sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Some of the new features include:
* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'.
Useful to identify for instance tables containing custom application credentials (Bernardo).
* Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo).
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav).
* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav).
* Major bug fix and enhancements to the multi-threading (--threads) functionality (Miroslav).
Some of the new features include:
* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'.
Useful to identify for instance tables containing custom application credentials (Bernardo).
* Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo).
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav).
* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav).
* Major bug fix and enhancements to the multi-threading (--threads) functionality (Miroslav).
Download
No hay comentarios:
Publicar un comentario