Lab 9.1: SQLi Review - Ptsoares/SEC_335_Techjournal GitHub Wiki
Overview
The goal of this lab is to revisit SQL injection using a tutorial-based walkthrough.
Useful Commands and Instruction
Lab Prep
In order to conduct this lab properly, a series of commands must be run to initialize the environment (Note this lab is in Kali):
sudo systemctl enable mysqld
sudo systemctl start mysqld
sudo mysql_secure_installation
When prompted, use the following answers:
Switch to unix_socket authentication [Y/n] n
Change the root password? [Y/n] Y
Remove anonymous users?
Disallow root login remotely? [Y/n] y[Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Pull this repo in whichever directory you'd like to work in, and cd
into the proper subdirectory:
git clone https://github.com/skyblueee/sqli-labs-php7.git
cd sqli-labs-php7
Add your password you set into the sql-connections/db-creds.inc
(blank field in quotes). Start the application after with:
php -S 127.0.0.1:8090 -t .
Navigate to and open index.php (sqli-labs-php7/Less-1/index.php
).
Edit the index.php file (note the highlighted section commented with "//SEC335":
These additions are responsible for updating error handling and debugging capabilities since by default you wouldn't get the same amount of information.
SQLi Walkthrough
Here's the walk-through for reference purposes:
Here's another helpful resource I used:
Using sqlmap
The sqlmap tool is built into Kali Linux, here's the documentation.
In order to dump the users
table from the security
database, I ran the following command:
sqlmap -u “http://127.0.0.1:8090/Less-1?id=1” –dump
Issues and Troubleshooting
I didn't have too many troubleshooting issues with this lab since most of the walkthrough was pretty self-explanatory. I did have to do some trial-and-error with the sqlmap syntax, since I wanted to see if I could only output the users
table from the security
database.
Questions/Reflection
This lab was a good revisit for SQL injection. I found some helpful resources that I should be able to utilize in future pen tests in this course, and I once again found the environment "safe" enough to experiment with, so I found out more about what syntax worked, and what didn't. Overall, this lab was fairly straightforward.