sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Features :
* Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
* Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
* Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
* Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
* Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
* Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
* Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables.
* This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
* Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
* Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
* Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system.
* Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
* Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
* Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system.
* This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
*Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.
*Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.
Video Demo:
