Mole is an automatic SQL injection tool and is based on Python. This tool has been developed by Nasel. In this post, I will completely demonstrate SQL Injection using Mole. Mole currently supports MySQL, SQL Server and Oracle databases. I hope this comes out to be the best tutorial on Mole available on the web.
Quick Installation for Kali/Backtrack:
$ sudo apt-get install python3 python3-lxml
$ wget http://sourceforge.net/projects/themole/files/themole-0.2.6/themole-0.2.6-lin-src.tar.gz/download
$ tar xzvf themole-0.2.6-lin-src.tar.gz$ cd themole-0.2.6
After the installation of required packages and Mole, we are ready to start with the process...
Now, this is the URL we will be checking for SQL injection using Mole.
Now, open the terminal. I have Mole directory on my Desktop so I will be proceeding as:
-u is for the vulnerable URL
-n or -needle is for the needle, that might be any strong keyword on the website.
Now press ‘Enter‘ and you will get to see something like:
Type in 'Schemas' as shown below and press 'Enter':
Now to dump the table names from the selected database, type in ‘tables <database-name>‘ as:
Type ‘columns <database-name> <table-name>‘ to dump the column names of the selected database.
Finally, dump the columns as ‘query <database-name> <table-name> column-1,column-2‘