Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 9

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap command execution features: sqlmap is launched against an ASP.NET test page hosted on a Microsoft Windows 2003 server with back-end database management system being MySQL 5.0.

The tool is instructed to identify possible SQL injections and exploit them by spawning an interactive command prompt where the user can execute commands on the database server operating system. sqlmap first uploads a dynamic-linked library (DLL) used to create two user-defined functions (sys_exec() and sys_eval()) in the database then shows the command prompt.

For each command the user can choose if he wants to retrieve the command standard output or, alternatively, automatically retrieve the output for all commands. If the answer is positive (y or a), sqlmap executes the command once and stores its standard output in a support table.

Either boolean-based blind SQL injection or UNION query SQL injection technique is used to dump the entry of this table and delete it afterwards.

This technique is also implemented for PostgreSQL. On Microsoft SQL Server, xp_cmdshell extended stored procedure is used to execute commands on the underlying operating system.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/mysql/iis/get_int_50.aspx?id=1 --os-shell -v 1 --union-use

That's all! See you.