Showing posts with label SQL INJECTION. Show all posts
Showing posts with label SQL INJECTION. Show all posts

Friday, 5 July 2013

GUI Sqlmap in Kali Linux






Installation Commands :
  • sudo apt-get install python-tk python2.7 sakura
  • git clone git://github.com/sqlmapproject/sqlmap.gi­t
  • cd sqlmap
  • Download sqlmap from  http://gui-for-sqlmap.googlecode.com
  • unzip sqm-60712.zip
  • python2.7 sqm.pyw
VIDEO :


Posted by at No comments:
Labels: ,

Sunday, 27 November 2011

what is sql injection ?


SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

SQL Injection: An In-depth Explanation
Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.
These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

Example of a SQLInjection Attack

Here is a sample basic HTML form with two inputs, login and password.

<form method="post" action="http://testasp.vulnweb.com/login.asp">
<input name="tfUName" type="text" id="tfUName">
<input name="tfUPass" type="password" id="tfUPass">
</form>

The easiest way for the login.asp to work is by building a database query that looks like this:

SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’

If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x

SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.

The 'x'='x' part guarantees to be true regardless of what the first part contains.

This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!

SQL INJECTION CHEAT SHEET

LIve Example of a SQLInjection Attack

http://www.youtube.com/watch?v=WGkntart6WI&feature=related
Posted by at No comments:
Labels:

Tuesday, 8 November 2011

Sqlninja 0.2.6 is now available


Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.
 Here’s what it does:
  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
  • Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
  • Privilege escalation to sysadmin group if 'sa' password has been found
  • Creation of a custom xp_cmdshell if the original one has been removed
  • Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
  • Evasion techniques to confuse a few IDS/IPS/WAF
  • Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
  • Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
  • Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM
Download :  Sqlninja 0.2.6
Posted by at No comments:
Labels:

Thursday, 3 November 2011

List of Online Websites SQL Injection Scanner



What will you do if you need your hacking tools but you are not with your system. This is really frustrating. You want to hack a website you know is vulnerable but you do not have you tools. You can do it with your skills and by injecting manual sql queries. But most of the kiddies can not. So all those kiddies can use these online SQL injection scanner.


http://www.be007.gigfa.com/scanner/scanner.php
http://www.sunmagazin.com/tools/hack/SQLI-Scan
http://scanner.drie88.tk
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
http://wolfscps.com/gscanner.php

Posted by at No comments:
Labels:

Wednesday, 2 November 2011

Automatic SQL Injection Tool – SQLMAP


Sqlmap is an open source command-line automatic SQL injection tool and its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..



You Can download sqlmap 0.7 here:
Windows Portable: sqlmap-0.7_exe.zip
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)