10 benefits to Upload c99 php webshell | SQL injection Test

Upload c99 php webshell

What after Upload c99 php webshell

Hey, Here is very important thing that what will you do after upload c99 PHP webshell. Ok first I am going to what is c99 php and what the use of this. So let me introduce first “c99.php is a webshell written in php languge used for” :

Travel across directories
• View files
• Edit files
• Upload files
• Download files
• Delete files
• Execute MySql queries / commands
• Bypass mod_security
• Permissions to directory/folders
• Execute shell commands
Video:

Run Netcat commands through webshell | SQLi Test 6

Run Netcat commands through webshell

Run Netcat commands through webshell

As we have discussed about web shell in previous tutorial. “Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts”.

Video:

Union SQL injection example with Curl and Burp suite SQL injection test 3

Union SQL injection example with Curl and Burp suite SQL injection test 3

Union SQL injection with Curl and Burp suite

What is union sql injection?
See more:
What is curl?
cURL stands for “Client URL Request Library” This is a command based tool for receiving or sending files using URL syntax. It supports common protocols, currently including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, LDAP, LDAPS, DICT, TELNET, FILE, IMAP, POP3, SMTP and RTSP.
What is burp suite?
Burp Suite is a Java application that can be used to secure & penetrate web applications. The suite consists of different tools, such as a proxy server, a web spider, an intruder and a so-called repeater, with which requests can be automated.

Video:

Union select sql injection attack | sql injection test 2

Union select sql injection attack | sql injection test 2

Union select sql injection attack | sql injection test 2

 

Union Select sql injection allow the attacker to retrieve data from database and dump databases. By this technique attacker displayed data from more than two tables. It shows the combine result from two table.

Why are attacker using union ?

Union perform the result from two select queries. Attacker have no control but they can perform UNION with another SELECT query designed by themselves and will display the result which will be union of the results of 2 queries.

Video:

How to Configure IceWeasel Web Browser with add-ons for Web Penetration Testing

How to Configure IceWeasel Web Browser with add-ons for Web Penetration Testing

How to Configure IceWeasel Web Browser with add-ons for Web Penetration Testing

Web browser play an important role in web Penetration Testing as well as web security but only web browser is not enough for web security, its needed external scripts or software called add-ons. There are lot of add-ons available for penetration testing. This topic will cover what important add-ons, required for web penetration testing. You will have to install all add-ons step by step on Firefox.

Video:

Manual SQL Injection By The Help of Firebug

sql-injection part 1

Mutillidae: Manual SQL Injection By The Help of Firebug

Web Penetration Testing: Part 3

What is SQL Injection?

SQL Injection is a technique used to data by Web page or data driven applications. This is done by using SQL statement or SQL command in an entry field of the website. It is a vulnerability inside the web application which allow attacker to run SQL command to the database. The vulnerability happens when user input incorrectly string and SQL statement executed unexpectedly. SQL Injection most probably attack vector for the website, can be used to attack any SQL database.

Pre-Requisite Lab:

  1. How to configure mutillidae in Fedora
  2. How to install Kali Linux on Virtual Box.
  3. How to install Firebug

Work On Victim Machine (Fedora 20)

  1. Run the Virtual Machine
  2. Open the Terminal.
  3. Check the IP Address
    #ifconfig
    This IP Address will be used by attack to access Mutillidae. In mine case it is 192.168.56.117. In your case may be changed.

Work On Attacker Machine (Kali Linux 1.0.7)

  1. Run the Virtual Machine of Kali Linux.
  2. Open Terminal and check the IP Address by using following command in terminal.
    #ifconfig
    Check the connectivity with Victim Machine (Fedora 20)
    #ping [Ip_Address] In Mine Case:
    #ping 192.168.56.117
    Check IP Address and connectivity
  3. Open the IceWeasel Web Browser and type in Address Bar
    http://[Victime _IP_Address]/mutillidae

In Mine case its.
http://192.168.56.117/mutillidae
access mutillidae Page

SQL Injection on Username Field

  1. Click on the Login/Register Menu in mutillidae.
    Task:
    Enter the single quote(‘) in the username Text Box, and click on the login button
    Result:
    After you click on the Login button, an error massage will be displayed
    Single quote test for sql injection
  2. Analyze Result
    A single quote (‘) is a reserved SQL character that breaks the SQL query by placing in the Username text box.
    SELECT * FROM accounts WHERE username=’’’ AND password=’’
    Normal query is looks like following query
    SELECT * FROM accounts WHERE username=’admin’ AND password=’admin’
    analyze result for single quote

SQL Injection: By Pass Password without Username

TASK:
Enter the following in the Username Textbox à ‘ or 1=1 —

Make sure you have put the space after the “–“, Click on the login button to continue

Result:
Notice on the mutillidae screen you are logged in as admin, because admin is the first user in account table.

Placing ‘ or 1=1 —  means, Search for the username that is either to equal nothing or 1=1. So, the condition 1=1 is always true, and the “–“ string is a comment in SQL statement. Whick make the comment of left SQL query ( AND password= ‘’), which manipulate the password authentication. Query looks like following,

SELECT * FROM accounts WHERE username=’’ or 1=1 — ’ AND password=’’
aurthorized by user namebox

Log Out from the admin user, just click on LogOut menu in the picture

SQL Injection: Single Quote Test On the Password Field:

TASK:

  1. Click on the Login/Register.
    Put the name as admin
  2. Password field: Right Click and select Inspect Element
    inspect element
  3. Fire bug: Firebug bar will be open, String “password” is replaced with the word “text”, Minimize the firebug
    change password in text
  4. Apply true test to password Textbox. So fill following status,
    Name= ‘ or 1=1
    authentication throu password

Don’t forget to put a space after the “–“ click the login button.

ANALYZE THE RESULTS:

It is a happy moment, you are logged in as Admin. @Logout session
loged in by admin

Obtain Access by SQL Injection: Single Quote Test:

Inspect Password Box Element
TASK:

Click on Login/Register option.

Name: samurai

Password: Right Click and Select Inspect Element
inspect element

Edit the Following Element:

Replace the string “password” by “Text”

Replace string “20” with “50” within size and maxstrength.

Minimize or Close the firebug
authentication throu password

Apply the true statement by Password Textbox:

Name: Samurai

Password: ‘ or ‘ (1=1 and username=’samurai’) –

Don’t forget to put the space after the command

Click the login button to proceed.

Result: Notice you are logged on the application as Samurai than for SQL Injection.login with samurai

The Magical Code Injection Rainbow (MCIR) in Metasploitable2

Magical Code Injection Rainbow (MCIR) feature

The Magical Code Injection Rainbow (MCIR) a Web-based training projects

Dan Crowley, a data security aficionado and independent resheacher with Trustwave, has composed and brought forth five exceptionally amazing training suites. His Web-based training projects are easy to explore and come with different testing levels. His most recent creation is a pound up of his web mentors crushed into one advanced play area called, the Magical Code

 

Injection Rainbow (MCIR). MCIR is included the accompanying modules:

  • SQLol – a SQL injection preparing stage that takes into account customization of white and listed characters and successions focused on a test based stage to prepare the fundamental skills important to test and defeat SQL efforts to establish safety.
  • XMLmao – Like Sqlol, Xmlmao is a configurable XML injection training environment.
  • Shelol – A configurable operating System shell training environment for command injection.
  • XSSmh – Cross site scripting training tool.
  • CryptOMG – CryptOMG is a configurable catch the flag style web application designed to exploit normal imperfections in the usage of cryptography. More Information: https://github.com/SpiderLabs/MCIR

Installation Of MCIR

Go into Network setting in Metasploitable2 machine and put network Adapter Attached to: Bridge Adapter. Launch the Metasploitable2 machine And Run the following command to reset the network interface:

$sudo ifdown eth0

$sudo ifup eth0

Or

$sudo ifconfig eth0 down

$sudo ifconfig eth0 up

Magical Code Injection Rainbow (MCIR) 1

After run this command you have to give the password of user (msfadmin). Check to make sure the new IP address has been set.

$ifconfig eth0

Modify the nameservers in /etc/resolve.conf

$sudo nano /etc/resolve.conf

Magical Code Injection Rainbow (MCIR) 2

 

Set the IP Address of the name server to gateway on your network, then press Ctel+X to exit, save the file by using “y” and hit enter.

Test the Internet connectivity.

Ping www.google.com

If connectivity is established. The Next step Download the Magical Code injection Rainbow from GitHub.com.

$wget https://codeload.github.com/SpiderLab/MCIR/zip/master

Magical Code Injection Rainbow (MCIR) 3

The downloaded file is a ZIP container. Uncompress the master file by using following command.

$unzip master

Move the MCIR folder into Web-Server place.

$sudo mv MCIR-master /var/www/mcir

Magical Code Injection Rainbow (MCIR) 4

Edit the Metasploitable2 web page for access easily

$cd /var/www

$ sudo nano index.php

Magical Code Injection Rainbow (MCIR) 5

Add the MCIR to the list on the web page as in show in Figure.
Again go in the setting Wizerd and select Network in left menu bar then change the Attached to: Host-only Adapter. Click Ok to save changes and exit. Finally reset the network adapter card on Virtual machine of Metasploitable2.

$sudo ifdown eth0

$sudo ifup eth0

Check the IP address on the eth0 Network Interface Card.
$ifconfig eth0
Launch the Kali Linux Virtual machine, And open web browser and navigate to:
http://{IP_address_of_metasploitable2_virtual_machine}/

Magical Code Injection Rainbow (MCIR) feature