From the course: Ethical Hacking: SQL Injection
Join today to access over 25,300 courses taught by industry experts.
Injecting Mutillidae
From the course: Ethical Hacking: SQL Injection
Injecting Mutillidae
- [Instructor] Let's take a look at the Metasploitable server. Before we get into SQL, we need to update the database details in Metasploitable. I've logged in and navigated to var/www/mutillidae and will sudo nano config.inc. And I'll go down and change the database name from Metasploit to owasp10, and save that, and we're ready to start. If we run an nmap against port 3306 on Metasploitable, nmap -PS -A 10.0.2.8 -p3306, we find it's open and running MySQL 5.0.51a. The first thing we'll try to do now is access to the SQL server remotely with the default root account. MySQL -h 10.0.2.8 -u root, and we get in. We can now check the databases. Show databases. And let's use MySQL. And look at its tables, show tables. And we'll select user, password from the user table. And we see that we have three users with no password set. Let's connect to Metasploitable and select Mutilidae. And we can look at the OWASP top…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.