[Plug-security] SQL Injection Toyz [Flag] (Still Up/Available)

Lisa Kachold lisakachold at obnosis.com
Wed May 22 12:37:04 MST 2013


You can get in via *msfadmin ssh.  *
*
*
*I rebooted it.*
*
*
*It should answer now.
*
We just needed to do this:
http://colesec.inventedtheinternet.com/metasploitable-2-and-mutillidae/


On Wed, May 22, 2013 at 11:17 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:

> Login to the first page - the login is on the bottom of the screen and
> restart the toy/tool.
>
>
> On Wed, May 22, 2013 at 11:16 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Someone probably crashed the server.
>>
>> We can recreate it.
>>
>>
>> On Tue, May 21, 2013 at 2:20 PM, Sam Kreimeyer <skreimey at gmail.com>wrote:
>>
>>> The error messages on the web server make it look like all the tables
>>> have been dropped on mutillidae. Was that the injection point we were
>>> supposed to go for?
>>>
>>>
>>> On Tue, May 14, 2013 at 3:17 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>
>>>>  We are giving the PLUG Hackfesters additional time to take this flag.
>>>>  Since SQL Injection is one of those skills that really demands mastery (or
>>>> a good deal of experience with SQL commands such as obtained via DevOps or
>>>> Linux Systems Administration/Engineering).
>>>>
>>>> The exploitable system is still up at http://12.159.65.86 -in the
>>>>  OneNeck DeVry Rack - Thanks very Much to OneNeck Hosting for
>>>> providing this rack resource to the DeVry Students and Phoenix Open Source
>>>> Community!
>>>>
>>>> There are a great number of SQL Injection tools available for your use:
>>>>
>>>>
>>>> 0) https://code.google.com/p/mysqloit/
>>>>
>>>> 1) SQL Ninja:   If you are using SQL Ninja as packaged in BT5r3, it's
>>>> configured for use against Microsoft MSSQL and doesn't work. Our SQL
>>>> servers are not using a SA user - and a great number of the exploits in the
>>>> wild will be using Oracle, db2, postgresql, or mysql.  You can bypass the
>>>> (incorrectly preconfigured) version from BT5r3 (which, as a Pentesting
>>>> distro, exists just to get you started, not to stop you when something
>>>> doesn't work [or is broken by default because it's too powerful for the
>>>> masses]) with http://sqlninja.sourceforge.net/  - be sure to follow
>>>> the easy tutorial here:
>>>> http://sqlninja.sourceforge.net/sqlninjademo.html
>>>>
>>>> 2) http://sqlmap.org/  (Note, you must point this to the correct URL
>>>> where the example exploitable database is fed from a form  (I.E. this would
>>>> be found after completing the login http://12.159.65.86/dvwa/login.php
>>>> read the page silly ).  I saw a few of you pointing to the wrong URL/path.
>>>>  Some of that might be due to (again) the defaults in BT5r3.   Here's
>>>> better instructions on how to use the SQLmap tool (from any linux. Windows,
>>>> OSX python installation):
>>>> http://franx47.wordpress.com/2013/02/01/using-sqlmap-for-sql-injection/
>>>> (These worked for me).
>>>>
>>>> 3) If you would like to attack MSSQL to delve into SQL Injection (as
>>>> David Demland's presentation touched on to provide completeness on the
>>>> subject of SQL Injection = especially where "sa" user is concerned), please
>>>> see this test site:
>>>>
>>>> Here's content presentation that is specific to MySQL only for SQL
>>>> Injection:
>>>> http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php  For
>>>> anyone at greater than basic level of SQL Injection, the differences in
>>>> MSSQL and MYSQL (or other SQL server) are trivial (just ensure you
>>>> understand privileges for either mysql user or sa user, and other specifics
>>>> for db2 or Oracle for instance.
>>>>
>>>> 4) Of course many purists advocate use of BurpeSuite:
>>>> http://portswigger.net/burp/ (which is available in BT5r3 {open a
>>>> terminal window and type "locate burp"}).
>>>>
>>>> This is nothing like the fun that is had in [my] day to day Linux
>>>> systems administration for mysql/postgesql/db2 (for which we generally also
>>>> act as a "DBA") or hold key DevOps roles supporting large tanks of
>>>> developers with ETL projects.
>>>>
>>>> An especially fun and powerful ETL "tool" (imagine the possibilities)
>>>> is CloverETL:    http://www.cloveretl.com/
>>>>
>>>> Hackfest Mentorship DISCLAIMER:  We will happily assist you to learn or
>>>> use any tool in order to complete the practical parts of the labs (actual
>>>> encroachment).  We will not teach you "how to hack" or "how to get a flag"
>>>>  other than refer you to the public lab we have available (in this case
>>>> "Metasploitable") or ask you questions that will allow you to solve the
>>>> tests..  Expect all of your questions to lead to more questions - we hope
>>>> to teach you to USE THE SOURCE Luke!  Google will work if you don't have
>>>> any midi-chlorians in your blood.
>>>>
>>>> We especially love this "3 pronged attack"  Translated by use of
>>>> Google:
>>>> http://translate.google.com/translate?hl=en&sl=es&u=http://www.blogtecnico.net/bt5r3-tor-burp-suite-sqlmap/&prev=/search%3Fq%3Dburpsuite%2Bon%2Bbt5r3
>>>>
>>>> Okay, ready, let's hit the "Blind SQL Injection" button:
>>>> http://itsecuritylab.eu/index.php/tag/sql-injection/
>>>>
>>>> We decided not to use our resources for this flag....
>>>>
>>>> So if you want a flag just to win a prize, this one's not for you.
>>>>  Come back next month when we do IPV6.
>>>>  <http://www.cloveretl.com/>--
>>>>
>>>> (503) 754-4452 Android
>>>> (623) 239-3392 Skype
>>>> (623) 688-3392 Google Voice
>>>> **
>>>> it-clowns.com <http://it-clowns.com/c/index.php>
>>>> Chief Clown
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Plug-security mailing list  -  Plug-security at lists.phxlinux.org
>>>> To change settings or unsubscribe:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-security
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Plug-security mailing list  -  Plug-security at lists.phxlinux.org
>>> To change settings or unsubscribe:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-security
>>>
>>>
>>
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com/c/index.php>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
>
> (503) 754-4452 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> it-clowns.com <http://it-clowns.com/c/index.php>
> Chief Clown
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/c/index.php>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20130522/b9189154/attachment.html>


More information about the Plug-security mailing list