Scribd
Upload
4 views13 pages

8.Injecting Code in Data Driven Applications SQL Injection

Uploaded by

Ritesh Shikne
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
4 views13 pages

8.Injecting Code in Data Driven Applications SQL Injection

Uploaded by

Ritesh Shikne
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1/ 13

9. Pc Shutsdown.

10. Exit the shell and in meterpreter mode try to take screenshot of target machine.

PRACTICAL-08
AIM:- Practical on Injecting Code in Data Driven Applications: SQL Injection
THEORY
SQL injection is a code injection technique that might destroy your database. SQL injection is
one of the most common web hacking techniques. SQL injection is the placement of
malicious code in SQL statements, via web page input.

1. Run metasploitable2 and Kali Linux and check the ipaddress of metasploitable2

2. Type the metasploitable2 ip address on the browser to display all the vulnerable web
applications. Make sure your metasploitable2 network is bridged and matches the
subnet of kali Linux.

3. Follow the given step


OWASP Top 10 -> Injection -> Extract Data -> User Info
This steps use to open the login page and register page follow the steps shown in
picture.

4. Enter the name and password click on view account button as follow the steps
shown in picture.

5. Now copy the link of the login page and run SQLMap in kali
6. Open Kali Linux terminal and type sqlmap –h
SQLMap is a powerful tool for identifying and exploiting SQL injection vulnerabilities
in web applications

7. Paste the link with the sqlmap command in kali terminal or type the following.
8. Type Y in all the Questions

9. It will take quite a while for the process to complete as it’s checking the
vulnerabilities
10. To solve the error below modify the config file of metasploitable2

11. Change the dbname from metasploit Follow the step in picture.
12. Change dbname metasploit to owasp10.
13. Save the changes with Ctrl + O and then exit.

14. After making changes in metasploitable2 you should be able to fix the login page on
the website, which will show proper error messages shown below.
15. Now retry the command and test the issue should be resolved.

16. You should now be able to view all the databases hosted on the server
17. Now find the users table for the accounts.

18. List down the columns of users table.

19. Dump all the details of the users table.


20. Passwords will be cracked once the process is complete.

21. You should now be able to view all the databases hosted on the server.
22. Enter the cracked username and passwords on DVWA Website and you will be able
to log in.

23. Test the same SQL Injection with Mutillidae website.


24. Users table for the accounts.

25. ID and Password tables.

You might also like