Kali Linux Using Mole-Automatic SQL injection tool

Mole-Automatic SQL injection tool
Mole is an automatic SQL injection tool and is based on Python. This tool has been developed by Nasel. In this post, I will completely demonstrate SQL Injection using Mole. Mole currently supports MySQL, SQL Server and Oracle databases. I hope this comes out to be the best tutorial on Mole available on the web.

Download Or
Quick Installation for Kali/Backtrack:

$ sudo apt-get install python3 python3-lxml
$ wget http://sourceforge.net/projects/themole/files/themole-0.2.6/themole-0.2.6-lin-src.tar.gz/download
$ tar xzvf themole-0.2.6-lin-src.tar.gz
$ cd themole-0.2.6

After the installation of required packages and Mole, we are ready to start with the process...
Now, this is the URL we will be checking for SQL injection using Mole.

http://127.0.0.1:xxxx/vulnerable/index.php/?id=1

Now, open the terminal. I have Mole directory on my Desktop so I will be proceeding as:
-u is for the vulnerable URL
-n or -needle is for the needle, that might be any strong keyword on the website.



Now press ‘Enter‘ and you will get to see something like:
Type in 'Schemas' as shown below and press 'Enter':
Now to dump the table names from the selected database, type in ‘tables <database-name>‘ as:
Type ‘columns <database-name> <table-name>‘ to dump the column names of the selected database.
Finally, dump the columns as ‘query <database-name> <table-name> column-1,column-2‘

This is it, we have successfully dumped the database using Mole.
SHARE

About Lasha Gogua

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment