Hello everyone, with the joy of
having new kali version somewhere few of us are having hard time in setting
Dhakkan (AUDI-1) sql series lab in our kali machine.
So today we’ll be learning how to
setup Dhakkan lab (one of the best labs I have seen for practicing and
understanding SQL INJECTION) in our latest kali machine.
Download from here
Q - Why it is not as simple as it
was in older version of kali?
Ans- In latest version of kali we
are having PHP version 7.xxx which does not support MySQL functions because it
support MySQLi functions.
MySQLi Extension (or simply known
as MySQL improved or MySQLi) is a relational database driver that is used
mainly in the PHP programming language.
So we have 2 ways to set up
1-
Degrade your PHP version to 5.xx
2-
Change code of original Dhakkan lab to make it
work with latest kali.
We’ll change code of labs.
Q- How I came to know that this
is the issue?
Ans – When I set up my lab and
browse it from my browser I saw I was unable to set up database required, See
below screenshot
In the above screenshot see the URL .So now I know something
is wrong in setup-db.php so I tried
to run this specific file in my kali, see screenshot
So after googling the error I came to know I have to replace
mysql_connect() with mysqli_connect()
After making this change when I run setup.php again I came across new error, see screenshot
So I replace mysql_query($sql)
with mysqli_query($con, $sql)
($con is the connection link we
made to our database) if you don’t know php don’t worry simply replace mysql_query($sql) with mysqli_query($con, $sql)
So this is how I debug the issue.
Now I am summarizing the changes
that I made and you have to do to set up your lab.
Simply use Ctrl+F and replace all
feature to make changes at a fast pace.
You have to make changes in
index.php of ALL lessons, other php files in lessons and in all php files
present in sql-connections Folder.
(Or you can contact me to get the edited lab)
|
S.No
|
Replace
|
Replace By
|
|
|
|
|
|
1
|
mysql_query($sql)
|
mysqli_query($con, $sql)
|
|
2
|
mysql_error()
|
mysqli_error($con)
|
|
3
|
mysql_fetch_array($result)
|
mysqli_fetch_array($result, MYSQLI_BOTH)
|
|
4
|
mysql_fetch_array($result1)
|
mysqli_fetch_array($result1, MYSQLI_BOTH)
|
|
5
|
mysql_connect($host,$dbuser,$dbpass)
|
mysqli_connect($host,$dbuser,$dbpass)
|
|
6
|
mysql_real_escape_string($value)
|
mysqli_real_escape_string($con, $value)
|
|
7
|
mysql_select_db($dbname, $con)
|
mysqli_select_db($con, $dbname)
|
After making the above changes copy complete sqli-labs
folder in /var/www/html folder of kali
Now give permissions to sqlilabs folder using command “chmod
777 sqlilabs”
Now move to sqlilabs folder using command “cd sqlilabs” And
give permissions to all files and folder in it using command “chmod 777 *”
Now your lab is ready to use you can access you lab using
your browser Ip of your kali machine/sqlilabs
Click on Setup/reset Database for labs
Database set now practice and
enjoy and use you skill to help organizations in securing their apps and
applications from hackers. Don’t test it on sites for which you don’t have
written permission to do so. It is illegal you may end up going behind the bars
and ruin your career.
We are very thankful to
Audi-1(aka Dhakkan) for creating such an interesting and awesome environment
for us to understand and practice SQL injection.
0 comments:
Post a Comment