Sqlmap+dvwa instance walkthrough of Sql injection
I believe that many students already know what SQL injection is, and understand why SQL injection occurs. Interesting and practical functions such as bypassing login and illegal modification can also be achieved by "manual" injection in the input box and url. But these are far from making us feel the great power of sql injection.
You must have heard various news reports that xxx websites were hacked and millions of user data were leaked. Wondering how they got this data? Without talking too much about the principles, let 's practice the "drag library" together with the [Sqlmap+dvwa instance drill of Sql injection] project tutorial in the laboratory building .
sqlmap is currently the hottest automated SQL injection tool, which can scan, discover and exploit SQL injection vulnerabilities of a given URL. DVWA is a target drone web application that contains some common security vulnerabilities. Both the spear and the shield are in hand, let's feel the actual power of SQL injection through the actual exercise of this project.
1. Principle of sql injection
The fundamental reason why injection attacks are feasible is the mixing of data and programs/instructions. In SQL injection, the carefully constructed input data will "overflow" its original data domain scope and become part of the SQL statement control domain, thereby changing and controlling the behavior of the SQL statement.
The steps to exploit SQL injection vulnerabilities can be divided into:
- Find the injection point (where to inject)
- Constructing the injected content (how to inject)
Injection point:
According to the principle of injection, it can be judged that there is a possibility to be injected wherever there is data interaction with the server. Web applications have many user input methods, some of which are obvious, such as HTML forms. But there are many non-obvious interactions such as hidden HTML form inputs, HTTP headers, cookies, and even asynchronous AJAX data interaction requests. Common injection points are GET requests (url parameters) and POST requests (form data). We can comprehensively analyze injectable points through agents and packet capture tools such as burp suite.
Injection type:
There are 5 types of injection string construction methods or injection types, namely:
- Boolean injection
- Error injection
- Injection based on time delay
- Federated Query Injection
- Multi-statement query injection
These five methods basically cover the vast majority of injection attack instances. Mastering these five methods can be said to be able to find and use SQL injection very well.
The first three are generally used to obtain DBMS-related information and sql injection detection; the latter two are used to obtain a large amount of data in the database.
sqlmap automatically uses the above construction methods during detection and injection.
Second, the installation and use of sqlmap
What is SQLmap?
SQLmap is a free and open source tool for detecting and exploiting SQL injection vulnerabilities. It has a great feature, which is the automated processing of detection and exploitation (database fingerprinting, accessing the underlying file system, executing commands).
The software source of ubuntu does not contain sqlmap, and it is slow to download the source code from github. We use the source of kali to download and install it to save time.
$ wget http://labfile.oss.aliyuncs.com/courses/645/kali_aliyun_source.txt
$ sudo cat /etc/apt/sources.list >> kali_aliyun_source.txt
$ sudo cp kali_aliyun_source.txt /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install sqlmapDuring the installation process, there may be an error message indicating that the software package cannot be verified, which will not affect subsequent experiments and can be ignored and skipped. After the installation is complete, enter in the terminal to sqlmap -u '.'test whether it can be used normally:
If you see a yellow banner, the installation is successful.
3. Deployment and use of dvwa
What is DVWA?
DVWA (Dam Vulnerable Web Application) is a set of WEB vulnerability testing programs written in PHP+Mysql for regular WEB vulnerability teaching and detection. Contains some common security vulnerabilities such as SQL injection, XSS, blind injection, etc.
This project course of the laboratory building has been downloaded from the dvwa official website and a simple deployment script has been added. Follow the steps below to deploy dvwa to the laboratory building environment:
$ wget http://labfile.oss.aliyuncs.com/courses/645/dvwa_deploy.tar.gz
$ tar -zxvf dvwa_deploy.tar.gz
$ ./deploy.shThen open the browser, enter the localhost/dvwa/setup.phpaccess initial setting page in the address bar, and click the button in the figure to initialize the database.
The result after successful initialization is as follows:
After initialization, the page will jump to the login page, enter the default user name admin and password password to log in to the system.
The next step is to set the difficulty level of the dvwa system. Since it is a specialized training system, 4 attack difficulty levels are designed for different usage scenarios.
After logging into the system, click DVWA SecurityOptions to see the settings page. After setting the difficulty to low, click submit for the setting to take effect. Interested students can also set medium to high difficulty to learn and practice some passby skills.
4. Start injecting
这一步是动手实战开始注入,主要分为以下两个步骤:
- 注入点扫描;
- 注入点利用;
关于具体的操作方法和详细代码,点击这里就可以查看了~