What is SQL Injection?

Firstly we will discuss about what is sql injection . SQL Injection one of the most common attack against web based app. A SQL Injection is a technique to use some code to reveal the information from the database. A successful SQL injection attack can read probably all data or sensitive server data like passwords, email, username, etc. SQL injection can be very harmful. There are many sql injection tools available in the market that you can use for SQL Injection attack. 

List of top SQL Injection tools.

  1. sqlmap
  2. sqlNinja
  3. jsql
  4. sqlsus
  5. bbqsql

SQLMap:- SQLMap is a free and opensource penetration testing and automatic sql injection tool. It is very easy to use and very famous hacking tool so It is installed in kali linux by default or directly you can download from here :- https://github.com/sqlmapproject/sqlmap

sql injection tool sqlmap

Features of sqlmap

  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2 database management systems.
  • Full support for six SQL injection techniques: Boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack

SQLNinja:- SQLNinja is also a very famous tool for sql Injection similarly SQLMap but SQLNinja we can not use in windows operating system. It supports Linux, FreeBSD, MAC OS X and iOS. 

JSQL:- Jsql injection is a free and open source lightweight application used to find database information from the server. It is written in java so it is called jsql. It provides a common way of using SQL from within Java to access a database.

Sqlsus:- It is free and open source database tool written in perl. It is an fast database dumper, be it for inband or blind injection. By using command line interface, you can retrieve the database structure, inject your own sql queries etc. Download from here:- http://sqlsus.sourceforge.net/download.html

sqlsus

bbqsql:- Blind sql injection is almost similar to other sql injection tools. This framework written in python. It is extremely useful when attacking tricky sql vulnerabilities.  


[email protected]:~# bbqsql
    _______   _______    ______    ______    ______   __       
   |       \ |       \  /      \  /      \  /      \ |  \      
   | $$$$$$$\| $$$$$$$\|  $$$$$$\|  $$$$$$\|  $$$$$$\| $$      
   | $$__/ $$| $$__/ $$| $$  | $$| $$___\$$| $$  | $$| $$      
   | $$    $$| $$    $$| $$  | $$ \$$    \ | $$  | $$| $$      
   | $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$      
   | $$__/ $$| $$__/ $$| $$/ \ $$|  \__| $$| $$/ \ $$| $$_____ 
   | $$    $$| $$    $$ \$$ $$ $$ \$$    $$ \$$ $$ $$| $$     \
    \$$$$$$$  \$$$$$$$   \$$$$$$\  \$$$$$$   \$$$$$$\ \$$$$$$$$
                     \$$$                \$$$ 

                   _.(-)._
                .'         '.
               / 'or '1'='1  \
               |'-...___...-'|
                \    '='    /
                 `'._____.'` 
                  /   |   \
                 /.--'|'--.\
              []/'-.__|__.-'\[]
                      |
                     [] 

    BBQSQL injection toolkit (bbqsql)         
    Lead Development: Ben Toews(mastahyeti)         
    Development: Scott Behrens(arbit)         
    Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)    
    SET is located at: http://www.secmaniac.com(SET)    
    Version: 1.0               
    
    The 5 S's of BBQ: 
    Sauce, Spice, Smoke, Sizzle, and SQLi
    


 Select from the menu:

   1) Setup HTTP Parameters
   2) Setup BBQSQL Options
   3) Export Config
   4) Import Config
   5) Run Exploit
   6) Help, Credits, and About

  99) Exit the bbqsql injection toolkit

bbqsql>

If you want to learn more about the ethical hacking and CTF Challenges you can visit our YouTube channel “Vulnerable Machine Solution“.

Categories: Hacking tools

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: