BadStore Writeup
Vulnerability SQL Injection
What is Badstore?
Badstore is a virtual machine that used to learn Web Application Security. This Virtual Machine is made by Badstore.net and released 2004.
Tools :
- Virtual Machine (Vbox / Vmware)
- Badstore iso file
- Kali Linux or others for SQL Injection
1. Download Badstore machine on "https://www.vulnhub.com/entry/badstore-123,41/" or click Badstore: 1.2.3 ~ VulnHub
2. Put on your Virtual Machine, then change version to Linux 2.4 and put in your badstore.iso file you downloaded at ISO Image, then click just next ~
3. Change network badstore machine adapter 1 to bridge adapter and enable adapter 2, choose Host-Only Adapter, then running your machine
4. Running your Badstore machine on Vbox, if that machine done for running, Type ifconfig to look your ip address at badstore machine like this
IP : 192.168.1.100
5. Open notepad administrator, then click open to find your file of hosts
6. type your ip address from your badstore machine and domain of badstore, then save it
7. If you take a look on your OS original like windows, you will be seeing that website of badstore if you type www.badstore.net or the ip address
8. But we will use Kali Linux for pentesting, (I'm gonna use parrot btw ;))
Open your Kali Linux pr others, then type ipaddress of Badstore to look up that machine.
9. We will use nmap first for network scanning, open nmap then type: nmap -sV -sC (ipaddr)
you will find interesting things
10. We will take a look up all of path, but we still have no anything if you open that path
11. if you open path of /supplier, you will find sensitive directory of accounts, but still have no credential :/
12. We take a look back scanning of nmap and trying one of result, We will use SQLmap for attacking and identifier the target, and find some critical identifier
13. Next, We will identifier that MySQL with searchsploit tool,
14. We will find database mysql of Badstore and find some interesting things :)
15. We will use the command for finding the database
16. we will use Cracstation web for identifier passwd that available on MySQL
17. we will decrpyt that hash of MD5
Email : ray@supplier.com
18. we try to decrypt another passwd
Admin
Email : mary@spender.com
20. back to Kali linux, open terminal, type: dirb ipaddr to find path on Badstore
21. we will use path cgi-bin/ to look for another credential, if you succesfully for logging Admin, at url change parameter action=login to action=admin, because we know that website have another path, then enter, you will find another secret path
22. there are a few choice of lists, try to click "Show current Users" and click "Do it", you will find the same result of MySQL database of Badstore before
23. We will try delete user and add user at admin url
A. Delete User
B. Add User
24. We will attack use SQL Injection with the script, we will use SQL Injection Auth Bypass Payloads first, Open github then find payloadbox, find "SQL Injection Auth Bypass Payloads"
25. Back to original URL, Click Login/Register, Use one of payload to Injection that Login web, then click Login
26. Try Injection with another payload, We will see Software Error because of that Injection
27. We will Attack with XSS Scripting, Open Github to find Payloadbox of xss payload
And Vulnerable has detected
Thank You :)
No comments:
Post a Comment