Sql Injection in cyber security, Lecture notes of Cybercrime, Cybersecurity and Data Privacy

Download Sql Injection in cyber security and more Lecture notes Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity! Module 15: SQL Injection SQL injection is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database. It is a flaw in web applications and not a database or web server issue. Objective The objective of this lab is to provide expert knowledge on SQL Injection attacks and other responsibilities that include: ● Understanding when and how web application connects to a database server in order to access data ● Extracting basic SQL Injection flaws and vulnerabilities ● Testing web applications for Blind SQL Injection vulnerabilities ● Scanning web servers and analyzing the reports ● Securing information in web applications and web servers Scenario SQL injection is the most common website vulnerability on the Internet and is used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application, for execution by a backend database. SQL injection is a code injection technique that exploits security vulnerability in a website's software. SQL injection attacks use a series of malicious SQL queries or SQL statements to directly manipulate the database. Applications often use SQL statements to authenticate users to the application, validate roles and access levels, store, obtain information for the application and user, and link to other data sources. The reason why SQL injection attacks work is that the application does not properly validate input before passing it to a SQL statement. As an Expert Ethical Hacker, you must use diverse solutions, prepare statements with bind variables and whitelisting input validation and escaping. Input validation can be used to detect unauthorized input before it is passed to the SQL query. Exercise: 1 SQL Injection Attacks on an MS SQL Database SQL injection attacks use a series of malicious SQL queries or SQL statements to directly manipulate the database. Lab Scenario Today, SQL Injection is one of the most common and perilous attacks that website’s software experience. This attack is performed on SQL databases that have weak codes and this vulnerability can be used by an attacker to execute database queries to collect sensitive information, modify the database entries or attach a malicious code resulting in total compromise of the most sensitive data. As an Expert Penetration Tester and Security Administrator, you need to test web applications running on the MS SQL Server database for vulnerabilities and flaws. Lab Objectives The objective of this lab is to provide students with expert knowledge on SQL Injection attacks and to analyze web applications for vulnerabilities. In this lab, you will learn how to: ● Log on without valid credentials ● Test for SQL Injection ● Create your own user account ● Create your own database ● Directory listing ● Enforce Denial-of-Service attacks 1. By default, Windows Server 2016 machine is selected click Ctrl+Alt+Delete button under Windows Server 2016 thumbnail in Resources tab. Alternatively navigate to Commands (Thunder icon) menu and click icon). 4. In the Password field type Pa$$w0rd and press Enter to login. Alternatively navigate to Commands (Thunder icon) menu Type Text and click Type Password. ee ANeli in inre lols Windows Server2012 R2 5. Double-click Google Chrome short-cut icon present on the Desktop in order to launch the browser. 6. In the address bar type http://www.goodshopping.com and press Enter. GoodShopping main page appears as shown in the screenshot. Assume that you are new to this site and have never registered with it. Now the vulnerable site, and close the web browser. 9. Before performing the next task i.e., Creating a User Account with the SQL Injection query, first let us confirm with the Login database of the GoodShopping. Switch to Windows Server 2016 machine, click Windows Server 2016 and launch Microsoft SQL Server Management Studio. Microsoft SQL Server Management Studio window appears with Connect to Server pop-up, choose Windows Authentication in the Authentication field and click Connect. To launch Microsoft SQL Server Management Studio, navigate to Start --> Microsoft SQL Server Tools 17 and click Microsoft SQL Server Management Studio 17. 10.Microsoft SQL Server Manament Studio window appears as shown in the screenshot. In the left pane of Object Explorer expand Databases --> GoodShopping -->Tables. In Tables right-click dbo.Login and click Select Top 1000 Rows from the context menu to view the available credentials. 11.As you can see in the database we have only one entry i.e., Username: smith and Password: smith123. Leave the Microsoft SQL Server created your login using an SQL injection query. 14.After executing the query, to verify whether your login has been created successfully, click LOGIN tab, enter john in the Username field and apple123 in the Password field, and click Log in. 15.You will login successfully with the created login. Now you can access all the features of the website. Click Logout after browsing the required pages, and close the browser window 16.Switch back to the Windows Server 2016 virtual machine from Resources pane. Microsoft SQL Server Management Studio appears (if not minimised or closed), right-click on dbo.Login, and click Select Top 1000 Rows from mydatabase has been created at the database server. Close the browser. 19.Click Windows Server 2016 machine, launch the Microsoft SQL Server Manager Studio. Microsoft SQL Server Management Studio window appears with Connect to Server pop-up, choose Windows Authentication in the Authentication field and click Connect. To launch Microsoft SQL Server Management Studio, navigate to Start --> Microsoft SQL Server Tools 17 and click Microsoft SQL Server Management Studio 17. 20.The Microsoft SQL Server Management Studio main window appears, as shown in the screenshot. Expand the Databases node. A new database has been created with the name mydatabase. Close the Microsoft SQL Server Management Studio window. 21.To perform Denial-of-Service attack, switch to Windows Server 2012 machine from Resources pane. Launch the web browser, type http://www.goodshopping.com in the address bar, and press Enter. The home page of GoodShopping appears. Click LOGIN, type blah';exec master..xp_cmdshell 'ping www.moviescope.com -l 65000 -t'; -- in the Username field, leave the Password field empty, and click Log in. In the above query, you are performing a ping for the www.moviescope.com website using an SQL Injection query: -l is the sent buffer size, and -t refers to pinging the specified host. The SQL injection query starts pinging the host, and the login page shows a Waiting for www.goodshopping.com… message at the bottom of the Exercise: 2 Scanning Web Applications Using N-Stalker Tool Web applications are tested for implementing security and automating vulnerability assessments. Doing so prevents SQL injection attacks on web servers and web applications. Websites are tested for embedded malware and by employing multiple techniques. N-Stalker Web Application Security Scanner X is a web security assessment solution for web applications . By incorporating the well-known “N-Stealth HTTP Security Scanner” and its database of 39,000 Web Attack Signatures database along with a component-oriented web application security assessment technology, N-Stalker is a security tool for developers, system/security administrators, IT auditors and staff. Lab Scenario Few attackers perform SQL injection attacks based on “error messages” received from servers. If an error is responded to by the application, the attacker can determine the database’s entire structure, and read any value that can be read by the account the ASP application is using to connect to the SQL server. However, if an error message is returned from the database server stating that the SQL Query’s syntax is incorrect, an attacker tries all possible true/false questions via SQL statements to steal data. As an Expert Security Professional and Penetration Tester, you should be familiar with the tips and tricks used in SQL injection detection. You must also be aware of all the tools that can be used to detect SQL injection flaws. In this lab, you will learn to do so using N-Stalker. Lab Objectives The objective of this lab is to help students learn how to test web applications for SQL injection threats and vulnerabilities. In this lab, you will learn to: ● Perform web site scans for vulnerabilities ● Analyze scanned results ● Save Scan Results Lab Duration: 10 Minutes 1. By default, Windows Server 2016 machine is selected click Ctrl+Alt+Delete. Alternatively navigate to Commands (Thunder icon) menu and click Ctrl+Alt+Delete. 2. In the Password field type Pa$$w0rd and press Enter to login. Alternatively navigate to Commands (Thunder icon) menu Type Text and click Type Password. Administrator PTT oe a Arla Lay See 5. Choose URL & Policy wizard appears, click Next. \staker Scanne | Stan Options © a! Vy © <2: mM @ «6 stat || poisy Gta Repit Mania || nh HITE Fte Wai) Freminr GHA HTTP oad |) Unite atid | | ee el l | Scan session Sean Taos biscelan2aue Toss Abe . =S)| N-Stalver Sear Wizard Rese cae) ieee Start Web Application Security Scan Session eee ENE: ‘You must enter an URL and choose policy. Scan Settings may 9¢ configured. Enter Web Application URL (Eq: pow example, ps aes Atul reson te) [Scan bah HITP andl HTTPS locaticns —C] Danottest web autentcation forms Choose Sean Policy Choose URL @Palicy © [owase Poicy + Optinize Setinge Load Scan Seasion Review Surmary Start Scan Session a (fou may esd sean stings from previously saved scan seasons) Luau Spider Data (You may load spider data tom sevioualy saved ecan stesione) eacl Preset Policies : = FUSS Assessment cas Poker ude Steck Test Webserver secur chung SANS FED (py | Status NStaterPeessucoeestuly lated: Chuuse your sear uplia 6. Optimize Settings wizard appears, leave the settings to default and click Next. 7. Settings Not Optimized pop-up appears, click Yes to continue. 10.After completing the configuration of N-Stalker, click Start Scan from the menu bar to begin scanning the Goodshopping website 11.N-Stalker begins to scan the website, as shown in the screenshot. It takes some time for the application to scan the entire website. N-Stalker scans the site in four different steps: Spider, Info Gather, Run Modules, and Sig Scanner. 12.On completion of the scan, the Results Wizard appears. Select Save scan results (under Session Management Options) and Keep scan session for further analysis (under Next Steps), and click Next. Tires = no cn 2 |) s= ITP |_sesstn conto reads conta | ATTE Cone Website Tree Results Wizard 2 hitp:twvw gooeshopping Scan Session has finished successfully. I-Staiker found 3 yulnerabiitios ‘Session Management options ‘Save scan results Discard scan resuts New steps Total Sean Tne SOEs uncles Cloze sean eesson end raturn to main screen ime (5) ‘Total Vuhersbiliies ‘ eo (@) Keep Stan Sessiin Tor fithar analyst! | Medium: 3 law. 1 Info. fe shu caw ‘Sean Mode | | rete Pioyess, z s ® Senattive Flee Searsh Azacze 4 188 0% Wiserver Infrastrurtine Bass 5 ane © SiikParty Package Scerner 130 181 93% © NStaler Side Module 13 10 100% e « >” scanModdlae [Bp Corporat |= Sean Evento (ey | Status N-Stetker Stenver seosio is Jeg see [Dasher Tel) Module Evante Vulnerabilities) to view all the site’s vulnerabilities. 16.On completing the lab exercise, exit all the applications and close all the files and folders that were opened during the lab. In this lab, you have learn to: ● Perform web site scans for vulnerabilities ● Analyze scanned results ● Save Scan Results 0% Tasks Complete PreviousNext: Exercise: 3 Performing SQL Injection... Module 15: SQL Injection 34 Minutes Remaining Instructions Resources Help 100% Exercise: 3 Performing SQL Injection attack against MSSQL to extract Databases and WebShell using SQLMAP Web applications are tested for implementing security and automating vulnerability assessments. Doing so prevents SQL injection attacks on web servers and web applications. Websites are tested for embedded malware and by employing multiple techniques. Lab Scenario SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. SQL injection is a basic attack used to either gain unauthorized access to a database or to retrieve information directly from the database. It is a flaw in web applications and not a database or web server issue. Lab Objectives The objective of this lab is to help students learn how to test web applications for SQL injection threats and vulnerabilities. In this lab, you will learn to: ● Extract the MSSQL Databases using SQLMAP 1. Click Kali Linux. If you see the Blue screen of Kali Linux press Space Bar to get the Login screen of the Kali Linux. Type root in the Username field and click Next. rerasty + @- £MO~ press Enter. Home - MovieScope - Mozilla Firefox kb Home MovieScope | € © | wwmovlescepe com \ievworafle.asox7id=1 © |(9 Sezret wetnr ow = EEMost Visited PMlOFfensive Security “Kali Lnux “,Ket'Docs “Kel Tools ® Cxpioit-DB WAircreck-ng MU Xeliorurs “Neti lunter Getting Started Features Trailers Photos Contacts View Profile sam profile Featured Movie Trailers 1 TL Cinspector [ERARERENY © Debugger ("Sty Eel. GParforma.. Cs Memory | = Network RA BW © Net = 8 CSS = 6 WS eSecurity = eLogging - © Sener Filter output 5. Select the cookie value and right-click and Copy the value as shown in the screenshot. Minimize the web browser. 6. Click Terminal icon from the Favorites (left handside of the Desktop) to launch. 7. Type sqlmap -u “http://www.moviescope.com/viewprofile.aspx?id=1” --cookie=<”cookie value which you have copied in step #5”> --dbs and press Enter. By issuing the above query, sqlmap enforces various injection techniques on the name parameter of the URL in an attempt to extract the database information of moviescope website. Do you want to skip test payloads specific for other DBMSes warning appears, type Y and press Enter. Do you want to include all tests for ‘Micorsoft SQL Server’ extending provided level warning appears type Y and press Enter. Do you want to keep testing the others warning appears, type N and press Enter. database in search of tables located in the database. erry) Po ope .con/viewprof ile. aspx?ik 10.sqlmap retrieves the table contents of the moviescope database and displays them as shown in the screenshot. 11.Now, you need to retrieve the columns associated with the tables. In this lab, you will use sqlmap to retrieve the columns of the table named "User_Login". For extracting columns information, you need to issue the following sqlmap query. Type sqlmap -u “http://www.moviescope.com/viewprofile.aspx?id=1” --cookie=<”cookie value which you have copied in step #5”> -D moviescope -T User_Login --columns and press Enter. By issuing the above query, sqlmap starts scanning the User_Login table inside moviescope database in search of columns. 0) O- a Te Caer TTT mere Te) verify the login credentials of john. or Help cE Cae ees eae Ce eet) Er, Tce pte fragt nC amc ae mee C RLY Cece eec ml heel WME 0 a Tee Reb See Sper yee eer yeas pees EraT ene Nes RC IPC CRo ee UC Tees Cc sete Oia bea eC eed Ure CRED ta Gage le Seca ec ec Ne peabral Cree Wpeta ers eter er) eel re pene ete d eral We ecar Ged eee eT) rebel Dene MNP UE ar Nab COE eUnCra re Ae CES ec nL ENE ran AC es GE aE ere Oer eee tobe ABLE Cp OCS erar (dere el sere @eeiecay LBee DEC GEE Iere Weta Gespee Ceres nen Tm tee. eee Tee eee Lend eet SCssur est rar oc ae) Pete nce eee ae yee CN eee en ee ES) eet SEER es Tee Ree Micra: _[*] shutting down at 15.From the Favorites bar, click browser icon to maximize the browser. Close the Developer Console and click Logout in the moviescope page. 16.Login page of moviescope appears, in the Username type john and in the Password type test and click Login. You can enter any of the user credentials that you have gathered in the step Module 15: SQL Injection SQL injection is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database. It is a flaw in web applications and not a database or web server issue. Objective The objective of this lab is to provide expert knowledge on SQL Injection attacks and other responsibilities that include: ● Understanding when and how web application connects to a database server in order to access data ● Extracting basic SQL Injection flaws and vulnerabilities ● Testing web applications for Blind SQL Injection vulnerabilities ● Scanning web servers and analyzing the reports ● Securing information in web applications and web servers Scenario SQL injection is the most common website vulnerability on the Internet and is used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application, for execution by a backend database. SQL injection is a code injection technique that exploits security vulnerability in a website's software. SQL injection attacks use a series of malicious SQL queries or SQL statements to directly manipulate the database. Applications often use SQL statements to authenticate users to the application, validate roles and access levels, store, obtain information for the application and user, and link to other data sources. The reason why SQL injection attacks work is that the application does not properly validate input before passing it to a SQL statement. As an Expert Ethical Hacker, you must use diverse solutions, prepare statements with bind variables and whitelisting input validation and escaping. Input validation can be used to detect unauthorized input before it is passed to the SQL query. Exercise: 1 SQL Injection Attacks on an MS SQL Database SQL injection attacks use a series of malicious SQL queries or SQL statements to directly manipulate the database. Lab Scenario Today, SQL Injection is one of the most common and perilous attacks that website’s software experience. This attack is performed on SQL databases that have weak codes and this vulnerability can be used by an attacker to execute database queries to collect sensitive information, modify the database entries or attach a malicious code resulting in total compromise of the most sensitive data. As an Expert Penetration Tester and Security Administrator, you need to test web applications running on the MS SQL Server database for vulnerabilities and flaws. Lab Objectives The objective of this lab is to provide students with expert knowledge on SQL Injection attacks and to analyze web applications for vulnerabilities. In this lab, you will learn how to: ● Log on without valid credentials ● Test for SQL Injection ● Create your own user account ● Create your own database ● Directory listing ● Enforce Denial-of-Service attacks 1. By default, Windows Server 2016 machine is selected click Ctrl+Alt+Delete button under Windows Server 2016 thumbnail in Resources tab. Alternatively navigate to Commands (Thunder icon) menu and click icon). 4. In the Password field type Pa$$w0rd and press Enter to login. Alternatively navigate to Commands (Thunder icon) menu Type Text and click Type Password. ee ANeli in inre lols Windows Server2012 R2 5. Double-click Google Chrome short-cut icon present on the Desktop in order to launch the browser. 6. In the address bar type http://www.goodshopping.com and press Enter. GoodShopping main page appears as shown in the screenshot. Assume that you are new to this site and have never registered with it. Now the vulnerable site, and close the web browser. 9. Before performing the next task i.e., Creating a User Account with the SQL Injection query, first let us confirm with the Login database of the GoodShopping. Switch to Windows Server 2016 machine, click Windows Server 2016 and launch Microsoft SQL Server Management Studio. Microsoft SQL Server Management Studio window appears with Connect to Server pop-up, choose Windows Authentication in the Authentication field and click Connect. To launch Microsoft SQL Server Management Studio, navigate to Start --> Microsoft SQL Server Tools 17 and click Microsoft SQL Server Management Studio 17. 10.Microsoft SQL Server Manament Studio window appears as shown in the screenshot. In the left pane of Object Explorer expand Databases --> GoodShopping -->Tables. In Tables right-click dbo.Login and click Select Top 1000 Rows from the context menu to view the available credentials. 11.As you can see in the database we have only one entry i.e., Username: smith and Password: smith123. Leave the Microsoft SQL Server created your login using an SQL injection query. 14.After executing the query, to verify whether your login has been created successfully, click LOGIN tab, enter john in the Username field and apple123 in the Password field, and click Log in. 15.You will login successfully with the created login. Now you can access all the features of the website. Click Logout after browsing the required pages, and close the browser window 16.Switch back to the Windows Server 2016 virtual machine from Resources pane. Microsoft SQL Server Management Studio appears (if not minimised or closed), right-click on dbo.Login, and click Select Top 1000 Rows from mydatabase has been created at the database server. Close the browser. 19.Click Windows Server 2016 machine, launch the Microsoft SQL Server Manager Studio. Microsoft SQL Server Management Studio window appears with Connect to Server pop-up, choose Windows Authentication in the Authentication field and click Connect. To launch Microsoft SQL Server Management Studio, navigate to Start --> Microsoft SQL Server Tools 17 and click Microsoft SQL Server Management Studio 17. 20.The Microsoft SQL Server Management Studio main window appears, as shown in the screenshot. Expand the Databases node. A new database has been created with the name mydatabase. Close the Microsoft SQL Server Management Studio window. 21.To perform Denial-of-Service attack, switch to Windows Server 2012 machine from Resources pane. Launch the web browser, type http://www.goodshopping.com in the address bar, and press Enter. The home page of GoodShopping appears. Click LOGIN, type blah';exec master..xp_cmdshell 'ping www.moviescope.com -l 65000 -t'; -- in the Username field, leave the Password field empty, and click Log in. In the above query, you are performing a ping for the www.moviescope.com website using an SQL Injection query: -l is the sent buffer size, and -t refers to pinging the specified host. The SQL injection query starts pinging the host, and the login page shows a Waiting for www.goodshopping.com… message at the bottom of the Exercise: 2 Scanning Web Applications Using N-Stalker Tool Web applications are tested for implementing security and automating vulnerability assessments. Doing so prevents SQL injection attacks on web servers and web applications. Websites are tested for embedded malware and by employing multiple techniques. N-Stalker Web Application Security Scanner X is a web security assessment solution for web applications . By incorporating the well-known “N-Stealth HTTP Security Scanner” and its database of 39,000 Web Attack Signatures database along with a component-oriented web application security assessment technology, N-Stalker is a security tool for developers, system/security administrators, IT auditors and staff. Lab Scenario Few attackers perform SQL injection attacks based on “error messages” received from servers. If an error is responded to by the application, the attacker can determine the database’s entire structure, and read any value that can be read by the account the ASP application is using to connect to the SQL server. However, if an error message is returned from the database server stating that the SQL Query’s syntax is incorrect, an attacker tries all possible true/false questions via SQL statements to steal data. As an Expert Security Professional and Penetration Tester, you should be familiar with the tips and tricks used in SQL injection detection. You must also be aware of all the tools that can be used to detect SQL injection flaws. In this lab, you will learn to do so using N-Stalker. Lab Objectives The objective of this lab is to help students learn how to test web applications for SQL injection threats and vulnerabilities. In this lab, you will learn to: ● Perform web site scans for vulnerabilities ● Analyze scanned results ● Save Scan Results Lab Duration: 10 Minutes 1. By default, Windows Server 2016 machine is selected click Ctrl+Alt+Delete. Alternatively navigate to Commands (Thunder icon) menu and click Ctrl+Alt+Delete. 2. In the Password field type Pa$$w0rd and press Enter to login. Alternatively navigate to Commands (Thunder icon) menu Type Text and click Type Password. Administrator PTT oe a Arla Lay See 5. Choose URL & Policy wizard appears, click Next. \staker Scanne | Stan Options © a! Vy © <2: mM @ «6 stat || poisy Gta Repit Mania || nh HITE Fte Wai) Freminr GHA HTTP oad |) Unite atid | | ee el l | Scan session Sean Taos biscelan2aue Toss Abe . =S)| N-Stalver Sear Wizard Rese cae) ieee Start Web Application Security Scan Session eee ENE: ‘You must enter an URL and choose policy. Scan Settings may 9¢ configured. Enter Web Application URL (Eq: pow example, ps aes Atul reson te) [Scan bah HITP andl HTTPS locaticns —C] Danottest web autentcation forms Choose Sean Policy Choose URL @Palicy © [owase Poicy + Optinize Setinge Load Scan Seasion Review Surmary Start Scan Session a (fou may esd sean stings from previously saved scan seasons) Luau Spider Data (You may load spider data tom sevioualy saved ecan stesione) eacl Preset Policies : = FUSS Assessment cas Poker ude Steck Test Webserver secur chung SANS FED (py | Status NStaterPeessucoeestuly lated: Chuuse your sear uplia 6. Optimize Settings wizard appears, leave the settings to default and click Next. 7. Settings Not Optimized pop-up appears, click Yes to continue. 10.After completing the configuration of N-Stalker, click Start Scan from the menu bar to begin scanning the Goodshopping website 11.N-Stalker begins to scan the website, as shown in the screenshot. It takes some time for the application to scan the entire website. N-Stalker scans the site in four different steps: Spider, Info Gather, Run Modules, and Sig Scanner. 12.On completion of the scan, the Results Wizard appears. Select Save scan results (under Session Management Options) and Keep scan session for further analysis (under Next Steps), and click Next. Tires = no cn 2 |) s= ITP |_sesstn conto reads conta | ATTE Cone Website Tree Results Wizard 2 hitp:twvw gooeshopping Scan Session has finished successfully. I-Staiker found 3 yulnerabiitios ‘Session Management options ‘Save scan results Discard scan resuts New steps Total Sean Tne SOEs uncles Cloze sean eesson end raturn to main screen ime (5) ‘Total Vuhersbiliies ‘ eo (@) Keep Stan Sessiin Tor fithar analyst! | Medium: 3 law. 1 Info. fe shu caw ‘Sean Mode | | rete Pioyess, z s ® Senattive Flee Searsh Azacze 4 188 0% Wiserver Infrastrurtine Bass 5 ane © SiikParty Package Scerner 130 181 93% © NStaler Side Module 13 10 100% e « >” scanModdlae [Bp Corporat |= Sean Evento (ey | Status N-Stetker Stenver seosio is Jeg see [Dasher Tel) Module Evante Vulnerabilities) to view all the site’s vulnerabilities. 16.On completing the lab exercise, exit all the applications and close all the files and folders that were opened during the lab. In this lab, you have learn to: ● Perform web site scans for vulnerabilities ● Analyze scanned results ● Save Scan Results 0% Tasks Complete PreviousNext: Exercise: 3 Performing SQL Injection... Module 15: SQL Injection 34 Minutes Remaining Instructions Resources Help 100% Exercise: 3 Performing SQL Injection attack against MSSQL to extract Databases and WebShell using SQLMAP Web applications are tested for implementing security and automating vulnerability assessments. Doing so prevents SQL injection attacks on web servers and web applications. Websites are tested for embedded malware and by employing multiple techniques. Lab Scenario SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. SQL injection is a basic attack used to either gain unauthorized access to a database or to retrieve information directly from the database. It is a flaw in web applications and not a database or web server issue. Lab Objectives The objective of this lab is to help students learn how to test web applications for SQL injection threats and vulnerabilities. In this lab, you will learn to: ● Extract the MSSQL Databases using SQLMAP 1. Click Kali Linux. If you see the Blue screen of Kali Linux press Space Bar to get the Login screen of the Kali Linux. Type root in the Username field and click Next. rerasty + @- £MO~ press Enter. Home - MovieScope - Mozilla Firefox kb Home MovieScope | € © | wwmovlescepe com \ievworafle.asox7id=1 © |(9 Sezret wetnr ow = EEMost Visited PMlOFfensive Security “Kali Lnux “,Ket'Docs “Kel Tools ® Cxpioit-DB WAircreck-ng MU Xeliorurs “Neti lunter Getting Started Features Trailers Photos Contacts View Profile sam profile Featured Movie Trailers 1 TL Cinspector [ERARERENY © Debugger ("Sty Eel. GParforma.. Cs Memory | = Network RA BW © Net = 8 CSS = 6 WS eSecurity = eLogging - © Sener Filter output 5. Select the cookie value and right-click and Copy the value as shown in the screenshot. Minimize the web browser. 6. Click Terminal icon from the Favorites (left handside of the Desktop) to launch. 7. Type sqlmap -u “http://www.moviescope.com/viewprofile.aspx?id=1” --cookie=<”cookie value which you have copied in step #5”> --dbs and press Enter. By issuing the above query, sqlmap enforces various injection techniques on the name parameter of the URL in an attempt to extract the database information of moviescope website. Do you want to skip test payloads specific for other DBMSes warning appears, type Y and press Enter. Do you want to include all tests for ‘Micorsoft SQL Server’ extending provided level warning appears type Y and press Enter. Do you want to keep testing the others warning appears, type N and press Enter. database in search of tables located in the database. erry) Po ope .con/viewprof ile. aspx?ik 10.sqlmap retrieves the table contents of the moviescope database and displays them as shown in the screenshot. 11.Now, you need to retrieve the columns associated with the tables. In this lab, you will use sqlmap to retrieve the columns of the table named "User_Login". For extracting columns information, you need to issue the following sqlmap query. Type sqlmap -u “http://www.moviescope.com/viewprofile.aspx?id=1” --cookie=<”cookie value which you have copied in step #5”> -D moviescope -T User_Login --columns and press Enter. By issuing the above query, sqlmap starts scanning the User_Login table inside moviescope database in search of columns. 0) O- a Te Caer TTT mere Te) verify the login credentials of john. or Help cE Cae ees eae Ce eet) Er, Tce pte fragt nC amc ae mee C RLY Cece eec ml heel WME 0 a Tee Reb See Sper yee eer yeas pees EraT ene Nes RC IPC CRo ee UC Tees Cc sete Oia bea eC eed Ure CRED ta Gage le Seca ec ec Ne peabral Cree Wpeta ers eter er) eel re pene ete d eral We ecar Ged eee eT) rebel Dene MNP UE ar Nab COE eUnCra re Ae CES ec nL ENE ran AC es GE aE ere Oer eee tobe ABLE Cp OCS erar (dere el sere @eeiecay LBee DEC GEE Iere Weta Gespee Ceres nen Tm tee. eee Tee eee Lend eet SCssur est rar oc ae) Pete nce eee ae yee CN eee en ee ES) eet SEER es Tee Ree Micra: _[*] shutting down at 15.From the Favorites bar, click browser icon to maximize the browser. Close the Developer Console and click Logout in the moviescope page. 16.Login page of moviescope appears, in the Username type john and in the Password type test and click Login. You can enter any of the user credentials that you have gathered in the step TE Logie < Mv ope x + € OA | worw. movtescope.com/login asp Login ~ MovieScope - Mazilla Firefox » ¢ Seerct woeat*rego Most Visited PMlOFfensive Security “Kali Lnux “,Ket'Docs “Kel Tools ® Expioit-DB WAircreck-ng MUXeliorums “Neti lunter @,Geiting Started MOVIESCOPE Home Features Trailers Photos Contacts Login = 19.sqlmap tries to optimize value(s) for DBMS delay responses message appears type Y and press Enter to continue. 20.Once sqlmap aquires the permission to optimize the machine, it will gives you with the os-shell. Type hostname and press Enter to find the machine name where the site is running. 0) O- File Edit View Search Terminal Help Serres IL LCCC tae 0a) Tene me a Sey, ed blind (IF) sata at van Type: UNION query Title UNION query (NULL) - 10 colurns rene preter ere Nusa Een eC) peels Tess p CLEC Peer er Ui pees Ete ee pecs ee Ge ere Gera eel eran Cr shia Gira ee eed UR reece hee 3) +CiIAR (B4)-+CHIAR ( 98) +CHAR(89)~CHAR (57) +CHIAR( 103) +CHAR(98)+CiAR( 106) +CIAR( 109 }+CHAR(76| (98) +CHAR(115)+CHAR(113)+CHAR(113)4+CHAR( 166)+CHAR(112)+CHAR(113),MULL,NULL,NULL, NULL, Pre en Co] Sete eae a eC arts) Der ey ee a Se ees eae oS eas CCE ee ecg nae oe] do you want sqlmap to try to optimize value(s) for DBNS delay Ts Ce Uer Ld Seri id 21.Do you want to retrieve the command standard output? message appears type Y and press Enter.