1. ETHICAL HACKING
LAB SERIES
Lab 14: Understanding SQL Commands &
Injections
Material in this Lab Aligns to the Following Certification
Domains/Objectives
Certified Ethical Hacking (CEH)
Domains
SANS GPEN Objectives
14: SQL Injection
14: Reconnaissance
13. www.netdevgroup.com Page 11
2 Querying with SQL
1. Using the test database, query the names of the users and
balance from the
users table.
select name, balance from users;
2. Query the names of the users and telephone numbers from
the personal table.
select name, telephone from personal;
3. Retrieve data across both tables: users and personal.
select users.name, users.balance, personal.telephone from users
join
personal where users.name=personal.name;
21. SQL Injection
Lab Assignment
In this lab, you will launch an SQL injection attack from Kali to
a vulnerable web application on OWASP BWA.
1) You are required to complete the section titled “SQL
Injection” in the lab instructions starting on Page 13. You
should log into Kali VM and enter “root” as the username and
“toor” as the password before starting the Section 4.
2) You can also complete the first three sections of the lab to
gain acquaintance with SQL. It is recommended, but not
required.
3) Before performing this lab, please make sure that you read
the sections related with SQL Injection in Chapter-26 and
Chapter 27.
4) Take a screenshot of step 12, Section 4. Only take the
screenshots that show password fields that are associated with
the users table.
Reflection Assignment
After completing this lab,
1) Write a one-paragraph summary for what you have done in
this netlab assignment.
2) Write a one-paragraph explanation of how you can fix the
vulnerability on OWASP BWA. (Refer to Chapter 26 and
Chapter 27)
3) Watch the video on this webpage and also read the story on
how an SQL injection vulnerability turned into a national
22. security case: https://abc7chicago.com/politics/how -the-
russians-penetrated-illinois-election-computers/3778816/ . What
are the consequences of this vulnerability?
Please follow APA formatting style. Cite all sources.