How to Use Sqlninja in Kali Linux?
In this section, we will see the practical usage of Sqlninja in Kali Linux. Below are some of the examples demonstrating the usage of Sqlninja tool.
Firstly, we need to have the sqlninja.conf file in which the target domain is been specified. So below we have a sample conf file in which we have given the target as “http://testphp.vulnweb.com/listproducts.php?cat=1“.
Specifying Target Domain
Example 1: Using Test Module
sqlninja -mt -f sqlninja.conf
In Example 1, the “Test” module (-mt) is employed in SQLNinja to assess the security of a target application specified in the sqlninja.conf configuration file. We can see that the application is not vulnerable for SQL Injection.
Using Test Module
Example 2: Using FingerPrint Module
sqlninja -m fingerprint -f sqlninja.conf
In this Example 2, we have run the “Fingerprint” module (-m fingerprint) by loading the configuration from the sqlninja.conf file (-f sqlninja.conf). This module is used to gather information about the underlying database management system (DBMS) and its version by sending various SQL queries. It helps in identifying the specific DBMS in use, which can be useful for planning further attacks or understanding the target system’s architecture.
Using Fingerprint Module
Example 3: Using Upload Module
sqlninja -m upload -f sqlninja.conf
In this example, the SQLNinja tool is being used with the “Upload” module to attempt the upload of a debug script named “nc.scr” from the local “/tmp” directory to a target system, as defined in the sqlninja.conf configuration. This action helps assess the security of the target system and its vulnerability to file uploads.
Using Upload Module
How to Install Sqlninja in Kali Linux
SQL Injection is one of the most severe attacks on web applications that exploit the SQL Database and provide unauthorized access to the Database. This attack can be done through different techniques like Manual and Automated. The manual approach requires more effort as all the steps are to be carried out from scratch. The automated approach consists of various automation tools that can be used to gain access to the Database. This automation process can be done using the tool named Sqlninja. We can install this tool on Kali Linux OS and perform various attacks on the target web application. In this article, we will see the information about the Sqlninja tool, its features, Installation steps, and the uninstallation process.