KEMBAR78
Week 8 | PDF | Internet | Data Management
Scribd
Upload
7 views22 pages

Week 8

The document provides a step-by-step guide on using the Mutillidae II web application with Burp Suite for testing SQL injection vulnerabilities. It explains how to start the application, configure proxy settings, and execute SQL injection attacks using tools like SQLMap and Burp Suite. Additionally, it covers methods for exploiting broken authentication through brute force and SQL injection techniques to gain access to admin accounts.

Uploaded by

trivenij.24cse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views22 pages

Week 8

The document provides a step-by-step guide on using the Mutillidae II web application with Burp Suite for testing SQL injection vulnerabilities. It explains how to start the application, configure proxy settings, and execute SQL injection attacks using tools like SQLMap and Burp Suite. Additionally, it covers methods for exploiting broken authentication through brute force and SQL injection techniques to gain access to admin accounts.

Uploaded by

trivenij.24cse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Web Application (mutillidae II)with

Brup Suite
To Start mutillidae Web Application
Go to The Terminal And type sudo /opt/lampp/lampp start

a. Make Sure That Apache And MySQL are running ok


B. Go to the web Browser And Type on the search bar localhost/mutillidae or
127.0.0.1/mutillidae

Go Owasp 2017 -> A1 Injection (SQLi) ->SQLi -Extract Data -> User info(SQLi)
Now on your Kali linux There is A built-in Tool Called Burp suite,Open and click Next

Next Click on Start burp..


In the browser Go To settings -->search For proxy -->Proxy settings

Give Http Proxy as 12.0.0.1 and port as 8080.


Go to the proxy In burpsuite and Make sure The Interceptor Is on Before You Send the
Request
Run a SQLi query so the interceptor can catch the request and we can modify and forward
to the server
As we can see in below img that we Have caught the request Which is sent by the Browser

We can modify and forward to the Browser so the data they receive would be different .

As you can see The hints on mutillidae are disabled due to raising up the Security level
As in the Higher Security to access the hint are possible Just by changing the data in
interceptor
As the image Below the ‘Showhints’ cookie as been changed to 0 → 1
Now Forward it to the browser

So the Data in browser Would be changed In higher Security as shown below


Using Cookies Lets Expliot SQLi injection Automatically on
SQLMAP

Copy The URL which should be exploited

Go to the Terminal and type sqlmap -u “URL” --cookie= “CookieID”


--tables --batch
As we can see The SQL Injection Atomatically executed

Now Lets Change Some command To Dump Table Of Accounts


Go to the Terminal and type sqlmap -u “URL” --cookie= “CookieID”
--dump -T accounts --batch
In the Below Image we can see all dump Database with its parameters
Now lets go through Bruteforce attack

First In mutillidae go to A2 Broken Authentication and session


management →Authentication Bypass → via bruteforce.

Open Burp Suite ,turn on the intercept and Try to login so we can catch
the request.
Right click and send the request to Intruder,change sniper→Cluster
bomb, go to payload and use your own dictionary file or make your own
random words to attack
After you insert attack it !!.
After the attack, to check the password and username are correct ,check
the status if it is 302 it is the combination of its username and password ,
go to the login page and input the username and password.
Now lets go through via SQL injection
To start it first go to A2 Broken Authentication and session management
→Authentication Bypass → via SQL injection

Now The SQL injection lets inject some SQL query so we can access
the admin account , in this we have 2 methods to login or get access
control of the admin
1st method → inject query in username—
Lets use the sql query of ( ‘or 1=1– )dont forget to put space after the
query

Now we successfully gained access Of admin …


2nd Method → inject query in password —
Let's use the sql query of [' or (1=1 and username='john')-- ' ]dont forget
to put space after the query

We have successfully logged in John’s account

You might also like