Book Image

Penetration Testing with BackBox

By : Stefan Umit Uygur
Book Image

Penetration Testing with BackBox

By: Stefan Umit Uygur

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with BackBox
Stefan Umit Uygur
Feb, 2014 | 130 pages
No titles found
Table of Contents (15 chapters)
Penetration Testing with BackBox
Penetration Testing with BackBox
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Starting Out with BackBox Linux
Starting Out with BackBox Linux
A flexible penetration testing distribution
The organization of tools in BackBox
Services
Update
Anonymous
Extras
Completeness, accuracy, and support
Links and contacts
Summary
2
Information Gathering
Information Gathering
Starting with an unknown system
Proceeding with a known system
Summary
3
Vulnerability Assessment and Management
Vulnerability Assessment and Management
Vulnerability scanning
False positives
Summary
4
Exploitations
Exploitations
Exploitation of a SQL injection on a database
Exploiting web applications with W3af
Summary
5
Eavesdropping and Privilege Escalation
Eavesdropping and Privilege Escalation
Sniffing encrypted SSL/TLS traffic
Password cracking
Summary
6
Maintaining Access
Maintaining Access
Backdoor Weevely
Summary
7
Penetration Testing Methodologies with BackBox
Penetration Testing Methodologies with BackBox
Information gathering
Summary
8
Documentation and Reporting
Documentation and Reporting
MagicTree – the auditing productivity tool
Summary
Index
Index

Exploitation of a SQL injection on a database

By performing a scan against one of our target systems, as we did in Chapter 3, Vulnerability Assessment and Management, we came across one of the very common vulnerabilities, related to MySQL. So, let's go through that one and see if we can exploit it somehow.

We will be using a so called SQL injection attack to perform this task, but first of all we have to be sure that the target machine is really vulnerable. There are two ways to check this: the easy way and the complicated way.

The easy way is to use a straightforward approach to find any of the login pages on the website and try to type ' (single quote) for both username and password parameters.

The long and complicated way is where the webmaster is clever (and most of them are) and hides or randomizes the login page name, where it will difficult to locate and attempt to access it.

In this case, we have to manually try every single page ID by putting a " ' " (single quote) before the ID number...

Previous Section
End of Section 2
Next Section