lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ffa432520904220729gfa41f6ej579aab658f56fdf9@mail.gmail.com>
Date: Wed, 22 Apr 2009 15:29:26 +0100
From: "Bernardo Damele A. G." <bernardo.damele@...il.com>
To: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org, 
	dailydave@...ts.immunitysec.com, pen-test@...urityfocus.com, 
	bugtraq@...urityfocus.com
Subject: [Tool] sqlmap 0.7rc1 released

Hi,

I am glad to release sqlmap version 0.7rc1.
WARNING: This release is a candidate, it only works on Linux so please
do not complain that it does not work on your Windows or Mac OS X
systems.

Introduction
============

sqlmap is an open source command-line automatic SQL injection tool.
Its goal is to detect and take advantage of SQL injection
vulnerabilities in web applications. Once it detects one or more SQL
injections on the target host, the user can choose among a variety of
options to perform an extensive back-end database management system
fingerprint, retrieve DBMS session user and database, enumerate users,
password hashes, privileges, databases, dump entire or user's
specified DBMS tables/columns, run his own SQL statement, read or
write either text or binary files on the file system, execute
arbitrary commands on the operating system, establish an out-of-band
stateful connection between the attacker box and the database server
via Metasploit payload stager, database stored procedure buffer
overflow exploitation or SMB relay attack and more.


Changes
=======

Some of the new features include:

* Added support to execute arbitrary commands on the database server
underlying operating system either returning the standard output or
not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell()
stored procedure on Microsoft SQL Server;
* Added support for out-of-band connection between the attacker box
and the database server underlying operating system via stand-alone
payload stager created by Metasploit and supporting Meterpreter, shell
and VNC payloads for both Windows and Linux;
* Added support for out-of-band connection via Microsoft SQL Server
2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based
buffer overflow (MS09-004) exploitation with multi-stage Metasploit
payload support;
* Added support for out-of-band connection via SMB reflection attack
with UNC path request from the database server to the attacker box by
using the Metasploit smb_relay exploit;
* Added support to read and write (upload) both text and binary files
on the database server underlying file system for MySQL, PostgreSQL
and Microsoft SQL Server;
* Added database process' user privilege escalation via Windows Access
Tokens kidnapping on MySQL and Microsoft SQL Server via either
Meterpreter's incognito extension or Churrasco stand-alone executable.

Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.


Download
========

You can download it in two formats:

* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.tar.gz

* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.zip


Documentation
=============

* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf

* "Advanced SQL injection to operating system full control"
whitepaper[1] and slides[2] presented at Black Hat Europe 2009 in
Amsterdam (The Netherlands) on April 16, 2009

[1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf
[2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides


Happy hacking!


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ