Sqlmap pdf

10/29/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=c1a5fa72-d61f-41e8-a484-21538d03353f&course_i… 1/3

%20

%8

SafeAssign Originality Report Database Security - 202051 - CRN139 - Zarenejad • Week 2 Paper

%28Total Score: Medium risk Bhargav Choudary Alaparthi

Submission UUID: 74a31a49-d551-edf9-af6d-70627808a61a

Total Number of Reports

1 Highest Match

28 % Week #2 Assignment (SQLmap).docx

Average Match

28 % Submitted on

10/29/20 09:54 PM EDT

Average Word Count

661 Highest: Week #2 Assignment (SQLmap).…

%28Attachment 1

Internet (6)

sectechno cyberpunk offensive-security

acunetix securenetworksitc appknox

Institutional database (3)

Student paper Student paper Student paper

Top sources (3)

Excluded sources (0)

View Originality Report - Old Design

Word Count: 661 Week #2 Assignment (SQLmap).docx

2 7 3

4 6 5

8 9 1

2 sectechno 8 Student paper 7 cyberpunk

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport?attemptId=c1a5fa72-d61f-41e8-a484-21538d03353f&course_id=_50397_1&download=true&includeDeleted=true&print=true&force=true
10/29/2020 Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=c1a5fa72-d61f-41e8-a484-21538d03353f&course_i… 2/3

Source Matches (9)

Student paper 100% sectechno 63%

SQLMAP 1

SQLMAP 5

SQLmap. Bhargav Alaparthi. New England College.

SQL Map

SQL map is an open-source pen-testing tool that helps in automating the sequence of detecting and making use of SQL injection weaknesses and taking over the tested databases. The tool comes with a very powerful perception engine, many opportunistic features for the chief pen tester, and a wider range of switches

which may include fingerprinting, over data acquisition from a database, to get the niche filesystem, and running the commands on an OS through the out of band connections. Features of SqlMap

The sqlmap is made in a special way which enables it not only to find the bugs but also to make the exploitation of the vulnerability. The scanner, out of the box, comes with greater functionalities, starting from defining the database management system, to creating an immediate dump data, and finalizing with the acquiring the access to a system and accessing the files on the targeted node to run the remote command on the given server. Some of the features of the tool are as follows. Privilege escalation The sqlmap supports the database series in user and privilege escalation by use of the Metersploit’s Meterpreter getsystem command. Here one may find that his session is only limited to certain user rights. This tends to in a great measure limit that can be performed by the user on the remote systems such as the installation of backdoors, manipulation of the registries, websites dumping among others. By the use of the Metasploit meterpreter getsystem, one can

apply various techniques to attempt to escalate the privileges on the remote system. also, by the use of other local exploits, one can do the privilege escalation. SQL injection

The SQL map can be used to perform several types of SQL injection. The SQL injection can be categorized into three parts, i.e, In-band SQLi, Out-of-band-SQLi,

and inferential SQL. The In-band SQLi(classic SQLi) comes into play when the attacker is capable of using the same communication media to start an attack and also to acquire the results. In-band SQLi is further divided into error-based SQLi and union-based SQLi. Inferential SQLi (Blind SQLi)- here the hacker is capable of

reconstructing the database form by sending the malware in payloads or maybe by observing the web application response and the server too. Out-of-Band

SQLi is the exact opposite of In-band SQLi. DBMS support

The sqlmap supports different types of database management systems. i.e, MySQL,Oracle,DB2, Sybase,Firebird,SQLite,PostgreSQL, Microsoft SQL Server

Microsoft Access among others. The tool also supports the direct connection to the database without passing through the SQL injection as it provides the

required DBMS crucial information such as the database name, IP address, and other credentials on the same. With the software included, it also supports the execution of commands and the acquisition of standard results on the installed operating system. Authentication

The sqlmap tool supports the automated recognition of hash format in a password and also enables one to crack them by use of various methods such as the dictionary-based attack. Also, it supports the enumeration of users, columns and rows, schemas, roles passwords hashes, and privileges. This gives the attacker an easy way into the sites hence saving much time. It also allows the uploads and downloads of any file that is in the server underlying the operating system when the server software has been installed. Importance of automated sqlmap