Penetration Testing for Blind SQL Injection using BBQSQL
SQL (Structured Query Language) is a language for interaction with the database . SQL injection is a web application attack to inject malicious syntax in SQL Queries .
BLIND SQL INJECTION
Blind SQL Injection consists of techniques for exploiting the SQL injection vulnerabilities by performing a Binary search by putting one character at a time. Well this is very time consuming .
An Example of Blind SQL injection is :
Blind SQL Injection Case:
UNAME = "' or (ASCII(SUBSTR(SELECT user(),1,1))>63) --";
PASS = "";
QUERY = "select * from users where pass=md5('"+PASS+"') and uname='"+UNAME+"'";
QUERY evaluates to:
select *
from users where pass=md5('')and uname='' or (ASCII(SUBSTR(SELECT user(),1,1))>63) --'
select *
from users where pass=md5('') anduname=''
or (
ASCII( << char -> int
SUBSTR( << slice string
SELECT user() << current user
,1,1) << first char
)>63 << 63 = '?'
) --' << comment
Well we have a lot of tools that can be used for penetration testing for Blind SQL injection :
- SQLMAP
- SQLNINJA
- BSQL Hacker
- Mole
- Havij …… etc …..
Though during penetration testing , if these tools dont work , mostly we end up writing a custom script . So here is a treat !! BBSQL can simplify tricky blind SQL injection attack .
Blind SQL Injection with BBQSQL
BBSQL can be used to exploit the Blind SQL injection and can help to reach for hidden vulnerabilities .
BBSQL is fast , simple , versatile and extensible .
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings.
The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
Similar to other SQL injection tools you provide certain request information.
Must provide the usual information:
- URL
- HTTP Method
- Headers
- Cookies
- Encoding methods
- Redirect behavior
- Files
- HTTP Auth
- Proxies
Here is a Usage guide for the Tool :
root@kali:~# bbqsql
_______ _______ ______ ______ ______ __
| \ | \ / \ / \ / \ | \
| $$$$$$$\| $$$$$$$\| $$$$$$\| $$$$$$\| $$$$$$\| $$
| $$__/ $$| $$__/ $$| $$ | $$| $$___\$$| $$ | $$| $$
| $$ $$| $$ $$| $$ | $$ \$$ \ | $$ | $$| $$
| $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$
| $$__/ $$| $$__/ $$| $$/ \ $$| \__| $$| $$/ \ $$| $$_____
| $$ $$| $$ $$ \$$ $$ $$ \$$ $$ \$$ $$ $$| $$ \
\$$$$$$$ \$$$$$$$ \$$$$$$\ \$$$$$$ \$$$$$$\ \$$$$$$$$
\$$$ \$$$
_.(-)._
.' '.
/ 'or '1'='1 \
|'-...___...-'|
\ '=' /
`'._____.'`
/ | \
/.--'|'--.\
[]/'-.__|__.-'\[]
|
[]
BBQSQL injection toolkit (bbqsql)
Lead Development: Ben Toews(mastahyeti)
Development: Scott Behrens(arbit)
Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)
SET is located at: http://www.secmaniac.com(SET)
Version: 1.0
The 5 S's of BBQ:
Sauce, Spice, Smoke, Sizzle, and SQLi
Select from the menu:
1) Setup HTTP Parameters
2) Setup BBQSQL Options
3) Export Config
4) Import Config
5) Run Exploit
6) Help, Credits, and About
99) Exit the bbqsql injection toolkit
bbqsql>
Happy hunting !!! Blind SQL is now simple and Fast .
# This tools is really Fast . Try it !! comes built in Kali Linux !!
#For educational purpose only , Penetration testing without permission is legal offence . The Author holds no responsibility if you misuse this tutorial .