How to set up SQLI Lab
Hello everyone, today we’ll be learning how to setup Dhakkan lab (one of the best labs I have seen for practising and understanding SQL INJECTION) in our latest Ubuntu Machine.
A laboratory that offers a complete test environment for those interested in acquiring or improving SQL injection skills. Let’s start. First, we will download SQLI lab inside html directory by the following link-
1 |
git clone http://github.com/Rinkish/Sqli_Edited_Version |
Once the download is done, we will move sqli labs into the /var/www/html directory and rename it to sqli. Then go inside the sqli directory where we will find /sqli-connections directory. Here we will run ls command to check the files and we can see that here is a file by the name of db-creds.inc
we need to make some changes in the config file by the following command-
1 2 3 4 5 6 7 |
cd Sqli_Edited_Version/ ls mv sqlilabs/ ../sqli cd sqli cd sql-connections/ ls nano db-creds.inc |
As we can see that username is given root and password is left blank which we need to modify.
Now here we will set the username and password as raj:123 Now save the file and exit.
Now browse this web application from through this URL: localhost/sqli and click on Setup/reset Databases for labs.
Now the sqli lab is ready to use.
Now a page will open up in your browser which is an indication that we can access different kinds of Sqli challenges
Click on lesson 1 and start the Sqli challenge.
Author – Rinkish Khera is a Web Application security consultant who loves competitive coding, hacking and learning new things about technology. Contact Here
I’ve been doing the lab on Kali Linux with php7 but when I reached Lesson 26 there’s no way of bypassing the SPACE blacklist filter. If anyone know anything about I’ll appreciate it.
Don’t know whether MariaDB has any patch to avoid it.