Subscribe to Blog via Email

Categories

Archives

Database Hacking, Penetration Testing, Website Hacking

How to set up SQLI Lab

Hello everyone, today we’ll be learning how to setup Dhakkan lab (one of the best labs I have seen for practising and understanding SQL INJECTION) in our latest Ubuntu Machine.

A laboratory that offers a complete test environment for those interested in acquiring or improving SQL injection skills. Let’s start. First, we will download SQLI lab inside html directory by the following link-

git clone http://github.com/Rinkish/Sqli_Edited_Version

Once the download is done, we will move sqli labs into the /var/www/html directory and rename it to sqli. Then go inside the sqli directory where we will find /sqli-connections directory. Here we will run ls command to check the files and we can see that here is a file by the name of db-creds.inc

we need to make some changes in the config file by the following command-

cd Sqli_Edited_Version/
ls
mv sqlilabs/ ../sqli
cd sqli
cd sql-connections/
ls
nano db-creds.inc

As we can see that username is given root and password is left blank which we need to modify.

Now here we will set the username and password as raj:123 Now save the file and exit.

Now browse this web application from through this URL: localhost/sqli and click on Setup/reset Databases for labs.

Now the sqli lab is ready to use.

Now a page will open up in your browser which is an indication that we can access different kinds of Sqli challenges

Click on lesson 1 and start the Sqli challenge.

Author – Rinkish Khera is a Web Application security consultant who loves competitive coding, hacking and learning new things about technology. Contact Here

16 thoughts on “How to set up SQLI Lab

  1. Okay, so i downloaded the edited lab and carried out all commands. Still DB does not load. Anything new or different with kali 2019?

  2. Okay, I downloaded all the edited lab and followed every command in the tutorial. Still can’t load the DB? Please help me out..!

  3. [*]……………….Could not connect to DB, check the creds in db-creds.inc:

    How to solve this error?

  4. amazing lab test from dhakkan.

    but edited lab, still have many missing lesson.

    imho, i gave up n prefer installed ubuntu 14.04 support php5 in virtualbox in kali linux 2019.

    and voilaaa, original sqli dhakkan run smooth.

  5. I’ve been doing the lab on Kali Linux with php7 but when I reached Lesson 26 there’s no way of bypassing the SPACE blacklist filter. If anyone know anything about I’ll appreciate it.

    Don’t know whether MariaDB has any patch to avoid it.

Leave a Reply

Your email address will not be published. Required fields are marked *