The Mole(SQL Injection exploitation tool) v0.3 released

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole features and tutorial has been discussed before but the new version of Mole (v3.0) has been released and available to download.

Features

• Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
• Command line interface. Different commands trigger different actions.
• Auto-completion for commands, command arguments and database, table and columns names.
• Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
• Exploits SQL Injections through GET/POST/Cookie parameters.
• Developed in python 3.
• Exploits SQL Injections that return binary data.
• Powerful command interpreter to simplify its usage.
  

Current Release: v0.3 (2012-03-02)

• Windows 32bit executable: themole-0.3-win32.zip
• Tarball-gzipped format: themole-0.3-lin-src.tar.gz
• Zip format: themole-0.3-win-src.zip
  

Current Bug-Free version

Even though we want to keep the release up-to-date, it is impossible to make one for every single patch we have applied to the current version to fix a bug. We strongly recommend using the bugfix branch from our repository. To get it, execute:

git clone -b bugfix git://git.code.sf.net/p/themole/code themole-code

In order to put it up to date, before using it, update it by executing:

git pull origin bugfix

The Mole's release 0.3 is out! Several bugfixes have been made and new features were introduced. As:

* Enabled injection through cookie paramters.
* New filtering mechanism enabling better manipulation and easier filter development.
* Added several of those filters.
* SQL Injections that return binary data are now exploitable.
* DMBS credentials listing.

The Mole SQLi Exploitation Tool Tutorial

Complete tutorial with video explanation can be find here.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.