HACKLOG 2×07 – Fondamentali sul Linguaggio SQL


SQL is essential for anyone who has thought
at least once in a lifetime: “I want to pierce a website “.
With SQL (acronym of Structured Query Language) we refer to a language with which it is possible
command relational databases: for example we can add new values
or delete them, search within a row, see how many there are in a table e
so on, exactly how can we do from phpMyAdmin.
The advantage of knowing how to command in SQL is the faculty to work on an infinite number
of DBMS and therefore not to depend on any client; moreover, as we will see later,
it will be essential to know how to use it for extrapolate data following a violation
of a web portal. Fortunately, SQL is really a language
easy to use: it is represented through common English terms e
each action (in “jargon” query) matches to a complete sentence. Take for example the SELECT query, one
of the most popular in this language: SELECT username FROM users WHERE username=’admin’;
which translated is practically: SELECT username from TABLES users
WHERE username is equal to ‘admin’; The database will respond with one or more
results if: 1) There is a user table
2) The username column exists 3) There is at least one line whose username
is equal to admin Let’s try to run a query on our phpMyAdmin:
we select the database (forum) from the menu left, then click on the SQL tab
at the top and insert the following query, then confirm with the Go button at the bottom right:
SELECT username FROM users WHERE username=’admin’; A small table will appear in the center
of the page. In case we wanted to display more columns
it will be enough to specify them, separating them with a comma:
SELECT username, password, email FROM users WHERE username=’admin’;
In some tables there may be hundreds of columns and it would be impossible to remember them
all! Here then we can use the asterisk wildcard character (*); in this
so we can see all the fields: SELECT * FROM users WHERE username=’admin’; What happens when we want to check if
does a query meet multiple conditions? The AND operator, in this case, will report
a result only if both conditions are met, for example:
SELECT * FROM users WHERE username=’stefano’ AND password=’123456′
In the same way we can verify if only one of the two conditions is true:
SELECTFROM

WHEREOR
The OR operator therefore allows us to obtain a result if one of the two conditions is
true: SELECT * FROM users
WHERE username=’stefano’ OR password=’h4ckl0g% 21′ Let’s look at an UPDATE query for a moment
to change the fields. As in PHP and in Javascript, in SQL it is necessary
put strings in quotes to avoid to confuse with numbers and all others
elements that are used in programming. VARCHAR and INT are two types, among many others
available, which in SQL allow us to determine the types of values ​​that are in that column
allowed: with VARCHAR we can contain any character while with INT we can
to contain only whole numbers. Each type of value in turn requires (almost)
always a maximum allowed length: in our case we told id not to exceed
the maximum 11 characters. PHP can easily connect to MariaDB;
there are two different approaches – MySQLi and PDO – suited to the way it is possible
program PHP – procedural or objects. In our case we will use the MySQLi method,
as more consistent with what we have seen. We continue our written mini-application
in PHP. I advise you to recover the code easily
to proceed as follows: go to the Hacklog2 github (find the address
here above) and download the code in format raw in your account’s downloads folder.
Open a folder, then from File ->Connect to Servers connected in FTP to the server 20.0.0.3
with the msfadmin account. With the folder next to it Downloads, upload the downloaded file (11.html)
inside the path / home / msfadmin. Come back now on the metasploitable terminal. With the command
cd located where the 11.html file is located, or in home / msfadmin, then with the command
mv move it to the web server directory. If you have problems with permits, high
to root with the command sudo -s. At this point, with the mv command, rename
the old login.php in _login.php and the new one 11.html in login.php. It is important that you change the values ​​of
login username and password, otherwise you will not be able to connect to the database.
Entering a correct password the username will be saved within a session
and this value will not change, even by entering a new password.
Now let’s explain the code First start the session, then check
if the password is in POST I connect to the forum database
If the connection was not successful, stop code
I now create the query and save it in the variable $ sql
I execute the SQL query and get the result from the database, then save all values
inside $ row (a kind of variable that contains many values, called in PHP array)
I create the $ username variable I create the session with the username
Finally I close the session At this point I decide to print the name
user SE exists otherwise I will say that it does not exist

2 thoughts on “HACKLOG 2×07 – Fondamentali sul Linguaggio SQL

Leave a Reply

Your email address will not be published. Required fields are marked *