Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 12

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap out-of-band takeover features with Metasploit integration: sqlmap is launched against an ASP test page hosted on a Microsoft Windows 2003 server with back-end database management system being Microsoft SQL Server 2005.

The tool is instructed to identify possible SQL injections, then exploit a database's stored procedure heap-based buffer overflow vulnerability (MS09-004) if it is Microsoft SQL Server 2000 or 2005. sqlmap relies on Metasploit to create the shellcode which gets executed upon successful exploiting of the buffer overflow on the database server and establishes the connection between the user's machine and the database server.

The control is passed over to the Metasploit command line interface where the user can proceed to privilege escalate to SYSTEM by exploiting MS10-015 vulnerability with Meterpreter getsystem command.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/mqsql/iis/get_int.asp?id=1 --os-bof -v 1 --msf-path ~/software/metasploit

That's all! See you.