Database Hacking, Penetration Testing, Website Hacking

How to set up SQLI Lab

May 26, 2017 by Raj Chandel

Hello everyone, today we’ll be learning how to setup Dhakkan lab (one of the best labs I have seen for practising and understanding SQL INJECTION) in our latest Ubuntu Machine.

A laboratory that offers a complete test environment for those interested in acquiring or improving SQL injection skills. Let’s start. First, we will download SQLI lab inside html directory by the following link-

git clone http://github.com/Rinkish/Sqli_Edited_Version

Once the download is done, we will move sqli labs into the /var/www/html directory and rename it to sqli. Then go inside the sqli directory where we will find /sqli-connections directory. Here we will run ls command to check the files and we can see that here is a file by the name of db-creds.inc

we need to make some changes in the config file by the following command-

cd Sqli_Edited_Version/
ls
mv sqlilabs/ ../sqli
cd sqli
cd sql-connections/
ls
nano db-creds.inc

As we can see that username is given root and password is left blank which we need to modify.

Now here we will set the username and password as raj:123 Now save the file and exit.

Now browse this web application from through this URL: localhost/sqli and click on Setup/reset Databases for labs.

Now the sqli lab is ready to use.

Now a page will open up in your browser which is an indication that we can access different kinds of Sqli challenges

Click on lesson 1 and start the Sqli challenge.

Author – Rinkish Khera is a Web Application security consultant who loves competitive coding, hacking and learning new things about technology. Contact Here

16 thoughts on “How to set up SQLI Lab”

Emperor says:

January 19, 2018 at 5:46 pm

can get edited lab
1. Rinkish says:
  
  May 6, 2018 at 12:03 pm
  
  https://github.com/Rinkish/Sqli_Edited_Version
Shreyans Soni says:

February 19, 2018 at 4:56 pm

Check out my script for this issue:
https://github.com/hnsoni/SQLi_Lab_Fix.git

This will fix the issue on linux Based system.
Anil says:

April 15, 2018 at 10:54 am

i need edited lab
1. Raj Chandel says:
  
  April 16, 2018 at 8:48 am
  
  contact article author [email protected]
2. Rinkish says:
  
  May 6, 2018 at 12:01 pm
  
  https://github.com/Rinkish/Sqli_Edited_Version
aditya says:

December 20, 2018 at 10:18 am

thanks for it . keep it up . if you have more resources for advanced web pentest then plz send me link or material at [email protected] plz give some attention
Yash says:

March 1, 2019 at 7:32 pm

Okay, so i downloaded the edited lab and carried out all commands. Still DB does not load. Anything new or different with kali 2019?
hocrux says:

August 26, 2019 at 3:44 pm

thank you!! thank you so much!!
i got it. 🙂
Bhargav Sai Madhabattula says:

May 1, 2020 at 9:21 am

Okay, I downloaded all the edited lab and followed every command in the tutorial. Still can’t load the DB? Please help me out..!
1. Raj Chandel says:
  
  May 1, 2020 at 11:17 am
  
  article updated, please check
Hacker says:

May 20, 2020 at 4:42 pm

[*]……………….Could not connect to DB, check the creds in db-creds.inc:

How to solve this error?
1. Shooter says:
  
  September 6, 2020 at 5:02 am
  
  try with your mysql creds
Rohit says:

September 10, 2020 at 7:19 pm

[*]……………….Could not connect to DB, check the creds in db-creds.inc:
Arif says:

December 20, 2020 at 3:40 pm

amazing lab test from dhakkan.

but edited lab, still have many missing lesson.

imho, i gave up n prefer installed ubuntu 14.04 support php5 in virtualbox in kali linux 2019.

and voilaaa, original sqli dhakkan run smooth.
Kairos says:

March 5, 2021 at 7:13 pm

I’ve been doing the lab on Kali Linux with php7 but when I reached Lesson 26 there’s no way of bypassing the SPACE blacklist filter. If anyone know anything about I’ll appreciate it.

Don’t know whether MariaDB has any patch to avoid it.