Solving OWASP Bricks Challenge #3 using SQLMap and Havij

OWASP Bricks is free and open source learning platform for web application security. It comes with lots of levels/challenges also known as ‘bricks’. Each brick has some sort of vulnerability. The official Bricks documentation shows how to exploit these vulnerabilities manually.

However, in this tutorial, automated tools are used to ‘break the Bricks’. If you don’t already have Bricks installed, please go through the setupinstructions. It’s just a matter of few minutes.

SQLMap is seen as an industry standard penetration testing tool when it comes to SQL injection. It’s a free command line utility written in Python. The commands are easy and straightforward.

Starting the scan

Scanning can be started simply by issuing the command: -u http://localhost/bricks/content-1/index.php?id=0

During the scan, SQLMap will go ahead and try to inject codes on all possible inputs. Once it detects a vulnerable point, it prompts a question back to the user asking whether they would like to continue looking for other injection points or not. For this tutorial, there is no point in analyzing the page further, so it can be skipped.

Listing out the databases

Enumerating the databases on the remote server can be done easily by issuing the following command: -u http://localhost/bricks/content-1/index.php?id=0 –dbs

This lists out all the databases on the remote MySQL server. For this particular tutorial, ‘brick’s is the database of interest.

Dumping the Entire database

The complete ‘bricks’ database can be dumped by issuing: -u http://localhost/bricks/content-1/index.php?id=0 -D bricks –dump

This dumps the complete database and shows in a nice manner on the command line. The result can also be seen in the sqlmap/output folder as a CSV file and can be opened using Microsoft Excel or any similar software.

This shows how easy it is to use an automated tool to perform SQL injection attacks. Let’s look at software called Havij.

Performing SQL injection using Havij is a point and click affair. Just supply it with the vulnerable URL, click on some buttons and you’re done!

 About Author

Abhi M is an information security professional and the project leader of OWASP Mantra and OWASP Bricks. He believes that being open can do incredible things for humanity. He is an avid reader of Hacking Articles and is following it since the first day he visited the same.

Leave a Reply

Your email address will not be published. Required fields are marked *