Making the Sqlmap ModuleSubmitted by mtesauro on Sun, 05/03/2009 - 15:03 |
Get the source for sqlmap
Go to the sqlmap website and grab the latest source tarball. In this case, that is sqlmap-0.7rc1.tar.gz. Yes, its a release canidate but per the site, it works fine on Linux. That's what we're using so no worries.
Create the needed directories in fakeroot
Eventually, we'll use dir2lzm to make the module, so lets get the necessary directories. Also, since I prefer working in a running Live CD, first that up first and use the newly added SSH starting script to get the OpenSSH daemon up and running by doing the following in a Konsole window:
# sshd-start
Generating public/private rsa1 key pair
[bunch more junk]
The key fingerprint is:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 root@slax
Don't forget to set your password with "passwd"
# passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password: *******
Re-enter new password: *******
Password changed.
#
Now, go ahead and SSH to the running Live CD. Note: I generally like to ssh to the Live CD so its easier for me to grab and document the work I did to get the module created. You can skip the ssh bit and work directly on the Live CD (in VirtualBox for example) if you prefer.
# mkdir -p ./fakeroot/opt/owasp/ # mkdir -p ./fakeroot/usr/bin # mkdir -p ./fakeroot/usr/share/applications # mkdir -p ./fakeroot/usr/share/pixmaps
Create and put the module's files into the fakeroot directory
Since we are getting Python code which is interpreted, lets get the application file where it needs to go.
# tar -xzvf sqlmap-0.7rc1.tar.gz -C fakeroot/opt/owasp/ # mv fakeroot/opt/owasp/sqlmap-0.7rc1/ fakeroot/opt/owasp/sqlmap
Next, well need a script to start OWASP Wapiti in fakeroot/usr/bin. This one is very easy:
# vi fakeroot/usr/bin/sqlmap [create script] # cat fakeroot/usr/bin/sqlmap #!/bin/sh cd /opt/owasp/sqlmap ./sqlmap.py "$@" # chmod 775 fakeroot/usr/bin/sqlmap
Because sqlmap is a command line tool, we're going to create two startup scripts to be used by the menu item:
# vi fakeroot/usr/bin/startup-sqlmap [create script] # cat fakeroot/usr/bin/startup-sqlmap #/bin/sh echo " _ " echo " ___ __ _| |_ __ ___ __ _ _ __ " echo " / __|/ _\` | | '_ \` _ \ / _\` | '_ \ " echo " \__ \ (_| | | | | | | | (_| | |_) |" echo " |___/\__, |_|_| |_| |_|\__,_| .__/ " echo " |_| |_| " echo " " echo " v. 0.7rc1 " echo " " echo " A SQL Injection Tool " echo " by Bernardo Damele A. G. <bernardo.damele@gmail.com>" echo " " echo " Usage: sqlmap [options]" echo " " echo " Try \"sqlmap -h\" for help which is quite long or " echo " do \"sqlmap -h | less\" to allow easy scrolling " echo " " # chmod 775 fakeroot/usr/bin/startup-sqlmap
Creating sqlmap's menu file is rather simple. Use a text editor and create the file sqlmap.desktop
# vi fakeroot/usr/share/applications/sqlmap.desktop [create the file] # cat fakeroot/usr/share/applications/sqlmap.desktop [Desktop Entry] Encoding=UTF-8 Exec=startup-sqlmap; bash Icon=/usr/share/pixmaps/sqlmap-icon.png Type=Application Categories=Application;Network; Name=SQL Injection Tool Terminal=1 TerminalOptions=-T "sqlmap – A SQL Injection Tool" GenericName=sqlmap MimeType= X-KDE-StartupNotify=true
The icon was a bit interesting. I decided to use the syringe image from the website and then applied some Gimp-foo. I then moved that into fakeroot.
# cp ./sql-icon.png ./fakeroot/usr/share/pixmaps/
Everything is in place to create the modules, a quick final check:
# find fakeroot fakeroot/ fakeroot/opt fakeroot/opt/owasp fakeroot/opt/owasp/sqlmap ...
Generate the .lzm module
This is the easy part.
# ./dir2lzm ./fakeroot sqlmap-0.7rc1.lzm
Add the modules to the ISO build directory
Also cake
$ cp -i sqlmap-0.7rc1.lzm ../contents/slax/base/ $ chmod 775 ../contents/slax/base/sqlmap-0.7rc1 .lzm
Test the new module
I like scp'ing the new modules into a running Live CD and using the Module Manager to Add modules to a running system. I typically have the Live CD running in a VM while I create modules so its already up and ready.
You can also gen a new ISO and run it in a VM of your choice.
$ cd ../contents/slax/ $ ./make_iso.sh /home/mtesauro/isos/new-owasp.iso
If anything doesn't work as expected, make the changes needed to ./fakeroot and try again.
Clean up and archive
Once you've got a working module, lets clean up a bit.
$ $ mkdir ./completed_modules/sqlmap $ mv sqlmap-0.7rc1.lzm ./completed_modules/sqlmap/ $ mv temp/sqlmap-0.7rc1.tar.gz ./completed_modules/sqlmap/ $ rm -rf ./temp/*
I usually delete anything under ./fakeroot also.
# rm -rf ./fakeroot/*