John Draper (1944 - )
Known as "Captain Crunch". One the first phreakers and member of the Homebrew computer club. Most known for experimenting with a whistle that came with Cap’n'Crunch cereal to hack the US phone system of the time, and for building Blue Boxes (devices capable of reproducing tones used by the phone company). Arrested in 1972 on phone fraud and other such charges.
Kevin David Mitnick (1963 - )
Known as "Condor". Cracker and phreaker, described by the U.S. Department of Justice as "the most wanted computer criminal in United States history". He broke into DEC, Motorola, NEC, Sun, Novell, Fujitsu, Nokia, and other systems.
He also broke into the computer of security expert Tsutomu Shimomura. However, Shimomura tracked him across the country to his apartment in Raliegh, North Carolina. Mitnick was arrested shortly thereafter.
Kevin Mitnick has authored the book "The Art of Deception", and is currently working as computer security consultant.
William "Bill" Landreth (1964 - )
Known as "The Cracker". In the 1980’s he was a member of the cracking club "Inner Circle". He broke into the computer systems of banks, newspapers, schools, the phone company, and credit card bureaus. Author of the book "Out of the Inner Circle", now has a job in computer security.
Kevin Lee Poulsen (1965 - )
Known as "Dark Dante". Broke into federal computers revealing details of wiretaps and of FBI front companies. His best-known hack was a takeover of all of the phone lines for radio station KIIS-FM 102, ensuring that he would be the "lucky" 102nd caller.
Poulsen is now a senior editor for Wired News. His most prominent article details his work on identifying 744 registered sex offenders who were using MySpace to solicit sex from children.
Karl Werner Lothar Koch (1965 - 1989)
Known as "Hagbard Celine". German hacker who was loosely affiliated with the CCC (Chaos Computer Club). He worked with the hackers known as DOB (Dirk-Otto Brezinski), Pengo (Hans Heinrich Hübner), and Urmel (Markus Hess), and was involved in selling hacked information from US military computers to the KGB. Mysteriously died in 1989 at the age of 23.
Gary McKinnon (1966 - )
Known as "Solo". British hacker, currently facing charges of mounting "the largest computer hack of all time" of U.S. government computer networks, including Army, Air Force, Navy and NASA systems. In an interview he claimed that he was able to get into the military’s networks simply by using a script that searched for blank passwords.
Corey A. Lindsly (1967 - )
Known as "Mark Tabas". Former LOD member. Ringleader of the Phone Masters, a phone phreaking group that penetrated the systems of AT&T, British Telecom, GTE, MCI WorldCom, Sprint, Equifax, TRW, Southwestern Bell, Nexis/Lexis, Dun & Bradstreet, systems owned by governmental agencies, air-traffic-control systems and more.
Boris Floricic (1972 - 1998)
Known as "Tron". German hacker and phreaker, member of the CCC (Chaos Computer Club). In 1998 he was found dead, hanged with a belt. It is argued that his activities in the areas of Pay TV cracking and voice scrambling might have disturbed the affairs of an intelligence agency or organized crime.
Mark Abene (1972 - )
Known as "Phiber Optik". Former member of the LOD (Legion of Doom). Between 1989 and 1990 his affiliations changed from the LOD to the rival group MOD (Masters of Deception) as a result of a feud with LOD member Erik Bloodaxe. Phiber Optik’s joining up with MOD marked the beginning of the "Great Hacker War", several years of rivalry between the two groups.
When the AT&T telephone system crashed in 1990, he was blamed and raided by the Secret Service, but the crash later turned out be caused by a computer bug. In 1991 he was raided again for his phone hacking exploits with Southwestern Bell, New York Telephone, Pacific Bell, US West, and Martin Marietta Electronics Information and Missile Group.
Richard Pryce (1978 - )
Known as "Datastream Cowboy". As a teenager, he and Mathew "Kuji" Bevan (age 21) broke into key U.S. Air Force systems and a network owned by the missile and aircraft manufacturers, obtaining access to files on ballistic weapons research and messages from U.S. agents in North Korea.
Ehud Tenebaum (1979 - )
Known as "Analyzer". Israeli cracker who in 1998 broke into many unclassified Pentagon systems in what was "the most organized and systematic attack to date" on US military systems.
Adrian Lamo (1981 - )
Former grey hat hacker. Dubbed the "homeless hacker" for his transient lifestyle, Lamo identified and exploited security flaws in computer networks of several companies, and then notified them of their shortcomings. Best known among these were his intrusions into The New York Times, Microsoft, MCI WorldCom, Ameritech, Cingular, AOL, Bank of America, Sun Microsystems, and more. He only used a web browser for 95% of his intrusion.
Jonathan James (1984 - )
Known as "c0mrade". As a teenager he broke into 13 NASA computers, and installed a backdoor into a Defense Threat Reduction Agency server, a Pentagon computer system that monitors threats from nuclear and chemical weapons.
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..
Changes
Some of the new features include:
* Major enhancement to get list of targets to test from Burp proxy requests log file path or WebScarab proxy ‘conversations/’ folder path with option -l;
* Major enhancement to support Partial UNION query SQL injection technique;
* Major enhancement to test if the web application technology sup ports stacked queries (multiple statements) by providing option –stacked-test which will be then used someday also by takeover functionality;
* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option –time-test;
* Major bug fix to correctly enumerate columns on Microsoft SQL Server;
* Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM
there is no database name specified;
Complete ChangeLog
You can download sqlmap 0.6.3 here:
