This thread is a sister thread to https://www.nairaland.com/6799302/master-x86-64-assembly-me-diffusing where I outlined x86-64 assembly.
Disclaimer: This information is for educational purpose only, I am NOT in ANYWAY liable to any misuse. If found guilty of misuse I am legally protected. This content is at readers discretion.
Objective of this thread.
* Use sqlmap to traige applications for any known vulnerability
* Use sqlmap to perform basic OSINT of applications
* Mastered important sqlmap commands.

Sqlmap is a free and open source tool used to triage applications for SQL injection vulnerability, it has being under active development since 2002.
What is SQL injection vulnerability?
SQL injection vulnerability occurs when developers incorrectly process user input(s) and use the unsanitized input(s) to generate SQL queries.
Types of SQL injection vulnerability
1. Error based injection
2. Timed based injection
3. Boolean based injection
4. Out-band injection
5. Blind injection
.
Tools used: sqlmap1.6 stable {you can download this from the GitHub releases page}, MousePad, Firefox, Kali Linux, Terminal, Metasploitable2, pfsense, virtual machine.

Quick Notes:
* Sqlmap comes pre-installed on Kali Linux, but I am using the latest stable release. I recommend downloading from GitHub
* The current sqlmap release comes with a repo of common text file to fine tune injections
* A proxy like Burp Suite or Owasp Zap can be used, but I defaulted to the browser since that is enough for now.
* Remember to always use common cyber security measures, I am using pfsense as my firewall.
.
With these in mind I'll share the commands and steps taken to ethically crack the OWASP Mutillidae Application.
.
1st Image: The first command I ran is to find out the tables where my input is being queried to. Now this is where the beauty of sqlmap comes into play, while executing this command, sqlmap displayed key information about the database management system, the Linux server operating system, the version of the database management system etc. The DBMS is MySQL, the version is MySQL > v4.1but less than v5.0 so I can also read up on vulnerabilities associated with this version of MySQL, the Linux server operating system is of version 8.1.
2nd Image: Those familiar with a sqlmap might wonder why the change of commands, the reason is, executing sqlmap commands that comes preinstalled on Kali is quite different from that which you downloaded. Since I had downloaded sqlmap from GitHub, the file comes with sqlmap.py script written entirely with python 3.
3rd Image: After executing the command, sqlmap showed me that the table my input is being queried against is the accounts table. I want to reiterate that sqlmap1.6 comes with a commons text file which helps in fine tuning your results, although there are other tables in the database, but sqlmap using the common text file was able to pin point the exact table my input is queried against. Commons text file, what is it? It is a file that contain common database tables and column names seen in popular applications.
4th Image: Now that I have gotten the table name, the next line of action is to get the column names in the table and it's type. For that I executed these command.

1st Image: At these point a lot more information at our disposal. I got the column names in the table, it's type, and I also got the name of the MySQL database which is owasp10.
2nd Image: At this point I can say that we have acquire much information, but the entire point of this injection is to get all the credentials stored in this database. In order words I want to be in control of the database. I will now display everything in the database by running this command.
3rd Image: Voila!!! We got everything from the database(accounts table), at this point I can log in as the admin and be a part controller of the application. From the image you'll see that there are 2 database administrator.
4th Image: Now let me rewind a little. The mutillidae application is complex, but vulnerable application built by the developers at OWASP. The image is showing the homepage of the application.

1st Image: The part of the application I decided to hack is Owasp10 > Injection > SQLi Extraction > User Info
2nd Image: The User Info Page. It request a Username and Password.
3rd Image: A likely question is, "How do I get the URL and cookie to initiate an attack?" I first of all inputted a wrong username and password, then I open the Developer Tool(Ctrl+Shift+I), then I sent the request, then I monitored the request and response from the Networks Tab under Headers in the Developer Tools. To get the URL I simply copied the URL after sending the request , I searched for the cookie value in Network > Cookie and copied the value. You will notice that the first GET is what I need.
4th Image: Now that I have hacked into the database, I decided to go extra step. I created some new accounts for myself, and I used the secure generated password from Firefox. Please not that no matter the level of security you might put in place, a vulnerable application kills all that effort. So you might have the best password in the world, but if that site is vulnerable, your passwords are USELESS

1st Image: My account created.
2nd Image: Using the same technique as used earlier you can see that even with my supposedly strong password, all my credentials are EXPOSED.
The only systems that are safe are air gapped systems. That systems that are disconnected from a network
3rd Image: At this point I navigated to the blog post section of the application, and wrote some text anonymously.
4th Image: Some of the text I wrote.

Next I'll show how I can hack this part of the application to expose all these texts.

I promised yesterday to share how I hacked and exposed all the comments in the blog section of the OWASP10 Mutillidae App.
The power of SQL injection comes from the fact that once you have access to the database, you can view everything thing in the database, and for advanced hacker they can even wipe out information from the database, so it is very important that software developers sanitize ALL user inputs in their application.
1st Image: From prior executions I found out that there are six tables in the database, I had already exposed accounts table, and in this part I'll expose the blogs_table and credit card table. The first thing is to check the columns in the blogs_table table.
2nd Image: The command I executed to display all the columns in blogs_table table.
3rd Image: Exposed comments. You will notice the post I made yesterday anonymously was also exposed.
4th Image: I ran the following command to expose the credit card details of user.

1st Image: Exposed card details(Note that these are not real card details).
.
Now that we have seen the power and disaster of SQLi vulnerability,the most question is, "How can you protect your assets from such attack? "

Another thing is most of the passwords show herein are plain text passwords, what if the passwords are encrypted?
Well if the passwords are SHA-256 encrypted, then you are relatively safe, but if the passwords are MD5 encrypted, then you are not safe at all, as it is very easy to crack MD5 encrypted files.

2nd Image: In order to demonstrate the vulnerability of MD5 hashes, I hacked into dvwa database.
3rd Image: I logged in using the charley password to test my exploit.
4th Image: I decided to use a tool called hashcat to know what hash the passwords are encrypted with. They are encrypted with MD5.

1st Image: Hashcat use some predefined text files to crack cryptographic hashes like MD5, and so I used the wordlists.txt file that comes with Kali.
2nd Image: Every time you start up hashcat, it displays helpful commands.
3rd Image: After scanning through the commands, I settled to use the --force.
4th Image: After some few milliseconds, hashcat displayed the cracked password.
( Depending on your machine configuration it might take millisecond to minutes to crack the hashes)

Different nonsense image


If u can't hack common my Nairaland account then you're doing rubbish

DeathToAfonja:
Different nonsense image


If u can't hack common my Nairaland account then you're doing rubbish

With all due respect I decline from hacking your online accounts, the reason for creating this thread is to share knowledge, and not to illegally hack accounts. The application and server used herein are in my possession. Hacking your accounts would be illegal.
Please learn to show some emotional intelligence.
Have a good day.