Welcome back Cybrarians!Section 10: Using SqlMap to Obtain Current User and Database

  1. Verify exists
  2. Instructions:
  3. cd /pentest/database/sqlmap
  4. ls -l
  1. Obtain Database User For DVWA
  2. Notes(FYI):
  3. Obtain the referer link from (Section 9, Step10), which is placed after the “-u” flag below.
  4. Obtain the cookie line from (Section 9, Step 10),which is placed after the “–cookie” flag below.
  5. Replace with Fedora’s IP addressobtained in (Section 3, Step 3).
  6. Replace (lpb5g4uss9kp70p8jccjeks621) with yourPHPSESSID obtained from (Section 9, Step 10).
  7. Instructions:
  8. ./ -u“” —
  • cookie=”PHPSESSID=lpb5g4uss9kp70p8jccjeks621;security=low” -b –current-db –current-user§ -u, Target URL§ –cookie, HTTP Cookie header§ -b, Retrieve DBMS banner§ –current-db, Retrieve DBMS current database§ –current-user, Retrieve DBMS current user
  1. Do you want to keep testing?
  2. Instructions:
  3. keep testing? y
  4. skip payloads? y
  1. Viewing Results
  2. Instructions:
  3. For the web application DVWA, the database nameis “dvwa” and the programs that communicate withthe database is “root@localhost”;

….Ok, we’ll continue this in next part.  Check out our social network site for hackers here >

Start learning with Cybrary

Create a free account

Related Posts

All Blogs