Lab 9.1: SQLi Review - Ptsoares/SEC_335_Techjournal GitHub Wiki

Overview

The goal of this lab is to revisit SQL injection using a tutorial-based walkthrough.

Useful Commands and Instruction

Lab Prep

In order to conduct this lab properly, a series of commands must be run to initialize the environment (Note this lab is in Kali):

sudo systemctl enable mysqld 
sudo systemctl start mysqld
sudo mysql_secure_installation

When prompted, use the following answers:

Switch to unix_socket authentication [Y/n] n
Change the root password? [Y/n] Y
Remove anonymous users? 
Disallow root login remotely? [Y/n] y[Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Pull this repo in whichever directory you'd like to work in, and cd into the proper subdirectory:

git clone https://github.com/skyblueee/sqli-labs-php7.git
cd sqli-labs-php7

Add your password you set into the sql-connections/db-creds.inc (blank field in quotes). Start the application after with:

php -S 127.0.0.1:8090 -t .

Navigate to and open index.php (sqli-labs-php7/Less-1/index.php).

Edit the index.php file (note the highlighted section commented with "//SEC335":

image

image

These additions are responsible for updating error handling and debugging capabilities since by default you wouldn't get the same amount of information.

SQLi Walkthrough

Here's the walk-through for reference purposes:

SQL Injection Walkthrough

Here's another helpful resource I used:

Helpful SQL Injection Inputs

Using sqlmap

The sqlmap tool is built into Kali Linux, here's the documentation.

In order to dump the users table from the security database, I ran the following command:

sqlmap -u “http://127.0.0.1:8090/Less-1?id=1” –dump

Issues and Troubleshooting

I didn't have too many troubleshooting issues with this lab since most of the walkthrough was pretty self-explanatory. I did have to do some trial-and-error with the sqlmap syntax, since I wanted to see if I could only output the users table from the security database.

Questions/Reflection

This lab was a good revisit for SQL injection. I found some helpful resources that I should be able to utilize in future pen tests in this course, and I once again found the environment "safe" enough to experiment with, so I found out more about what syntax worked, and what didn't. Overall, this lab was fairly straightforward.