Hi, I am glad to release sqlmap version 0.8. Introduction ============ sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Changes ======= Some of the new features include: * Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'. Useful to identify for instance tables containing custom application credentials (Bernardo). * Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo). * Support for takeover features on PostgreSQL 8.4 (Bernardo). * Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo). * Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav). * Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav). * Major bug fix and enhancements to the multi-threading (--threads) functionality (Miroslav). Complete list of changes at https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.8-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8_exe.zip Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * Conferences' material (whitepaper and slides): http://sqlmap.sourceforge.net/#docs Contribute ========== I am looking for security geeks who can write some "clean" Python code, know about web application security, database takeover, post-exploitation techniques, software refactoring and are motivated to join the development team. If you are interested, please get back to me (bernardo.damele@xxxxxxxxx). If you have no clue what the tool is about, are excited about joining the effort, but has never written a single line of code or you want only to appear in the AUTHORS file, please don't waste my and your time. For the sceptical.. No, it's not only about web application. Yes, it helps you also to get a command prompt on the target system. Yes, it can be used to privilege escalate to SYSTEM if the target system is Windows. Not yet convinced that this tool is worth a try? Get some popcorns, head to http://sqlmap.sourceforge.net/demo.html and watch some video demonstrations. Happy hacking! Bernardo and Miroslav -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F
