From SQL injection to Shell : Practicando SQL injectión

Difficulty

Beginner

Details

This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system.

What you will learn?

• SQL injection exploitation using UNION
• Cracking md5 hashed passwords
• Writing a PHP webshell

Requirements

• A computer with a virtualisation software
• A basic understanding of HTTP
• A basic understanding of PHP
• Yes, that's it!

Download

• from_sqli_to_shell.pdf (824K)
• from_sqli_to_shell.iso (64-bit, 172M, MD5: f40b5e5cd6842155552788c83e9f69b5)
• from_sqli_to_shell_i386.iso (32-bit, 169M, MD5: 9221158d81b826034b3b8e3d3fc8ec68)

Mirror

• from_sqli_to_shell.iso (64-bit, 172M, MD5: f40b5e5cd6842155552788c83e9f69b5)

Fuente:

https://www.pentesterlab.com/exercises/from_sqli_to_shell/

Ayuda para resolver el laboratorio:

http://websec.ca/kb/sql_injection