SQL Map

Do not use the following instructions to exploit others websites / services , Usage of SQL Map for attacking targets without prior mutual consent is illegal.

According to the Open Web Application Security Project (OWASP), injection attacks are first on the list of the top 10 web vulnerabilities. Diving into these, SQL injections are responsible for a big chunk of this. Exploitation of SQL injections is trivial.

SQL Map is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

We’re going to use SQL Map in 2 examples one for testing a  Get request and the other for testing a POST request also listing some extra commands that will be useful in further steps.

1) Installation

  1. Download & install python if you don’t have it from the following link https://www.python.org/downloads/
  2. Download SQL Map from the following link
    http://sqlmap.org/
  3. Extract the Zip folder then we’re ready to start

2) Exploit Get Request

  1. Open command prompt in Windows as administrator
  2. Go to the extracted SQL Map folder
  3. Type the following command
    sqlmap.py -u “Target URL”
    as the following picture
    Inkedsqlmap_1_LI
  4. If the database engine is identified you have the choice to use the specific payloads for the identified db or use all the available payloads
    sqlmap_2
    sqlmap_3
  5. According to previous screen shots , SQL map identified the parameter “id” as a vulnerable parameter and also listed the used patterns and their types.

3) Exploit POST Request

In this case we need to capture / intercept the post request and save it to text file then use SQL Map to exploit it , you can use any HTTP interceptor like “Fiddler” or “BurpSuite” or use the developer tool of your browser as the following examples.

Fiddler

sqlmap_Fiddler

Chrome Dev Tools 

ChromeDevTools

Lets start.

  1. Go to “http://demo.testfire.net/default.aspx”
  2. Click “Sign in” link in the top right
  3. Use the following credentials to login
    User Name : admin , Password : admin
    before you sign in make sure you’re going to intercept the login request as the above examples
  4. Save the raw post request in .txt file and move it to SQL map folder root
  5. Type the following command to start the exploit
    sqlmap.py -r filename.txt
    Inkedsqlmap_post1_LI
    sqlmap_post2
     In this case we have 2 vulnerable parameters , you have to choose which parameter you want to continue testing with as the above screen shot.

4) Useful Commands

sqlmap.py -r filename.txt –dbs
When the session user has read access to the system table containing information about available databases, it is possible to enumerate the list of databases.

sqlmap.py -r filename.txt –dump-all
It is possible to dump all databases tables entries at once that the session user has read access on.

SQL Map usage Wiki
https://github.com/sqlmapproject/sqlmap/wiki/Usage

Get Max Number of User Concurrency in JMeter

In JMeter default lisnters some values are not provided by default and one of the examples is the max number of user concurrency which sometimes important if you’re executing a test which is not duration based.

In this article we’re going to execute a test with 200 users ramping 1 user each 2 sec and let’s see what is the max user concurrency we can get.

But first we need to install a plugin and add a listner as the following :

  1. install jmeter plugin manager from the link below
    https://jmeter-plugins.org/wiki/PluginsManager/
  2. After installation , open the plugin manager from jmeter and select the following plugin “3 Basic Graphs” from “Available Plugins” section
    Screen Shot 2018-07-14 at 11.52.10 AM
  3.  Make sure that you have a new listner under called “Active Threads Over Time” as the following picture
    Screen Shot 2018-07-14 at 12.02.43 PM

Now everything is in place lets make a quick run.

we’re going to use this fake API website “http://jsonplaceholder.typicode.com/” in our test

Screen Shot 2018-07-14 at 12.10.07 PM

Screen Shot 2018-07-14 at 12.10.34 PM

Screen Shot 2018-07-14 at 12.12.04 PM

Let’s execute and see the graph results 😉

Screen Shot 2018-07-14 at 12.19.43 PM

If we look at the graph above , we got a max of 1 concurrent user during the test run , so lets change the ramping up values and see the changes.

we will modify the thread group to be 200 threads / ramp-up Period : 50 as the following and execute again.

Screen Shot 2018-07-14 at 12.25.50 PM

Screen Shot 2018-07-14 at 12.27.09 PM

If we look at the graph above , in 2 times during the test we had more than 1 concurrent users. Because this is a simple http call with no business behind we got a smooth run and nearly constant results but in more real life test this graph will help you know the max number of concurrent users during your test.

 

 

Generate GUID in Apache JMeter

Although there is no dedicated sampler in JMeter to generate GUIDs but you can use the built-in functions to generate them.

In this article i will share with you how to generate GUID that is unique by user and iteration and use it through your JMeter thread group or test plan.

Steps:

  1. Open JMeter and add “Bean Shell Sampler”under your Thread Group

Screen Shot 2018-07-13 at 10.49.31 AM

2. Add a user defined variable that will hold the GUID value , set the varible name and leve the value empty

Screen Shot 2018-07-13 at 10.53.15 AM

3. Enter the following command in beanshell sampler
“vars.put(“VariableName”, “${__UUID}”);” where variable name is the name of variable created in the previous step.

Screen Shot 2018-07-13 at 11.01.10 AM

4. Now we need to verify that it is working so , we will add “Debug Samper” & “View Results Tree”

Screen Shot 2018-07-13 at 11.03.50 AM.png

Screen Shot 2018-07-13 at 11.05.45 AM

5. Save , Run and check the debug sampler values in the results tree

Screen Shot 2018-07-13 at 11.08.50 AM

6. now you can place the ${GUID} variable wherever you want in the thread group and it will generate a unique value for each user and each iteration (whenever the beanshell sampler executed).

*you can genrate more than one GUID everytime by pasting the line more than on time in the beanshell sampler and also add more variables in the user defined variables to hold the values.