Ready to Start Your Career?

SQL Injection Lab Part 4 – Using SqlMap to Obtain Current User and Database

bjacharya 's profile image

By: bjacharya

October 11, 2016

syringe-code2Welcome back Cybrarians!Section 10: Using SqlMap to Obtain Current User and Database 
  1. Verify exists
    • Instructions:
      • cd /pentest/database/sqlmap
      • ls -l
      • img-1
  2. Obtain Database User For DVWA
    • Notes(FYI):
      • Obtain the referer link from (Section 9, Step10), which is placed after the “-u” flag below.
      • Obtain the cookie line from (Section 9, Step 10),which is placed after the “–cookie” flag below.
      • Replace with Fedora’s IP addressobtained in (Section 3, Step 3).
      • Replace (lpb5g4uss9kp70p8jccjeks621) with yourPHPSESSID obtained from (Section 9, Step 10).
  • cookie=”PHPSESSID=lpb5g4uss9kp70p8jccjeks621;security=low” -b –current-db –current-user§ -u, Target URL§ –cookie, HTTP Cookie header§ -b, Retrieve DBMS banner§ –current-db, Retrieve DBMS current database§ –current-user, Retrieve DBMS current user
  1. Do you want to keep testing?
    • Instructions:
      • keep testing? y
      • skip payloads? y
      • img-3
  2. Viewing Results
    • Instructions:
      • For the web application DVWA, the database nameis “dvwa” and the programs that communicate withthe database is “root@localhost”;
img-4….Ok, we’ll continue this in next part.  Check out our social network site for hackers here >
Schedule Demo