search

richnadeau / Capstone

0 stars 0 forks source link

(SPR4) SQL Injection Box #26

Open richnadeau opened 2 years ago

richnadeau commented 2 years ago

Need to research and create and SQL injection box for Devin. This cannot be on Ubuntu, needs to be different distro.

richnadeau commented 2 years ago

Did some research today on what instance SQLi vulnerability I will be setting up next, I am planning to try and install this MySQL Squid Access vulnerability on a CentOS box soon. Sent this link to Devin as well to make sure this is a good exploit to look into for what he is looking for.

richnadeau commented 2 years ago

Tried to get MySQL Squid Access vulnerability installed and configured today. Could not get it working unfortunately and will need to pivot to another SQL injection.

richnadeau commented 2 years ago

Tried to install a couple more SQL injections today with no luck on the Installation process. YouPHPtube 7.2 and Jobberbase 2.0 amongst a few of the apps I got stumped on tonight. Shot Devin a message to see if he could point me in the right direction for an SQL injection.

richnadeau commented 2 years ago

Got good progress done on TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit) exploit that Devin sent me today. Am now running into an issue during installation (screenshot below) where it says Warning: mysqli::mysqli(): Headers and client library minor version mismatch. Headers:50564 Library:50651 in /var/www/html/teemip/web/core/cmdbsource.class.inc.php on line 86. Tried looking into this for the past few hours with no luck so far. Next time, I am going to try and maybe install on CentOS8 box instead of CentOS7 to see if its a version issue with php or mysql-server/mysqld. Will update Devin on progress tomorrow during AM meeting.

image

richnadeau commented 2 years ago

Used Rocky 8.4 and was able to get the vulnerable version of TeemIP installed properly yesterday. Now I am onto figuring out how to exploit the vulnerability.

richnadeau commented 2 years ago

Currently stuck on attempting to exploit the box. I am stuck with this error when trying to run the Metasploit module given on the exploit-db page. Even though my TeemIP version is 2.3.1 (which is the one given by exploit db as well. Going to try a few things this weekend. image

richnadeau commented 2 years ago

Got the exploit working for this box. Now I have to document/make a storyboard/ansibilize this box.

richnadeau commented 2 years ago

Documented Configuration and exploitation of the box. Now need to ansibilize and storyboard this.