[Plug-security] SQL Injection Toyz [Flag] (Still Up/Available)
Lisa Kachold
lisakachold at obnosis.com
Wed May 22 13:35:26 MST 2013
Here's the SQL Injection links:
http://12.159.65.86/dvwa/index.php
On Wed, May 22, 2013 at 12:37 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
> You can get in via *msfadmin ssh. *
> *
> *
> *I rebooted it.*
> *
> *
> *It should answer now.
> *
> We just needed to do this:
> http://colesec.inventedtheinternet.com/metasploitable-2-and-mutillidae/
>
>
> On Wed, May 22, 2013 at 11:17 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Login to the first page - the login is on the bottom of the screen and
>> restart the toy/tool.
>>
>>
>> On Wed, May 22, 2013 at 11:16 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>
>>> Someone probably crashed the server.
>>>
>>> We can recreate it.
>>>
>>>
>>> On Tue, May 21, 2013 at 2:20 PM, Sam Kreimeyer <skreimey at gmail.com>wrote:
>>>
>>>> The error messages on the web server make it look like all the tables
>>>> have been dropped on mutillidae. Was that the injection point we were
>>>> supposed to go for?
>>>>
>>>>
>>>> On Tue, May 14, 2013 at 3:17 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>>
>>>>> We are giving the PLUG Hackfesters additional time to take this
>>>>> flag. Since SQL Injection is one of those skills that really demands
>>>>> mastery (or a good deal of experience with SQL commands such as obtained
>>>>> via DevOps or Linux Systems Administration/Engineering).
>>>>>
>>>>> The exploitable system is still up at http://12.159.65.86 -in the
>>>>> OneNeck DeVry Rack - Thanks very Much to OneNeck Hosting for
>>>>> providing this rack resource to the DeVry Students and Phoenix Open Source
>>>>> Community!
>>>>>
>>>>> There are a great number of SQL Injection tools available for your
>>>>> use:
>>>>>
>>>>> 0) https://code.google.com/p/mysqloit/
>>>>>
>>>>> 1) SQL Ninja: If you are using SQL Ninja as packaged in BT5r3, it's
>>>>> configured for use against Microsoft MSSQL and doesn't work. Our SQL
>>>>> servers are not using a SA user - and a great number of the exploits in the
>>>>> wild will be using Oracle, db2, postgresql, or mysql. You can bypass the
>>>>> (incorrectly preconfigured) version from BT5r3 (which, as a Pentesting
>>>>> distro, exists just to get you started, not to stop you when something
>>>>> doesn't work [or is broken by default because it's too powerful for the
>>>>> masses]) with http://sqlninja.sourceforge.net/ - be sure to follow
>>>>> the easy tutorial here:
>>>>> http://sqlninja.sourceforge.net/sqlninjademo.html
>>>>>
>>>>> 2) http://sqlmap.org/ (Note, you must point this to the correct URL
>>>>> where the example exploitable database is fed from a form (I.E. this would
>>>>> be found after completing the login http://12.159.65.86/dvwa/login.php
>>>>> read the page silly ). I saw a few of you pointing to the wrong URL/path.
>>>>> Some of that might be due to (again) the defaults in BT5r3. Here's
>>>>> better instructions on how to use the SQLmap tool (from any linux. Windows,
>>>>> OSX python installation):
>>>>> http://franx47.wordpress.com/2013/02/01/using-sqlmap-for-sql-injection/
>>>>> (These worked for me).
>>>>>
>>>>> 3) If you would like to attack MSSQL to delve into SQL Injection (as
>>>>> David Demland's presentation touched on to provide completeness on the
>>>>> subject of SQL Injection = especially where "sa" user is concerned), please
>>>>> see this test site:
>>>>>
>>>>> Here's content presentation that is specific to MySQL only for SQL
>>>>> Injection:
>>>>> http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php For
>>>>> anyone at greater than basic level of SQL Injection, the differences in
>>>>> MSSQL and MYSQL (or other SQL server) are trivial (just ensure you
>>>>> understand privileges for either mysql user or sa user, and other specifics
>>>>> for db2 or Oracle for instance.
>>>>>
>>>>> 4) Of course many purists advocate use of BurpeSuite:
>>>>> http://portswigger.net/burp/ (which is available in BT5r3 {open a
>>>>> terminal window and type "locate burp"}).
>>>>>
>>>>> This is nothing like the fun that is had in [my] day to day Linux
>>>>> systems administration for mysql/postgesql/db2 (for which we generally also
>>>>> act as a "DBA") or hold key DevOps roles supporting large tanks of
>>>>> developers with ETL projects.
>>>>>
>>>>> An especially fun and powerful ETL "tool" (imagine the possibilities)
>>>>> is CloverETL: http://www.cloveretl.com/
>>>>>
>>>>> Hackfest Mentorship DISCLAIMER: We will happily assist you to learn
>>>>> or use any tool in order to complete the practical parts of the labs
>>>>> (actual encroachment). We will not teach you "how to hack" or "how to get
>>>>> a flag" other than refer you to the public lab we have available (in this
>>>>> case "Metasploitable") or ask you questions that will allow you to solve
>>>>> the tests.. Expect all of your questions to lead to more questions - we
>>>>> hope to teach you to USE THE SOURCE Luke! Google will work if you don't
>>>>> have any midi-chlorians in your blood.
>>>>>
>>>>> We especially love this "3 pronged attack" Translated by use of
>>>>> Google:
>>>>> http://translate.google.com/translate?hl=en&sl=es&u=http://www.blogtecnico.net/bt5r3-tor-burp-suite-sqlmap/&prev=/search%3Fq%3Dburpsuite%2Bon%2Bbt5r3
>>>>>
>>>>> Okay, ready, let's hit the "Blind SQL Injection" button:
>>>>> http://itsecuritylab.eu/index.php/tag/sql-injection/
>>>>>
>>>>> We decided not to use our resources for this flag....
>>>>>
>>>>> So if you want a flag just to win a prize, this one's not for you.
>>>>> Come back next month when we do IPV6.
>>>>> <http://www.cloveretl.com/>--
>>>>>
>>>>> (503) 754-4452 Android
>>>>> (623) 239-3392 Skype
>>>>> (623) 688-3392 Google Voice
>>>>> **
>>>>> it-clowns.com <http://it-clowns.com/c/index.php>
>>>>> Chief Clown
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Plug-security mailing list - Plug-security at lists.phxlinux.org
>>>>> To change settings or unsubscribe:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-security
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Plug-security mailing list - Plug-security at lists.phxlinux.org
>>>> To change settings or unsubscribe:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-security
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> (503) 754-4452 Android
>>> (623) 239-3392 Skype
>>> (623) 688-3392 Google Voice
>>> **
>>> it-clowns.com <http://it-clowns.com/c/index.php>
>>> Chief Clown
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com/c/index.php>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
>
> (503) 754-4452 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> it-clowns.com <http://it-clowns.com/c/index.php>
> Chief Clown
>
>
>
>
>
>
>
>
>
>
>
>
>
>
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/c/index.php>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20130522/5a32ace0/attachment-0001.html>
More information about the Plug-security
mailing list