2019-06-13 07:24:58 +02:00
|
|
|
For this tutorial you will need the following tools<b/>
|
2019-06-13 07:23:43 +02:00
|
|
|
|
2019-06-13 07:15:28 +02:00
|
|
|
* Browser (Prefarably Mozilla)
|
|
|
|
* Burpsuite
|
|
|
|
* SQLMap
|
2019-06-13 07:05:40 +02:00
|
|
|
|
2019-06-13 07:24:58 +02:00
|
|
|
1. Try and login using the following credentials:<b/>
|
2019-06-13 07:21:17 +02:00
|
|
|
|
2019-06-13 07:22:20 +02:00
|
|
|
| Field | Value |
|
|
|
|
| --------- |:--------:|
|
|
|
|
| USERNAME | admin |
|
|
|
|
| PASSWORD | admin |
|
2019-06-13 07:20:05 +02:00
|
|
|
|
2019-06-13 07:23:43 +02:00
|
|
|
RESULTS: The webpage will display your username and no content
|
2019-06-13 07:24:58 +02:00
|
|
|
|
2019-06-13 07:15:28 +02:00
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-1.png "STEP 1")
|
2019-06-13 07:23:43 +02:00
|
|
|
|
2019-06-13 07:20:05 +02:00
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-1.png "Result 1")
|
2019-06-13 07:28:04 +02:00
|
|
|
2. <b>Try and login using the following credentials:</b>
|
2019-06-13 07:23:43 +02:00
|
|
|
|
2019-06-13 07:22:20 +02:00
|
|
|
| Field | Value |
|
|
|
|
| --------- |:--------:|
|
|
|
|
| USERNAME | ' |
|
|
|
|
| PASSWORD | admin |
|
2019-06-13 07:20:05 +02:00
|
|
|
|
2019-06-13 07:23:43 +02:00
|
|
|
RESULTS: The webpage will be blank
|
2019-06-13 07:20:05 +02:00
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-2.png "STEP 2")
|
2019-06-13 07:25:50 +02:00
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-2.png "RESULT 2")
|
2019-06-13 07:28:04 +02:00
|
|
|
|
|
|
|
2. <b>Try and login using the following credentials:</b>
|
|
|
|
|
|
|
|
| Field | Value |
|
|
|
|
| --------- |:--------:|
|
|
|
|
| USERNAME | ' |
|
|
|
|
| PASSWORD | admin |
|
|
|
|
|
|
|
|
RESULTS: The web page will return all the user content
|
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-3.png "STEP 2")
|
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-3.png "RESULT 2")
|
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/step-4-sqlmap.png "STEP 2")
|
|
|
|
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/payroll_app/result-4-1.png "RESULT 2")
|