibility to change the current database ("use xxx"), and still be
able to use all the commands transparently
- Better query shortening, allowing even more data to be fetched per server hit.
- Got rid of IPC::Shareable, using socketpair() instead.
- Use of BINARY for inband injections, to avoid collation issues.
- Inband injection is now only contained in subqueries, to allow more
complex sql injection scenarios.
...
The full CHANGELOG can be found in the tarball or at
http://sqlsus.sf.net/download.html
Download and enjoy :)
- sativouf
sqlmap version 0.6.4 has been released
Posted by cdupuis on Friday, 06 February 2009 @ 13:49:00 EST (1675 reads)
Topic SQL Security
Anonymous writes "Hi,
I am glad to release sqlmap version 0.6.4.
Introduction
============
sqlmap is an open source command-line automatic SQL injection tool developed in Python.
Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
Changes
=======
Some of the new features include:
* Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object.
* Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell
if stacked queries are supported by the web application technology.
* Major speed increase in DBMS basic fingerprint.
* Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle.
* Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable.
Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
Download
========
You can download it in various formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.4.tar.gz
* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.4.tar.bz2
* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.4.zip
* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.4-1_all.deb
* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.4-1.noarch.rpm
* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.4_exe.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
Happy hacking!
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F "
sqlmap version 0.6.1 has been released
Posted by cdupuis on Wednesday, 26 November 2008 @ 00:00:00 EST (1779 reads)
Topic SQL Security
Hi, I am glad to release sqlmap version 0.6.1.
Introduction
============
sqlmap is an automatic SQL injection tool developed in Python.
Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.
Changes
=======
Some of the new features include:
* Added a Metasploit Framework 3 auxiliary module to run sqlmap;
* Implemented possibility to test for and inject also on LIKE statements;
* Implemented --start and --stop options to set the first and the last table entry to dump;
* Added non-interactive/batch-mode (--batch) option to make it easy to wrap sqlmap in Metasploit and any other tool.
Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
Download
========
You can download it in various formats:
* Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.gz
* Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.bz2
* Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.zip
* DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1-1_all.deb
* RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1-1.noarch.rpm
* Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1_exe.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
Happy hacking!
-- Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F
sqlmap an automatic SQL injection
Posted by cdupuis on Thursday, 04 September 2008 @ 00:03:39 EDT (9673 reads)
Topic SQL Security
Hi,
I am glad to release sqlmap version 0.6.
Introduction
============
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target
host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.
Changes
=======
Some of the new features include:
* Added multithreading support to set the maximum number of concurrent HTTP requests.
* Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack.
* Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator.
* Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file.
* Implemented support for HTTPS requests over HTTP(S) proxy.
* Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic.
Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
Download
========
You can download it in various formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.gz
* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.bz2
* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.zip
* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.6-1_all.deb
* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6-1.noarch.rpm
* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6_exe.zip
Note: the subversion repository is not accessible anymore so the only way to get the new release is to download it from one of the above links.
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
Happy hacking!
- --
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile number: +39-3493821385
Deep Blind SQL Injection
Posted by cdupuis on Friday, 29 August 2008 @ 11:32:25 EDT (11329 reads)
Topic SQL Security
Deep Blind SQL Injection reading data is more complex than in classic blind injection. However it is still possible to retrieve data, moreover it is possible with a 66% reduction in the number of requests made of the server, requiring two rather than six requests to retrieve each char.
Related Applications
- BSQL brute forcer V2Updated version of the Blind SQL Injection Brute Forcer from www.514.es. Works against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL Queries.
- BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
Related Presentations
PDF Paper - Deep Blind SQL Injection
MD5: 139CCA843EE5C8F014350A551133AF6D
SHA1:649F08CFF6FC22FA6CF8AD1A5CD7F84D4008B53E
Deep Blind SQL Injection
Posted by cdupuis on Wednesday, 20 August 2008 @ 23:34:56 EDT (8627 reads)
Topic SQL Security
Deep Blind SQL Injection reading data is more complex than in classic blind injection. However it is still possible to retrieve data, moreover it is possible with a 66% reduction in the number of requests made of the server, requiring two rather than six requests to retrieve each char.
Download White Paper
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
| Sunday, May 18 | | · | Pangolin Sql Injection tool version 1.2.5.604 has been released |
| Tuesday, January 22 | | · | sqlninja 0.2.2 has been released |
| Saturday, January 19 | | · | SQLMap Automated SQL injection tool |
| Sunday, October 07 | | · | sqlninja 0.2.1 has been released |
| Tuesday, June 26 | | · | ISR-Sqlget - Blind SQL Injection Tool |
| Wednesday, June 20 | | · | SQLNinja -- A new version has been released |
| Friday, June 15 | | · | New release of sqlmap 0.4; sqlmap is an automatic blind SQL |
| Thursday, January 25 | | · | sqlmap: a blind SQL injection tool 0.3 released |
| Friday, December 15 | | · | sqlmap: a blind SQL injection tool 0.2 released |
| Thursday, December 14 | | · | A new version of SQLNinja has been released |
| Sunday, April 09 | | · | New version of bsqlbf has been released |
| Monday, February 20 | | · | SQL Power Injector has been officially released |
| Sunday, February 19 | | · | Blind SQL Injection Perl Tool |
| Tuesday, March 22 | | · | SQLRecon v1.0 has been released (and it is FREE) |
| Thursday, December 09 | | · | Absinthe 1.1 - Blind SQL Injection Tool Released |
Older Articles
|
[Criptography] DES Modes