Jump to content

Best Sql Injection Program


ocram6616967
 Share

Recommended Posts

Link to comment
Share on other sites

Depends what you are injecting into. A web app I'd say a browser followed by sqlmap, sqlninja wins occasionally though but you have to use both to know when to chose one over the other.

Into a custom app or something else not web based you are looking at writing custom scripts.

Link to comment
Share on other sites

The group anonymous is rumored to use the Havji tool a lot (http://www.danbuzzard.net/journal/lulzsec-and-anonymous-script-kiddie-sql-injection.html), SQLMap is a tool thought in most security courses like CeH and SANS 542 so I would start with those as a general rule. If you want to test your own application/website to see if someone could get in easily then I would start with these also …

Link to comment
Share on other sites

Start with a browser and do it by hand, then move on to tools once you know what is going on. You'll learn a lot more that way.

I'd also suggest starting testing against DVWA or one of the other known vulnerable apps first, that way you know what you are looking for.

Link to comment
Share on other sites

As digininja says, start learning SQL injection by hand. Not only will you understand what the tools are doing for you, but you will also be able to make much better use of the tools and also when there is no point trying to use the tool at all.

Link to comment
Share on other sites

OKK. Do you know a good tutorial web page whereI can learn about SQL Injection (by hand) ? Thanks :)

I posted a link to a video by Joe McCray. He as slides on Slideshare, and also, check out Security Tube for more, but links abound all over the interwebs and plenty of tuts. Even pastebin has many. Just use some google fu, will take 3 seconds to find some great examples.

Also, check out (i think its called) Matiladae, from OWASP. At least, i think thats where you can get it. Iron Geek has a video demo on it too somewhere. Check his site.

Link to comment
Share on other sites

I posted a link to a video by Joe McCray. He as slides on Slideshare, and also, check out Security Tube for more, but links abound all over the interwebs and plenty of tuts. Even pastebin has many. Just use some google fu, will take 3 seconds to find some great examples.

Also, check out (i think its called) Matiladae, from OWASP. At least, i think thats where you can get it. Iron Geek has a video demo on it too somewhere. Check his site.

OK, thanks for the video Digip!

Link to comment
Share on other sites

  • 5 weeks later...

Like others have said, there are a lot of tools out there for learning and practicing exploiting web app vulns. Mutilidae is great and it comes bundled along with DVWA and a number of other vulnerable services in Metasploitable 2 (http://sourceforge.net/projects/metasploitable/files/Metasploitable2/) which is put out by Rapid7. There are also a number of great security CTF competitions, such as Stripe CTF that can really help hone your skills. I would also echo Digininja's comment that you should do manual testing as much as possible if you really want to learn how it works. Good luck!

(Also, sorry for waking a slightly stale thread.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...