Hi,
I am glad to release sqlmap version 0.8.
Changes
=======
Some of the new features include:
* Support to enumerate and dump all databases' tables containing user
provided column(s) by specifying for instance '--dump -C user,pass'.
Useful to identify for instance tables containing custom application
credentials (Bernardo).
* Support to parse -C (column name(s)) when fetching columns of a
table with --columns: it will enumerate only columns like the provided
one(s) within the specified table (Bernardo).
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's
'getsystem' command to elevate privileges of the user running the
back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Automatic support in --os-pwn to use the web uploader/backdoor to
upload and execute the Metasploit payload stager when stacked queries
SQL injection is not supported, for instance on MySQL/PHP and
MySQL/ASP, but there is a writable folder within the web server
document root (Bernardo and Miroslav).
* Added support for regular expression based scope when parsing Burp
or Web Scarab proxy log file (-l), --scope (Miroslav).
Complete list of changes at
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.
Download
========
You can download it in various formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.gz
* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.bz2
* Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.zip
* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.8-1_all.deb
* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8-1.noarch.rpm
* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.8_exe.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* Conferences' material (whitepaper and slides):
http://sqlmap.sourceforge.net/#docs
Contribute
==========
I am looking for security geeks who can write some "clean" Python
code, know about web application security, database takeover,
post-exploitation techniques, software refactoring and are motivated
to join the development team. If you are interested, please get back
to me (ber...@gm...). If you have no clue what the tool
is about, are excited about joining the effort, but has never written
a single line of code or you want only to appear in the AUTHORS file,
please don't waste my and your time.
Happy hacking!
Bernardo and Miroslav
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
