How to set up SQLI Lab in Kali

Hello everyone, with the joy of having new kali version somewhere few of us are having hard time in setting Dhakkan (AUDI-1) sqli series lab in our kali machine.

So today we’ll be learning how to setup Dhakkan lab (one of the best labs I have seen for practicing and understanding SQL INJECTION) in our latest kali machine.

Download from here

Q – Why it is not as simple as it was in older version of kali?

Ans- In latest version of kali we are having PHP version 7.xxx which does not support MySQL functions because it support MySQLi functions.

MySQLi Extension (or simply known as MySQL improved or MySQLi) is a relational database driver that is used mainly in the PHP programming language. 

So we have 2 ways to set up

  • Degrade your PHP version to 5.xx
  • Change code of original Dhakkan lab to make it work with latest kali.

We’ll change code of labs.

Q- How I came to know that this is the issue?

Ans – When I set up my lab and browse it from my browser I saw I was unable to set up database required, See below screenshot

In the above screenshot see the URL .So now I know something is wrong in setup-db.php so I tried to run this specific file in my kali, see screenshot

So after googling the error I came to know I have to replace mysql_connect() with mysqli_connect()

After making this change when I run setup.php again I came across new error, see screenshot

So I replace mysql_query($sql) with mysqli_query($con, $sql)

($con is the connection link we made to our database) if you don’t know php don’t worry simply replace mysql_query($sql) with mysqli_query($con, $sql)

So this is how I debug the issue.

Now I am summarizing the changes that I made and you have to do to set up your lab.

Simply use Ctrl+F and replace all feature to make changes at a fast pace.

You have to make changes in index.php of ALL lessons, other php files in lessons and in all php files present in sql-connections Folder.

(Or you can contact me to get the edited lab)

S.No Replace Replace By
1 mysql_query($sql) mysqli_query($con, $sql)
2 mysql_error() mysqli_error($con)
3 mysql_fetch_array($result) mysqli_fetch_array($result, MYSQLI_BOTH)
4 mysql_fetch_array($result1) mysqli_fetch_array($result1, MYSQLI_BOTH)
5 mysql_connect($host,$dbuser,$dbpass) mysqli_connect($host,$dbuser,$dbpass)
6 mysql_real_escape_string($value) mysqli_real_escape_string($con, $value)
7 mysql_select_db($dbname, $con) mysqli_select_db($con, $dbname)

After making the above changes copy complete sqli-labs folder in /var/www/html folder of kali

Now open kali terminal and move to this folder using command “cd /var/www/html”

Now give permissions to sqlilabs folder using command “chmod 777 sqlilabs”

Now move to sqlilabs folder using command “cd sqlilabs” And give permissions to all files and folder in it using command “chmod 777 *”

 

Now your lab is ready to use you can access you lab using your browser Ip of your kali machine/sqlilabs

Before accessing lab from your browser make sure to run these three commands
in your kali machine

1 – service apache2 start
2 – service mysql stop
3 – mysqld_safe –skip-grant-tables

Click on Setup/reset Database for labs

Database set now practice and enjoy and use you skill to help organizations in securing their apps and applications from hackers. Don’t test it on sites for which you don’t have written permission to do so. It is illegal you may end up going behind the bars and ruin your career.

We are very thankful to Audi-1(aka Dhakkan) for creating such an interesting and awesome environment for us to understand and practice SQL injection.

Author – Rinkish Khera is a Web Application security consultant who loves competitive coding, hacking and learning new things about technology. Contact Here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply