SQL Map is a lightweight Windows application that was developed specifically as a graphical user interface (GUI) written in C# that works as an automatic SQL injection tool. SQLMap automates the process of identifying and exploiting SQL injection flaws as well as taking control of backend database servers. It is designed to assist you in querying your database by utilising operations that are easy to understand.
The comfort of working with portable tools
Portability delivers several advantages to your system. Your Windows registry does not get bloated with extra entries so you can get rid of the tool by simply deleting the files that you have downloaded from the Internet.
You may store the app on USB flash drives or other devices, carry it with you and run it on the target system without administrative privileges. Since there’s no installation included in the setup, you may open the utility by double-clicking on the executable file.
ad
SQL Map Features
- Exceptional support for a wide array of database management systems: MySQL, Oracle, PostgreSQL, IRIS, MimerSQL, SAP MaxDB, Microsoft SQL Server, Microsoft Access, CockroachDB, IBM DB2, SQLite, Firebird, Amazon Redshift, Informix, MariaDB, MemSQL, TiDB, HSQLDB, H2, Cubrid, Sybase, MonetDB, Vertica, Mckoi, Presto, Altibase, Apache Derby, Apache Ignite, CrateDB, Greenplum, Drizzle, InterSystems Cache, eXtremeDB and FrontBase database management systems.
- Fully supports six SQL injection techniques: boolean-based blind technique, error-based technique, UNION query-based technique, time-based blind technique, stacked queries and out-of-band.
- Enables connecting directly to the database without having to pass an SQL injection. This is done through the provision of DBMS credentials, IP address, port and database name.
- Offers support for enumerating users, password hashes, privileges, roles, databases, tables and columns.
- Automatically recognizes password hash formats and provides support to crack them with a dictionary-based attack.
- Supportive of dumping entire database tables, dumping a selection of entries, or just specific columns depending on the user’s choice. Users may also opt to dump only a selection of characters from each column’s entry.
- Able to search for specific database names and tables across all databases or in certain columns across all databases’ tables. This can be used in cases such as identifying tables that have custom application credentials, where the columns’ names contain string like name and pass.
- Supportive of downloading and uploading any file from the database server underlying file system, given that the database software is MySQL, PostgreSQL or Microsoft SQL Server.
- Enables execution of arbitrary commands and retrieval of their standard output on the database server underlying operating system, again given that the database software is MySQL, PostgreSQL or Microsoft SQL Server.
- Enables the establishment of an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. Depending on the user’s choice this channel can be one of three things: an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session.
- Offers support for user privilege escalation of database process through Metasploit’s Meterpreter getsystem command
Which database support of this software?
SQL Map GUI works with MySQL, Oracle, PostgreSQL and Microsoft SQL Server backend database management systems, and is also able to identify Microsoft Access, DB2, Informix, Sybase and Interbase.
How it works SQL Map:
The GUI interface looks clean and places all the configuration settings in a single panel. SQL Map GUI integrates only a few features for helping you set up the query process. You may insert a user-defined URL, get DB banner and current DB, enumerate DB, tables and columns, dump data, enable a flush session, set up the number of threads, as well as adjust the verbosity level.
What’s more, you are offered the possibility to enter the database, table and column to enumerate, as well as specify the first and last record.
Bottom line
All things considered, SQL Map GUI integrates a handy suite of features for helping you query databases without investing too much time in the setup process.
ad
Comments are closed.