Performing SQL Injection to Manipulate Tables in a Database

CEH Exam Domain:
Domain 1: Background
Domain 3: Security
Domain 4: Tools/Systems/Programs

CEH Objective Mapping:
Objective 1.2 Information Security Threats and Attack Vectors
Objective 1.3 Information Security Technologies
Objective 4.3 Information Security Tools

Overview

In this lab, you will be performing SQL (Structured Query Language) injection to manipulate tables in a database. You are using a Kali Attack Machine which is on the external network, or WAN (Wide Area Network), to scan and attack a MySQL database on port 3306. You will use Metasploit’s MySQL login auxiliary module to exploit a database.

outcomes:

In this lab, you will learn to:

Use nmap to scan a network.
Use brute force to crack a user name and password of a MySQL database.
Use the harvested credentials to exploit and breach a database.

Courses

Ethical Hacking and Systems Defense

Key terms and descriptions

nmap

A port scanner which will indicate whether ports are open or closed on a remote system.

Zenmap

A GUI front end for nmap; will allow you to scan for open ports and services.

Kali

A Linux distribution used for penetration testing or for hacking.

Metasploit

A framework that contains exploits for various information systems.

SQL injection

Is a code injection attack, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.