sqlmap - why (not how) it works?
46
sqlmap – why (not how) it works? Miroslav Stampar ([email protected]) sqlmap – why (not how) it works? Miroslav Stampar ([email protected])
-
Upload
miroslav-stampar -
Category
Internet
-
view
2.662 -
download
4
Transcript of sqlmap - why (not how) it works?
sqlmap – why (not how)it works?
Miroslav Stampar([email protected])
sqlmap – why (not how)it works?
Miroslav Stampar([email protected])
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 2
Formal introduction
sqlmap is an open source penetration testing tool that automates the process of
detecting and exploiting SQL injection flaws and taking over of database
servers. It comes with a powerful detection engine, many niche features for the ultimate
penetration tester and a broad range of switches lasting from database fingerprinting,
over data fetching from the database, to accessing the underlying file system and
executing commands on the operating system via out-of-band connections.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 3
Birthday
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 4
Short history
Daniele Belluci (@belch) – July 1st 2006, birthday of @sqlmap
Bernardo Damele A. G. (@inquisb) – late 2006, joins the @sqlmap
Daniele Belluci (@belch) – late 2006, leaves the @sqlmap
Miroslav Stampar (@stamparm) – late 2009, joins the @sqlmap
...and they lived happily ever after :)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 5
sqlmap.py (1)
Version Release date Switches / options Code files LOC Total size
0.(0.)1 2006-06-01 16 3 339 64KB
0.2 2006-12-13 20 7 1117 116KB
0.3 2007-01-20 24 8 1731 160KB
0.4 2007-06-15 34 18 3819 468KB
0.5 2007-11-04 37 23 5711 680KB
0.6 2008-09-01 47 55 11920 1.2MB
0.7 2009-07-25 75 85 19387 5.1MB
0.8 2010-03-14 94 96 22840 5.7MB
0.9 2011-04-10 115 212 38787 9.5MB
1.0(-dev-f89ce21) 177 375 60995 12MB
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 6
sqlmap.py (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 7
sqlmap.py (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 8
sqlmap.org (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 9
sqlmap.org (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 10
sqlmap.org (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 11
sqlmap.org (4)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 12
SourceForge (obsolete)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 13
Mailing list (deprecated)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 14
GitHub (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 15
GitHub (2)
cuckoobox/cuckoobeefproject/beefandresriancho/w3afsqlmapproject/sqlmaprapid7/metasploit-frameworkbro/brosleuthkit/sleuthkitwireshark/wiresharkaircrack-ng/aircrack-ng...
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 16
GitHub (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 17
GitHub (4)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 18
GitHub (5)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 19
GitHub (6)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 20
GitHub (7)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 21
sqlmapreporter (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 22
sqlmapreporter (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 23
sqlmapreporter (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 24
sqlmapreporter (4)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 25
testenv (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 26
testenv (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 27
testenv (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 28
Benchmark (sectoolmarket.com)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 29
Twitter (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 30
Twitter (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 31
Twitter (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 32
Twitter (4)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 33
Twitter (5)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 34
Donations (PayPal)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 35
???
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 36
Donations (Ƀitcoin)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 37
Dual license (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 38
Dual license (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 39
sqlmappro (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 40
sqlmappro (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 41
BOFH (1)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 42
BOFH (2)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 43
BOFH (3)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 44
BOFH (4)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 45
Answer to the title's question
Because of the long-lasting enthusiasm of a couple of guys having a large, (very) demanding and quite responsive user-base (and couple of angry trolls)
......and they lived happily ever after :)
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 46
Questions?
![[In]Seguridad Informática_ SQL Injection to Shell with SQLMap](https://static.fdocuments.in/doc/165x107/55cf9c00550346d033a83478/inseguridad-informatica-sql-injection-to-shell-with-sqlmap.jpg)
![[In]Seguridad Informática_ [SQLMAP] SQL Injection utilizando método POST](https://static.fdocuments.in/doc/165x107/55cf9c00550346d033a83470/inseguridad-informatica-sqlmap-sql-injection-utilizando-metodo-post.jpg)
