Saturday, June 28, 2014

HOWTO : The Mole on Kali Linux 1.0.7

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.


- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Auto-completion for commands, command arguments and database, table and columns names.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections through GET/POST/Cookie parameters.
- Developed in python 3.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.


Quick start
Command Usage
Exploiting injections through POST/Cookies
Filters - bypassing IDS/IPS
Exploiting injections that return binary data
Writing custom filters


apt-get update
apt-get install themole

Run it

themole -h
themole -u "" -n "admin"

That's all! See you.