Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability

Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability

So far i have provided few Web Application Pen Testing tutorials .  Now it is time to for practicing your hacking / pentesting skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA).

Now, i've come with different web application that will help you to improve your knowledge in web app pentesting.

The BodgeIt Store

Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.

With this Vulnerable Application , you can practice the Following attacks:

• Cross Site Scripting (XSS)
• SQL injection (SQLi)
• Hidden (but unprotected) content
• Cross Site Request Forgery
• Debug code
• Insecure Object References
• Application logic vulnerabilities

There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.

How to setup the Pen Testing Lab?


Requirements:

• BodgeIt app(download)
• Tomcat server

Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).

step 1:Install the Tomcat
Install the Tomcat in your system.  If you don't know how to do install the tomcat , do google search.

Step 2: Start the server
Start the tomcat server.

In Ubuntu, type the following command in Terminal:

 sudo /etc/init.d/tomcat6 start

For windows users, just click the tomcat server in all programs.

Step 3:
Open the browser and type "localhost:8080". It will show a page "It works !".   There you can access the manager webapp(http://localhost:8080/manager/html) page.  Clicking the link will ask to enter the username and password.  enter your computer username and password.

Step 4:
Now you are in "Tomcat Web Application Manager" page.  Scroll down and there you can see the WAR file to deploy form.

Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file .  Now click the Deploy button.

Yes,  Now the Application successfully installed..

Access the BodgeIt in this location: http://localhost:8080/bodgeit/

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking

I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:
http://www.dvwa.co.uk/

For Installing the this application, you will need XAMPP server.

The installation procedure :


Using this application , you can also practice:

• LFI /RFI (File Inclusion methods)
• Command Execution
• Upload Script
• Login Brute Force

if you have any doubts, check their wiki page or comment here.

What is Blind Sql Injection ? Web Application Vulnerability Tutorial

Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.

Blind SQL injection can be done by querying the database with sequence of true/false questions.

How to detect the Blind SQL Injection Vulnerability?

Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows

Statement=”select * from userinfo where id=` “+id+” ` “;

Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as
1 AND 1=1
The above query will become

Select * from userinfo WHERE id=1 AND 1=1

If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message.

Some Functions to be known
The following function will be useful for Blind SQL Injection.
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.

For instance substring(“hello”,2,1) will returns ‘e’. 
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.

• lower(str) is the function that converts the character to lower case
• ascii(c) is the function that converts the character to ASCII value.
• length(str) returns the length of the string .
• user() returns the current user(admin)
• database() returns the database name.
• version() retruns the version of database

Blind Sql Injection Tools:
When come to Blind Sql Injection vulnerability, it will time consuming process. So Automated tools are better than manual process. Here are list of Automated Tools

• Sql InjectMe
• Blind Sql Injection Brute Forcer
• Havij 
• Sqlsus

Meet you at our Next Article with more details about the Blind Sql Injection Attack.

We are providing this information as a part of our Ethical Hacking Tutorial. This article is created for understanding the Web application Vulnerability. We are not responsible for you illegal activity.

Stop stealing Our contents . I worked harder to create an article, you simply copying from us?! I asked website owners put our site as source at the end of article. Give respect to our hard work. Otherwise we don't have any other choice than report to Google under DMCA Copyrights.

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer