We wrote about sqlmap version 0.8 RC 1 being released here. Now, the author Bernardo Damele A. G. has released the FINAL version!
“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.”
This is the change log for sqlmap version 0.8: * Support to enumerate and dump all databases’ tables containing user provided column(s) by specifying for instance ‘–dump -C user,pass’. Useful to identify for instance tables containing custom application credentials (Bernardo). * Support to parse -C (column name(s)) when fetching columns of a table with –columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo). * Support for takeover features on PostgreSQL 8.4 (Bernardo). * Enhanced –priv-esc to rely on new Metasploit Meterpreter’s ‘getsystem’ command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo). * Automatic support in –os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav). * Fixed web backdoor functionality for –os-cmd, –os-shell and –os-pwn useful when web application does not support stacked queries (Bernardo). * Added support to properly read (–read-file) also binary files via PostgreSQL by injecting sqlmap new sys_fileread() user-defined function (Bernardo and Miroslav). * Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo). * Updated active fingerprint for PostgreSQL 8.4 (Bernardo). * Support for NTLM authentication via python-ntlm third party library,http://code.google.com/p/python-ntlm/, –auth-type NTLM (Bernardo). * Support to automatically decode deflate, gzip and x-gzip HTTP responses (Miroslav). * Support for Certificate authentication, –auth-cert option added (Miroslav). * Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), –scope (Miroslav). * Added option (-r) to load a single HTTP request from a text file (Miroslav). * Added option (–ignore-proxy) to ignore system default HTTP proxy (Miroslav). * Added support to ignore Set-Cookie in HTTP responses, –drop-set-cookie (Miroslav). * Added support to specify which Google dork result page to parse, –gpage to be used together with -g (Miroslav). * Major bug fix and enhancements to the multi-threading (–threads) functionality (Miroslav). * Fixed URL encoding/decoding of GET/POST parameters and Cookie header (Miroslav). * Refactored –update to use python-svn third party library if available or ‘svn’ command to update sqlmap to the latest development version from subversion repository (Bernardo and Miroslav). * Major bugs fixed (Bernardo and Miroslav). * Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo and Miroslav). * Major code cleanup (Miroslav). * Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware (Miroslav). * Updated user’s manual (Bernardo and Miroslav). * Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.sourceforge.net/demo.html (Bernardo).
So, you see that the author has gotten a lot of things done with this release. Head over here and download sqlmap version 0.8!
Hi we have discussed about sqlmap previous releases also , latest version Sqlmap version 0.8 release candidate 1 is out for grab .
Some of the major features implemented in sqlmap include:
- Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems software. sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase. - Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support. sqlmap can also test for time based blind SQL injection. - Extensive back-end database management system software and underlying operating system fingerprint based upon inband error messages, banner parsing, functions output comparison and specific features such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it. sqlmap is also able to fingerprint the web server operating system, the web application technology and, in some circumstances, the back-end DBMS operating system. - Support to retrieve on all four back-end database management system banner, current user, current database, check if the current user is a database administrator, enumerate users, users password hashes, users privileges, databases, tables, columns, dump tables entries, dump whole database management system and run user’s own SQL statement. - Support to read either text or binary files from the database server underlying file system when the database software is MySQL, PostgreSQL and Microsoft SQL Server. - Support to execute arbitrary commands on the database server underlying operating system when the database software is MySQL, PostgreSQL via user-defined function injection and Microsoft SQL Server via xp_cmdshell() stored procedure. - support to establish an out-of-band stateful connection between the attacker box and the database server underlying operating system via: - Stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux; - Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support; - SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit on the attacker box. - Support for database process’ user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter’s incognito extension or Churrasco stand-alone executable.
Video tutorial for testing SQL injection with SQLMap
We had updated you all about the latest release candidate of sqlmap being made available for download by the authors here.
Now, the stable version of sqlmap has been released by Bernardo Damele, the author. The changelog of this version, reads the folloing entries:
* Adapted Metasploit wrapping functions to work with latest 3.3 development version too. * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too. * Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or –os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too. * Minor improvement so that sqlmap tests also all parameters with no value (eg. par=). * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+. * Major bug fix to sql-query/sql-shell features. * Major bug fix in –read-file option. * Major silent bug fix to multi-threading functionality. * Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and –os-shell is provided. * Fixed MySQL ‘comment injection’ version fingerprint. * Fixed basic Microsoft SQL Server 2000 fingerprint. * Many minor bug fixes and code refactoring.
We all know, that sqlmap is an open source command-line automatic SQL injection tool. It aims at to detecting and taking advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, you can then choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run your own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between your box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Exciting isn’t it? It is cross platform. It can work on both – *NIX & Win32. Download it here. If you are interested in knowing more about this tool, you can read the sqlmap user’s manual in HTML or in PDF.
“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.”
