Sql injection manish file


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sql injection manish file

  1. 1. SQL Injection BY: Manish Bhandarkar
  2. 2. LAB Setup :- 1) VM with Hack me Bank Installed http://ninja-sec.com/index.php/hacme-bank-prebuilt-vmware-image-ninja- sec-com/ 2) SQL-Map For Windows https://github.com/sqlmapproject/sqlmap/zipball/master 3) SQL-Map For Unix It is there on Backtrack 5
  3. 3. OWASP TOP 10 A1 : Injection  Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data
  4. 4. Injections Common type of injections :  SQL  LDAP  Xpath  etc IMAPCT :  As disastrous as handling the database over to the attacker  Can also lead to OS level access
  5. 5. Definition  Exploiting poorly filtered or in-correctly escaped SQL queries to execute data from user inputTypes  Error Based  Blind Injections  Boolean Injections
  6. 6. How They Are Work? Application presents a form to the attacker Attacker sends an attack in the form data Application forwards attack to the database in a SQL query Database runs query containing attack and sends encryptedresult back to application Application renders data as to the user
  7. 7. SQL MAP
  8. 8. SQL MAP INTRODUCTION  Powerful command line utility to exploit SQL Injection vulnerability  Support for following databases  MySQL  Firebird IBM DB2  Microsoft SQL Server Oracle  SAP MaxDB SQLite  Sybase and PostgreSQL  Microsoft Access
  9. 9. TECHNIQUES OF SQL INJECTION  Boolean-based blind  Time-based blind  Error-based  UNION query  Stacked queries
  10. 10. SQL MAP OPTION KEYS o -u <URL> o -dbs (To enumerate databases) o -r (For request in .txt file) o -technique (SQL injection technique) o - dbms (Specify DBMS) o -D <database name> --tables o -T <table name> --columns o -C <column name> --dump o --cookie (Authentication) o --dump-all
  11. 11. SQL MAP FLOW  Enumerate the database name  Select database and enumerate tables  Select tables and enumerate columns  Select a column and enumerate rows(data)  Choose whatever u want
  12. 12. WHY USED SQL MAP?  Built in capabilities for cracking hashes  Options of running user defined queries  You could run OS level commands  You could have an interactive OS shell  Meterpreter shell with Metasploit
  13. 13. EXTRA USEFUL SQL MAP OPTION KEYS 1  --os-cmd  Run any OS level command  --os-shell  Starts an interactive shell  --os-pwn  Injects a Meterpreter shell  --tamper  Evading WAF
  14. 14. EXTRA USEFUL SQL MAP OPTION KEYS 2  --tor: Use Tor anonymity network  --tor-port: Set Tor proxy port other than default  --tor-type: Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)  --check-payload: Offline WAF/IPS/IDS payload detection testing  --check-waf: heck for existence of WAF/IPS/IDS protection  --gpage: Use Google dork results from specified page number  --tamper: custom scripts
  15. 15. U WANT TO EXPLORE MORE  SQL MAP Usage Guide http://sqlmap.sourceforge.net/doc/README.html  SQL MAP WITH TOR http://www.coresec.org/2011/04/24/sqlmap-with-tor/
  16. 16. THANK YOU BY: Manish Bhandarkar http://www.hackingforsecurity.blogspot.com