* Support to **establish an out-of-band stateful TCP connection between the attacker machine and the database server** underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.

* Support for **database process' user privilege escalation** via Metasploit's Meterpreter `getsystem` command.

* sqlmap [user's manual](https://github.com/sqlmapproject/sqlmap/raw/master/doc/README.pdf).

* *It all starts with the ' (SQL injection from attacker's point of view)* [slides](http://www.slideshare.net/stamparm/f-sec-2011miroslavstamparitallstartswiththesinglequote-9311238) presented by Miroslav at [FSec - FOI Security Symposium](http://fsec.foi.hr/) in Varazdin (Croatia) on September 23, 2011.

* *DNS exfiltration using sqlmap* [slides](http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281) and accompaining [whitepaper](http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper) titled *Data Retrieval over DNS in SQL Injection Attacks* presented by Miroslav at [PHDays 2012](http://www.phdays.com/) in Moscow (Russia) on May 31, 2012.

The `[email protected]` mailing list is the preferred way to ask questions, report bugs, suggest new features and discuss with other users, [contributors](https://github.com/sqlmapproject/sqlmap/blob/master/doc/THANKS) and the [developers](#developers). To subscribe use the [online web form](https://lists.sourceforge.net/lists/listinfo/sqlmap-users).