sqlmap

We have hosted the application sqlmap in order to run this application in our online workstations with Wine or directly.

Quick description about sqlmap:

sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process.

sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also comes with a wide set of switches which include database fingerprinting, over data fetching from the database, accessing the underlying file system, and more.

Features:

• Exceptional support for a wide array of database management systems: MySQL, Oracle, PostgreSQL, IRIS, MimerSQL, SAP MaxDB, Microsoft SQL Server, Microsoft Access, CockroachDB, IBM DB2, SQLite, Firebird, Amazon Redshift, Informix, MariaDB, MemSQL, TiDB, HSQLDB, H2, Cubrid, Sybase, MonetDB, Vertica, Mckoi, Presto, Altibase, Apache Derby, Apache Ignite, CrateDB, Greenplum, Drizzle, InterSystems Cache, eXtremeDB and FrontBase database management systems.
• Fully supports six SQL injection techniques: boolean-based blind technique, error-based technique, UNION query-based technique, time-based blind technique, stacked queries and out-of-band.
• Enables connecting directly to the database without having to pass an SQL injection. This is done through the provision of DBMS credentials, IP address, port and database name.
• Offers support for enumerating users, password hashes, privileges, roles, databases, tables and columns.
• Automatically recognizes password hash formats and provides support to crack them with a dictionary-based attack.
• Supportive of dumping entire database tables, dumping a selection of entries, or just specific columns depending on the user's choice. Users may also opt to dump only a selection of characters from each column's entry.
• Able to search for specific database names and tables across all databases or in certain columns across all databases' tables. This can be used in cases such as identifying tables that have custom application credentials, where the columns' names contain string like name and pass.
• Supportive of downloading and uploading any file from the database server underlying file system, given that the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Enables execution of arbitrary commands and retrieval of their standard output on the database server underlying operating system, again given that the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Enables the establishment of an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. Depending on the user�s choice this channel can be one of three things: an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session.
• Offers support for user privilege escalation of database process through Metasploit's Meterpreter getsystem command.

Programming Language: Python.
Categories: