[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ffa432521003142008kc0d01f4kd1058482698285d@mail.gmail.com>
Date: Mon, 15 Mar 2010 03:08:58 +0000
From: "Bernardo Damele A. G." <bernardo.damele@...il.com>
To: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org,
dailydave@...ts.immunitysec.com, pen-test@...urityfocus.com,
bugtraq@...urityfocus.com
Subject: [Tool] sqlmap 0.8 released
Hi,
I am glad to release sqlmap version 0.8.
Introduction
============
sqlmap is an open source penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and taking
over of back-end database servers. It comes with a broad range of
features lasting from database fingerprinting, over data fetching from
the database, to accessing the underlying file system and executing
commands on the operating system via out-of-band connections.
Changes
=======
Some of the new features include:
* Support to enumerate and dump all databases' tables containing user
provided column(s) by specifying for instance '--dump -C user,pass'.
Useful to identify for instance tables containing custom application
credentials (Bernardo).
* Support to parse -C (column name(s)) when fetching columns of a
table with --columns: it will enumerate only columns like the provided
one(s) within the specified table (Bernardo).
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's
'getsystem' command to elevate privileges of the user running the
back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Automatic support in --os-pwn to use the web uploader/backdoor to
upload and execute the Metasploit payload stager when stacked queries
SQL injection is not supported, for instance on MySQL/PHP and
MySQL/ASP, but there is a writable folder within the web server
document root (Bernardo and Miroslav).
* Added support for regular expression based scope when parsing Burp
or Web Scarab proxy log file (-l), --scope (Miroslav).
* Major bug fix and enhancements to the multi-threading (--threads)
functionality (Miroslav).
Complete list of changes at
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.
Download
========
You can download it in various formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.gz
* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.bz2
* Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.zip
* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.8-1_all.deb
* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8-1.noarch.rpm
* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8_exe.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* Conferences' material (whitepaper and slides):
http://sqlmap.sourceforge.net/#docs
Contribute
==========
I am looking for security geeks who can write some "clean" Python
code, know about web application security, database takeover,
post-exploitation techniques, software refactoring and are motivated
to join the development team. If you are interested, please get back
to me (bernardo.damele@...il.com). If you have no clue what the tool
is about, are excited about joining the effort, but has never written
a single line of code or you want only to appear in the AUTHORS file,
please don't waste my and your time.
For the sceptical.. No, it's not only about web application. Yes, it
helps you also to get a command prompt on the target system. Yes, it
can be used to privilege escalate to SYSTEM if the target system is
Windows.
Not yet convinced that this tool is worth a try? Get some popcorns,
head to http://sqlmap.sourceforge.net/demo.html and watch some video
demonstrations.
Happy hacking!
Bernardo and Miroslav
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists