Comments on: sqlmap 0.7 Released – Automatic SQL Injection Tool

By: Madsen

Madsen — Sun, 30 Aug 2009 13:21:34 +0000

Hi guys.
The one for Windows has a trojan gen.
don’t download it.

Cheers!

By: Darknet

Darknet — Tue, 25 Aug 2009 14:57:37 +0000

GZero: "Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump" I believe he's referring to idle scanning as discovered by Antirez the author of Hping2.

By: GZero

GZero — Tue, 25 Aug 2009 10:06:06 +0000

Yeah Fyodor must feel like a real fucking idiot. Total waste of time and energy, it’s not like nmap can manipulate packets at all.

“And yes I haveed crafted my own packets for port scanning” – Bet you haven’t
“you need to when you scan behind a firewall. ” – No you don’t, your firewall, your rules
“Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump.” – This sounds and smells like bullshit, are you ineptly referring to SRC spoofing?

When you do your “mostly ASCII” blind SQL injections, using your handcrafted requests and techniques. How long does it take?

By: Anony

Anony — Fri, 21 Aug 2009 03:13:16 +0000

Jeff, you’re an idiot. SQLMap comes in hand when it’s blind sql and you don’t want to waste all fucking day brute forcing letter by letter to try get the whole DB content.

By: S0L0

S0L0 — Thu, 06 Aug 2009 20:59:47 +0000

Jeff Price aka jp is a troll. Check out his other posts.

By: jp

jp — Thu, 06 Aug 2009 14:43:32 +0000

you you would be one of those retarded script kiddies

By: Pyus

Pyus — Thu, 06 Aug 2009 10:29:25 +0000

sometimes i touch myself behind my firewall with nmap

By: jp

jp — Sun, 02 Aug 2009 23:11:48 +0000

lets see you use nmap to scan a computer behind a firewall.

By: um

um — Sun, 02 Aug 2009 16:30:20 +0000

Jeff, I’m pretty sure you wasted your time. I can’t think of any reason a hand crafted packet could be more effective from behind a firewall than what nmap can create. And I know for a fact nmap can spoof the source address.

And yeah, you can compare the too. Both tools automate a time consuming and repetitive task so you can focus on the results without wasting time getting them.

By: Jeff Price

Jeff Price — Sat, 01 Aug 2009 01:09:20 +0000

sql injection is way different then making ethernet frames. Mostly ascii. You can’t really compare the two. And yes I haveed crafted my own packets for port scanning, you need to when you scan behind a firewall. Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump.