The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole features and tutorial has been discussed before but the new version of Mole (v3.0) has been released and available to download.
Features
- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Auto-completion for commands, command arguments and database, table and columns names.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections through GET/POST/Cookie parameters.
- Developed in python 3.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
Current Release: v0.3 (2012-03-02)
- Windows 32bit executable: themole-0.3-win32.zip
- Tarball-gzipped format: themole-0.3-lin-src.tar.gz
- Zip format: themole-0.3-win-src.zip
Current Bug-Free version
Even though we want to keep the release up-to-date, it is impossible to make one for every single patch we have applied to the current version to fix a bug. We strongly recommend using thebugfix branch from our repository. To get it, execute:git clone -b bugfix git://git.code.sf.net/p/themole/code themole-code
git pull origin bugfix
The Mole's release 0.3 is out! Several bugfixes have been made and new features were introduced. As:
* Enabled injection through cookie paramters.
* New filtering mechanism enabling better manipulation and easier filter development.
* Added several of those filters.
* SQL Injections that return binary data are now exploitable.
* DMBS credentials listing.
The Mole SQLi Exploitation Tool Tutorial
Complete tutorial with video explanation can be find here.
0 comments:
Post a Comment