Home 0P3N Blog SQL Injection Lab Part 4 – Using SqlMap to Obtain Current User and Database
Ready to Start Your Career?
Create Free Account
bjacharya s profile image
By: bjacharya
October 11, 2016

SQL Injection Lab Part 4 – Using SqlMap to Obtain Current User and Database

By: bjacharya
October 11, 2016
bjacharya s profile image
By: bjacharya
October 11, 2016
syringe-code2Welcome back Cybrarians!Section 10: Using SqlMap to Obtain Current User and Database 
  1. Verify sqlmap.py exists
    • Instructions:
      • cd /pentest/database/sqlmap
      • ls -l sqlmap.py
      • img-1
  2. Obtain Database User For DVWA
    • Notes(FYI):
      • Obtain the referer link from (Section 9, Step10), which is placed after the “-u” flag below.
      • Obtain the cookie line from (Section 9, Step 10),which is placed after the “–cookie” flag below.
      • Replace 192.168.1.106 with Fedora’s IP addressobtained in (Section 3, Step 3).
      • Replace (lpb5g4uss9kp70p8jccjeks621) with yourPHPSESSID obtained from (Section 9, Step 10).
  • cookie=”PHPSESSID=lpb5g4uss9kp70p8jccjeks621;security=low” -b –current-db –current-user§ -u, Target URL§ –cookie, HTTP Cookie header§ -b, Retrieve DBMS banner§ –current-db, Retrieve DBMS current database§ –current-user, Retrieve DBMS current user
img-2
  1. Do you want to keep testing?
    • Instructions:
      • keep testing? y
      • skip payloads? y
      • img-3
  2. Viewing Results
    • Instructions:
      • For the web application DVWA, the database nameis “dvwa” and the programs that communicate withthe database is “root@localhost”;
img-4….Ok, we’ll continue this in next part.  Check out our social network site for hackers here > hcnepal.com
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry