Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
204 views

Lab 9 - Automated SQL Injection Using SQLMap

I apologize, upon reviewing the document I do not have enough information to answer your questions or summarize the results of running the commands described, as I did not actually run the steps outlined in the lab document. As an AI system I do not have access to the target website or ability to perform the automated SQL injection steps myself. I can only summarize the provided document.

Uploaded by

Pratham Pandey
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
204 views

Lab 9 - Automated SQL Injection Using SQLMap

I apologize, upon reviewing the document I do not have enough information to answer your questions or summarize the results of running the commands described, as I did not actually run the steps outlined in the lab document. As an AI system I do not have access to the target website or ability to perform the automated SQL injection steps myself. I can only summarize the provided document.

Uploaded by

Pratham Pandey
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Lab 9 - Automated SQL Injection using SQLMap

Description: In this lab, we will perform automated SQL Injection using SQLMap. SQL injection
is a code injection technique, used to attack data-driven applications, in which malicious SQL
statements are inserted into an entry field for execution (e.g. to dump the database contents to
the attacker). SQL injection must exploit a security vulnerability in an application's software, for
example, when user input is either incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
SQL injection is mostly known as an attack vector for websites but can be used to attack any
type of SQL database. sqlmap is an open source penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and taking over of database servers. It
comes with a powerful detection engine, many niche features for the ultimate penetration tester
and a broad range of switches lasting from database fingerprinting, over data fetching from the
database, to accessing the underlying file system and executing commands on the operating
system via out-of-band connections.

Requirements for the lab: Attacker Machine - Kali Linux. Target - http://testphp.vulnweb.com/

Step 1: Launch your attacker machine (Parrot virtual machine) and log in
Step 2: Open your terminal and type sqlmap to launch the sqlmap.
Step 3: Open a web browser and type - http://testphp.vulnweb.com/ in a tab.
Step 4: After that, find out the link to start the sql injection. For that, you can use google, and
type site: http://testphp.vulnweb.com/ php?id= . The first link that has this kind of structure will be
your link for SQL Injection. Example: http://testphp.vulnweb.com/artists.php?artist=1
Step 5: Now, in terminal, type – sqlmap –u http://testphp.vulnweb.com/artists.php?artist=1 –dbs
.If it gives you result then the website is vulnerable to SQL Injection.
Step 6: Now, you can explore the various options available with sqlmap and find out the tables
names, columns name, usernames, passwords and email ids.
Step 7: Use the username and passwords to gain the access of the website.

Question 1: Do you find any databases and tables using sqlmap?

If yes, please write some of them below:

Question 2: Do you get the access to the database of the target website? What username and
password did you get?

If yes, please write some of them below:?

You might also like