Hi we have discussed about sqlmap previous releases also , latest version Sqlmap version 0.8 release candidate 1 is out for grab .
Some of the major features implemented in sqlmap include:
- Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems software. sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.
- Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support. sqlmap can also test for time based blind SQL injection.
- Extensive back-end database management system software and underlying operating system fingerprint based upon inband error messages, banner parsing, functions output comparison and specific features such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it. sqlmap is also able to fingerprint the web server operating system, the web application technology and, in some circumstances, the back-end DBMS operating system.
- Support to retrieve on all four back-end database management system banner, current user, current database, check if the current user is a database administrator, enumerate users, users password hashes, users privileges, databases, tables, columns, dump tables entries, dump whole database management system and run user’s own SQL statement.
- Support to read either text or binary files from the database server underlying file system when the database software is MySQL, PostgreSQL and Microsoft SQL Server.
- Support to execute arbitrary commands on the database server underlying operating system when the database software is MySQL, PostgreSQL via user-defined function injection and Microsoft SQL Server via xp_cmdshell() stored procedure.
- support to establish an out-of-band stateful connection between the attacker box and the database server underlying operating system via:
- Stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
- Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
- SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit on the attacker box.
- Support for database process’ user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter’s incognito extension or Churrasco stand-alone executable.
Video tutorial for testing SQL injection with SQLMap
Operating System supported.
Windows 32bit
*nix System
Download Sqlmap Here
Searches leading to this post:sqlmap 0 8, sqlmap, sqlmap 0 8 download, sqlmap version 0 8, sqlmap windows, sqlmap 0 8 release candidate 1, sqlmap google dork, sqlmap 0 7 tutorial, sqlmap version 0 8 release candidate 1, backtrack sqlmap, sqlmap privileges, update sqlmap, download sqlmap 0 8, google dork dbms 2009, update backtrack sqlmap metasploit, sqlmap time based --time-test, update sqlmap video, sqlmap tuts, sqlmap update, SQLMAP update at backtrack 4
You must log in to post a comment.