This is the Windows app named sqlmap whose latest release can be downloaded as ElwinCaiwenys.zip. It can be run online in the free hosting provider OnWorks for workstations.
Download and run online this app named sqlmap with OnWorks for free.
Follow these instructions in order to run this app:
- 1. Downloaded this application in your PC.
- 2. Enter in our file manager https://www.onworks.net/myfiles.php?username=XXXXX with the username that you want.
- 3. Upload this application in such filemanager.
- 4. Start any OS OnWorks online emulator from this website, but better Windows online emulator.
- 5. From the OnWorks Windows OS you have just started, goto our file manager https://www.onworks.net/myfiles.php?username=XXXXX with the username that you want.
- 6. Download the application and install it.
- 7. Download Wine from your Linux distributions software repositories. Once installed, you can then double-click the app to run them with Wine. You can also try PlayOnLinux, a fancy interface over Wine that will help you install popular Windows programs and games.
Wine is a way to run Windows software on Linux, but with no Windows required. Wine is an open-source Windows compatibility layer that can run Windows programs directly on any Linux desktop. Essentially, Wine is trying to re-implement enough of Windows from scratch so that it can run all those Windows applications without actually needing Windows.
SCREENSHOTS:
sqlmap
DESCRIPTION:
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process.
sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also comes with a wide set of switches which include database fingerprinting, over data fetching from the database, accessing the underlying file system, and more.
Features
- Exceptional support for a wide array of database management systems: MySQL, Oracle, PostgreSQL, IRIS, MimerSQL, SAP MaxDB, Microsoft SQL Server, Microsoft Access, CockroachDB, IBM DB2, SQLite, Firebird, Amazon Redshift, Informix, MariaDB, MemSQL, TiDB, HSQLDB, H2, Cubrid, Sybase, MonetDB, Vertica, Mckoi, Presto, Altibase, Apache Derby, Apache Ignite, CrateDB, Greenplum, Drizzle, InterSystems Cache, eXtremeDB and FrontBase database management systems.
- Fully supports six SQL injection techniques: boolean-based blind technique, error-based technique, UNION query-based technique, time-based blind technique, stacked queries and out-of-band.
- Enables connecting directly to the database without having to pass an SQL injection. This is done through the provision of DBMS credentials, IP address, port and database name.
- Offers support for enumerating users, password hashes, privileges, roles, databases, tables and columns.
- Automatically recognizes password hash formats and provides support to crack them with a dictionary-based attack.
- Supportive of dumping entire database tables, dumping a selection of entries, or just specific columns depending on the user's choice. Users may also opt to dump only a selection of characters from each column's entry.
- Able to search for specific database names and tables across all databases or in certain columns across all databases' tables. This can be used in cases such as identifying tables that have custom application credentials, where the columns' names contain string like name and pass.
- Supportive of downloading and uploading any file from the database server underlying file system, given that the database software is MySQL, PostgreSQL or Microsoft SQL Server.
- Enables execution of arbitrary commands and retrieval of their standard output on the database server underlying operating system, again given that the database software is MySQL, PostgreSQL or Microsoft SQL Server.
- Enables the establishment of an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. Depending on the user’s choice this channel can be one of three things: an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session.
- Offers support for user privilege escalation of database process through Metasploit's Meterpreter getsystem command.
Programming Language
Python
Categories
This is an application that can also be fetched from https://sourceforge.net/projects/sqlmap.mirror/. It has been hosted in OnWorks in order to be run online in an easiest way from one of our free Operative Systems.