Sql injection manish file
Transcript of Sql injection manish file
![Page 1: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/1.jpg)
SQL Injection
BY: Manish Bhandarkar
![Page 2: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/2.jpg)
LAB Setup :-
1) VM with Hack me Bank Installed http://ninja-sec.com/index.php/hacme-bank-prebuilt-vmware-image-ninja- sec-com/
2) SQL-Map For Windows https://github.com/sqlmapproject/sqlmap/zipball/master
3) SQL-Map For Unix It is there on Backtrack 5
![Page 3: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/3.jpg)
OWASP TOP 10
A1 : Injection
Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data
![Page 4: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/4.jpg)
Injections
Common type of injections : SQL LDAP Xpath etc
IMAPCT : As disastrous as handling the database over to the attacker
Can also lead to OS level access
![Page 5: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/5.jpg)
Definition
Exploiting poorly filtered or in-correctly escaped SQL queries to execute data from user input
Types
Error Based Blind Injections Boolean Injections
![Page 6: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/6.jpg)
How They Are Work?
Application presents a form to the attacker
Attacker sends an attack in the form data
Application forwards attack to the database in a SQL query
Database runs query containing attack and sends encrypted result back to application
Application renders data as to the user
![Page 7: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/7.jpg)
![Page 8: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/8.jpg)
SQL MAP
![Page 9: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/9.jpg)
SQL MAP INTRODUCTION
Powerful command line utility to exploit SQL Injection vulnerability Support for following databases
MySQL IBM DB2 Oracle SQLite PostgreSQL
Firebird Microsoft SQL Server SAP MaxDB Sybase and Microsoft Access
![Page 10: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/10.jpg)
TECHNIQUES OF SQL INJECTION
Boolean-based blind
Time-based blind
Error-based
UNION query
Stacked queries
![Page 11: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/11.jpg)
SQL MAP OPTION KEYS o -u <URL>
o -dbs (To enumerate databases)
o -r (For request in .txt file)
o -technique (SQL injection technique)
o - dbms (Specify DBMS)
o -D <database name> --tables
o -T <table name> --columns
o -C <column name> --dump
o --cookie (Authentication)
o --dump-all
![Page 12: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/12.jpg)
SQL MAP FLOW
Enumerate the database name
Select database and enumerate tables
Select tables and enumerate columns
Select a column and enumerate rows(data)
Choose whatever u want
![Page 13: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/13.jpg)
WHY USED SQL MAP?
Built in capabilities for cracking hashes
Options of running user defined queries
You could run OS level commands
You could have an interactive OS shell
Meterpreter shell with Metasploit
![Page 14: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/14.jpg)
EXTRA USEFUL SQL MAP OPTION KEYS 1
--os-cmd Run any OS level command
--os-shell Starts an interactive shell
--os-pwn Injects a Meterpreter shell
--tamper Evading WAF
![Page 15: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/15.jpg)
EXTRA USEFUL SQL MAP OPTION KEYS 2
--tor: Use Tor anonymity network
--tor-port: Set Tor proxy port other than default
--tor-type: Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)
--check-payload: Offline WAF/IPS/IDS payload detection testing
--check-waf: heck for existence of WAF/IPS/IDS protection
--gpage: Use Google dork results from specified page number
--tamper: custom scripts
![Page 16: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/16.jpg)
U WANT TO EXPLORE MORE
SQL MAP Usage Guide http://sqlmap.sourceforge.net/doc/README.html
SQL MAP WITH TOR http://www.coresec.org/2011/04/24/sqlmap-with-tor/
![Page 17: Sql injection manish file](https://reader033.fdocuments.net/reader033/viewer/2022052618/554f4188b4c905423f8b4599/html5/thumbnails/17.jpg)
THANK YOU
BY: Manish Bhandarkar http://www.hackingforsecurity.blogspot.com