[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ffa432520904220729gfa41f6ej579aab658f56fdf9@mail.gmail.com>
Date: Wed, 22 Apr 2009 15:29:26 +0100
From: "Bernardo Damele A. G." <bernardo.damele@...il.com>
To: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org,
dailydave@...ts.immunitysec.com, pen-test@...urityfocus.com,
bugtraq@...urityfocus.com
Subject: [Tool] sqlmap 0.7rc1 released
Hi,
I am glad to release sqlmap version 0.7rc1.
WARNING: This release is a candidate, it only works on Linux so please
do not complain that it does not work on your Windows or Mac OS X
systems.
Introduction
============
sqlmap is an open source command-line automatic SQL injection tool.
Its goal is to detect and take advantage of SQL injection
vulnerabilities in web applications. Once it detects one or more SQL
injections on the target host, the user can choose among a variety of
options to perform an extensive back-end database management system
fingerprint, retrieve DBMS session user and database, enumerate users,
password hashes, privileges, databases, dump entire or user's
specified DBMS tables/columns, run his own SQL statement, read or
write either text or binary files on the file system, execute
arbitrary commands on the operating system, establish an out-of-band
stateful connection between the attacker box and the database server
via Metasploit payload stager, database stored procedure buffer
overflow exploitation or SMB relay attack and more.
Changes
=======
Some of the new features include:
* Added support to execute arbitrary commands on the database server
underlying operating system either returning the standard output or
not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell()
stored procedure on Microsoft SQL Server;
* Added support for out-of-band connection between the attacker box
and the database server underlying operating system via stand-alone
payload stager created by Metasploit and supporting Meterpreter, shell
and VNC payloads for both Windows and Linux;
* Added support for out-of-band connection via Microsoft SQL Server
2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based
buffer overflow (MS09-004) exploitation with multi-stage Metasploit
payload support;
* Added support for out-of-band connection via SMB reflection attack
with UNC path request from the database server to the attacker box by
using the Metasploit smb_relay exploit;
* Added support to read and write (upload) both text and binary files
on the database server underlying file system for MySQL, PostgreSQL
and Microsoft SQL Server;
* Added database process' user privilege escalation via Windows Access
Tokens kidnapping on MySQL and Microsoft SQL Server via either
Meterpreter's incognito extension or Churrasco stand-alone executable.
Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
Download
========
You can download it in two formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.tar.gz
* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* "Advanced SQL injection to operating system full control"
whitepaper[1] and slides[2] presented at Black Hat Europe 2009 in
Amsterdam (The Netherlands) on April 16, 2009
[1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf
[2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides
Happy hacking!
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists