Binus Hacker - Independent Hacking Community   Subscribe to BINUS HACKER Subscribe to BINUS HACKERSubscribe to BINUS HACKER FacebookSubscribe to BINUS HACKER Twitter

The Best SQL Injection Tools Classified

30 January 2009
Penulis:   · Kategori Artikel: Cracking, Tutorial

BINUS HACKER Binus Hacker Is Not Criminal Banner



Continuing my review of the best penetration testers tools, it’s time to face the most dangerous vulnerability a website may suffer in regards to data protection : SQL Injection.
I’m not going through the sql injection basis as we already have a nice guide in depth and there is a number of references on the internet.
But I’m going to make some rough classification of every tool listed so that this can serve as a quick reference.

I am going to list here the most used tools for sql injection exploitation. There are some others to find the sql injection in a website as well. But this shouldn’t be an issue for a professional.

The explotitaion tools work for different kind of DBMS and using different techniques such as error based sql injection, inband or union based sql injection and blind sql injection.

To date, MS SQL Server is the DBMS that has the highest number
of attacking tools available. It is prone to error based sql injection thus retrieving data from it is as easy as providing the vulnerable url to tools like Priamos and Absinthe and clicking a button.
These tools are not free from bugs. Sometimes they fail to receive correct data, but if you’re not a script kiddie there’s no way you can miss it.

Priamos Download Tools Here

  • Works on SQL server only
  • Enumerates databases, tables and data in a very nice GUI
  • The only big problem is that it works only with GET requests, unless you make it pass through a proxy to change the request to POST and shift the query string to the http request payload.
  • Allows for proxy tunneling
  • Very fast

Absinthe
Beside some bugs that affect the tool, 2.0b version works with

  • Blind sqli
  • Error based sqli

and does a better job than 1.41 version.

Blind mode supports: SQL Server, Postgre, Sybase, Oracle.
Error based mode supports SQL Server

  • good GUI from which fine tuning the injection parameters and additional options like authentication.

Injection is feasible through

  • POST
  • GET
  • COOKIE

Allows for proxy tunneling

SQLMap
It’s the best tool to deal with Mysql sql injections. The only tool that does the job sometimes.

  • It’s python powered so it’s cross platform.

It supports:

  • MySQL
  • Oracle
  • PostgreSQL
  • Microsoft SQL Server.

SQLmap supports two operating modes:

  • Blind SQLi
  • Inband (Union) Sqli

Before going for Blind sql injection, that is slow and requires a lot of requests to the server, it is possible to check for UNION based sqli availability that gives faster results.

SQLmap performs blind sqli recognition through hashes of the http response text. It is possible to specify the string to match in the response text when the case is TRUE. A very needed feature sometimes.

It supports injection into

  • GET
  • POST
  • COOKIE
  • USER-AGENT

and retrieves:

  • databases username and password
  • DBMS version
  • databases
  • tables
  • data

It allows to execute custom SQL queries as if you were on a real SQL client connected to the remote DBMS. This saves a lot of time and allows for very sophisticated data retrieval.

More options are:

  • proxy support
  • google dorks
  • remote file retrieval.

In the tool package a very nice guide on the tool usage is given

Automagic
It’s written in perl and requires that you read the guide or watch the nice flash video before you can really enjoy it.

It works only against SQL Server DBMS and performs dumo of

  • database
  • tables
  • data

It is possible to retrieve DBMS users and passwords. It’s quite fast, in my opinion Priamos and Absinthe do a better job.
A good backup tool though.
To sum up

Mysql SQL Injection tools:

  • SQL Map (blind and inband)

Oracle SQL Injection tools:

  • SQL Map (inband)
  • Absinthe (blind)

Sybase SQL Injection tools:

  • Absinthe (blind)

MS SQL Server SQL Injection tools:

  • Atomagic (error)
  • SQL Map (error and inband)
  • Priamos (error)
  • Absinthe (error)

If the list is not exhaustive…well…these at least are the most known and used.
Of course every professional has his own tools and patches to improve these tools or adding functionalities. Your own tool is always the best tool.
Any suggestion or addition is encouraged!

Tags: , , ,

BINUS HACKER Binus Hacker Chat and Forum

Komentar

12 Komentar Untuk “The Best SQL Injection Tools Classified
Silahkan Berikan Tanggapan Anda Untuk Artikel Ini...

  1. brokencode pada 4 October 2008 8:31 am

    excellent! thanks for recommendation ;)

  2. busthood pada 9 October 2008 12:40 pm

    bagus bro…. agak laen daripada postinganya daripada forum yang biasanya…, btw di buat forum aja biar bisa sharing

  3. fadlie pada 23 October 2008 7:40 pm

    bro Blogroll di tambah situs gw http://www.fadlie.web.id Thanks :)

  4. reyo pada 6 November 2008 11:44 pm

    bos,caranya hack joomla gimana?kasi tau tutorialnya dunk yang pake inject SQL..nanti tukeran sama script phising friendster deh

  5. blankcode pada 1 December 2008 9:47 am

    iya dungs kasih teu tuk hack joomla

  6. akane pada 26 December 2008 6:59 am

    i mind schemafuzz still the best :P

  7. ag pada 2 January 2009 3:51 am

    thanks for information

  8. mahya pada 10 February 2009 10:34 pm

    thanks for information

  9. zbond pada 22 April 2009 7:48 pm

    ajarin cara menghack php website

  10. nugrah-lucu pada 20 May 2009 5:21 am

    wew…nice…but could you sharing information about “sql injection with putty? tell please :) great!!!

  11. kank_ripay pada 23 October 2009 9:22 am

    massih bingung

  12. thierrydhany pada 6 February 2010 3:45 am

    postingan yang bermutu, saya selalu mengikuti,salam kenal.. maju terus hacker indonesia…

Silahkan Berikan Tanggapan Anda...