Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


     

    According to PortSwigger:  "SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution."  And according to the SQLMap description:  "sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers."

    This isn't a 101 of SQL Injection, if you're familiar with SQLMap, you've moved past 101.  This is the method I use when I leverage SQLMap.  I've seen other syntax for performing these tasks but I prefer to capture the POST request in Burp, dump the contents into a file, and then point SQLMap to my text file POST request.

    We execute SQLMap, we point it to our captured POST request, -p equals the parameter where we think we can inject, The -level flag is for the level of tests to perform (1-5).  The -risk flag is for the level of risk (1-3).  The --dbs flag is used for enumerating databases.  And while not stated, if we knew the database server, we could do something like:  DMBS=MySQL which would narrow down the attack.  The threads flag should be self-explanatory. 

    We kick off our scan and immediately, SQLMap believes we can inject:



    Eventually, the output provides us with a list of databases:


    SQLMap stores that information and we can build upon it.  We change our syntax a bit and we're attempting to dump the database columns:


    Eventually, we get the database columns:


    And finally, we come back once more and we're going to dump the contents of a table that looks interesting to us:


    We end up with:


    And now we have a hash to crack. 

    On some older servers, we have ability to read and write into the file system and in some cases, we can execute the os-shell command which drops us onto the server.  You are not going to find these parameters functional unless you find a very old server.  Or perhaps one that's been intentionally configured or poorly configured to allow for this functionality to work.


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.