Leaderboard

Multi de pe forum se joaca cu atacuri de tip SQL Injection, dar nu stiu cati dintre ei stiu ceea ce se intampla in spatele query-ului folosita, si cu siguranta foarte multi nu stiu alte query-uri SQL. SQLZoo este un website cu tutoriale interactive, impartit pe capitole, care pune la dispozitia voastra o baza de date cu tabele, etc. si ofera spre rezolvare anumite task-uri. Asa ca, daca sunteti interesati de a invata cat de cat, puteti accesa sqlzoo.net. Nu e site-ul meu, nu am nici o legatura cu el. Doar mi s-a parut interesant.

INTRODUCTION: Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Many times when performing audit of a website, it is always advisable to place an intermediate proxy to know and have full control of the requests sent and received, for it to use Burp Suite. It is also known that in these audits, better known vulnerability that can occur is the SQL Injection. For this case, in this post brings a completely free plugin developed by ggdaniel that will help us use the Burp Suite sqlmap from an easy and effective. ¿WHAT IS SQLMAP? SQLMAP is an open source penetration testing tool that helps in automating the process of detecting and exploiting SQL injection vulnerabilities and taking full access over the database servers. ¿WHAT IS SQLMAP PLUG-IN? When we audit a web application, we normally configure an intermediate proxy to have more control over the request and response parameters. SQLMAP plug-in is an add-on feature that we can configure to the burp through which we can redirect a URL or a request directly to the SQLMAP with a single mouse click. ¿HOW TO CHARGE THE PLUGIN SUITE BURP? Very easy, the first thing we have to do is download the plugin from the following link: Downloads - gason - BurpSuite Plugin's Project - Google Project Hosting recommend downloading (burpplugins-0.9.3.zip), then decompress files and place them in the same folder where this Burp Suite (Pentest - web - burpsuite) Next, run the command to run Burp Suite along with respective plugin. Linux: - java -classpath burpplugins.jar: burpsuite_v1.4.01.jar burp.StartBurp Windows: - java -classpath burpsuite_v1.4.01.jar;burpplugins.jar burp.StartBurp CONFIGURING THE PROXY: Firefox: - Edit - Preferences - Advanced - Network - Settings - Manual Proxy Configuration Google Chorme: - Settings - Show Advanced Options - Network - Change Proxy Settings - Connections - LAN Settings The proxy configuration is necessary for this method because we need the browser to send requests to the Burp Suite ¿HOW DO WE USE THE PLUGIN? Once you have executed the next to Burp Suite Plugin is very easy to use it, simply right click on the request parameters which you can appreciate the "Send to sqlmap" as shown in the following image: If we click on that option will open a new window (sqlmap wrapper) that will configure sqlmap. It shows the overview of the configuration features in the "Target" specifies the URL you're testing (usually filled by default as it has previously sent the request parameters). We specify the method in which the domain is accessible (GET/POST), then in the "bin-path" seek the location and load the file sqlmap sqlmap.py In "Custom Options" you can select the options you execute the tool, for example we can list the database users, passwords, roles, privileges, databases, etc.. Default is set to "Auto" which means that the tool tried to list all the options listed. Sqlmap Once configured, click on "Run" to open a new tab with the execution of the configuration, as shown in the following image: One can see that the website is vulnerable, so it is accessible database. Now we will try to list all the tables in the database "intranet", for it set the sqlmap wrapper with "Enumerate database tables" which returns the following results: Then we list the table "dbo.BusquedaWeb" for its columns, select the option for it "Enumerate database tables and columns" returning the following result: As we already have the data of the database, tables and columns, we will give Dump to get the final results, we will use the option "Dump DBMS database" getting the latest results as shown in the following image: After obtaining the data we "want" can save the contents of the information obtained, to select it in the "Save to file" which will be saved in a text file. You see, audit a website from BurpSuite with this plugin is very comfortable and efficient, which helps us a lot in this process so tedious that usually the Penetration Test. I hope they can. Greetings.

// S-au terminat momentan. PM doar daca doriti vre-un key anume.