SQL Injection to Meterpreter

Goal: By exploiting SQL Injection vulnerability fully compromise the victim server and get reverse shell (Meterpreter) using SQLMap.

Victim System: Damn Vulnerable Web App (DVWA) is installed in Windows XP for creating such virtual lab. IP: 192.168.24.131

Attacker System: Kali Linux 2.0 [Python 2.7, SQLMap and Metasploit installed by default]. IP: 192.168.24.129

Tools:

SQLMap: sqlmap is a python based open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. For any quires: http://sqlmap.org/

Meterpreter: Meterpreter is a payload (shell) of Metasploit. After successful exploitation Meterpreter shell will give you command line access to victims system. Using Meterpreter you can do whatever you want to do. For any quires: https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/

Process:

1

FIG 1: Login to DVWA for SQLi [admin:password]

2

FIG 2: Set Security Update as “Low”

3

FIG 3: Setting Burp Proxy to analyze the response

4

FIG 4: Random check by using value “1”

5

FIG 5: Putting a Single Quote in GET parameter “ID” causing an DB error

6

FIG 6: Analyze the response and find the session cookie

7

FIG 7: SQLMap command to exploit SQLi and get the DB

8

FIG 8: Got the DBs | SQLi Proved

9

FIG 9: SQLMap Command to gain system level access

10

FIG 10: Some options that we have to choose

11

FIG 11: Successfully injecting payload to victim’s server

12

FIG 12: Bingoooo!!!! We pwned the system with Meterpreter