Between work, the holiday and other demands on my time (I’ve got another cert test coming up this week) I haven’t had a ton of time to play around in the attack-secure student labs but I wanted to give a quick update.
Video seven (there are eight total) is a five hour monster which I’m about two hours into so I’m getting close to the end of the videos.
My wife had to work on a late night project Thanksgiving evening so I had a few ‘free’ hours which I spent playing around in the lab. I decided to go SQL injection hunting and ended up finding a box which looked promising. I fired up the command line tool ‘sqlmap’ and fed it a tasty looking URL. Within a minute sqlmap came back and confirmed that the web app was indeed vulnerable to a SQL injection attack.
I was able to use sqlmap to enumerate the databases, to dump the content and even crack a password hash found in one of the databases.
NOTE: The initial password cracking attempt of sqlmap only takes a minute or so but when sqlmap asks you if you want to try common suffixes for the passwords and warns you that it will be slow, it means S L O W. I sat there for an hour wishing I had not pressed yes but not wanting to cancel the process.
I took the file grabbing options of sqlmap for a test drive and downloaded the /etc/passwd and /etc/hosts files. I tried to grab the /etc/shadow file but didn’t have rights to the file.
I ran into a hiccup trying to obtain shell using sqlmap and haven’t had a chance to go play on the box more but hopefully I can parlay progress on that box into shell and root.
As usual, the videos were quite helpful on this one. The penetration testing field requires a ton of Google searching and there are a lot of free video resources on sites like security tube but it’s still nice to have a course like this which is laid out in logical manor and lets you watch the tool being used while you listen to the author explain what’s happening.
I’ve learned a ton from the videos (with a ton more to learn) but the labs have remained the big draw for me. Having a student network to play in and work on my skills has been awesome.
There is a huge difference in knowing what an attack or a process is and actually trying to get it to work on a box. I’m not where I want to be yet but I’m very happy with the progress I’m making.