350
◾
Ethical Hacking and Penetration Testing Guide
We have managed to extract all the columns available in the “users” table.
Extracting Data from Columns
The final step would be to extract the data present in the column “users,”
which will hold the
username,
password, and other data about the user. So we will choose
to extract the information
from the following columns: first_name, last_name, user, and password.
Syntax
http://localhost/index.php?support=yes’ and 1=0 UNION select 1,2,3,column_name,5,6 from
dvwa.users--±
We have managed
to retrieve the usernames,
passwords, etc., of all the users in the “users”
table. The password is an MD5 hash. You can either use online hash cracking tools to crack the
hashes
or use brute forcing,
rainbow tables, etc.
Using
group _ concat
In this case, we were able to echo back the data to all the columns. However,
in most of the cases,
you won’t be able to print the data to all the columns.
In such cases, you can use “
group _ con-
cat
” to extract data from multiple columns at once.
Web Hacking
◾
351
Syntax
http://localhost/index.php?support=yes’ and 1=0 UNION select 1,2,3,group_concat(user,0x3a,
password),5,6 from dvwa.users--±
The 0x3a is hex equivalent of “colon [:]”; this is used for formatting the data correctly.
Dostları ilə paylaş: 
