/PenTestSQL

SQL Injection Penetration Testing

Primary LanguageC#

Welcome to this PenTest SQL injection sample using .NET Core!

This Repo was created to provide a ASP.NET core website that is vulnerable to different kinds of SQL injection.

Disclaimer

The hacking tools used in this training program are meant for Research and Educational Purposes only. The primary intent of these tools is to provide the user with hard to find content or Research or Self education relevant to network security and various protection methods and their intrinsic flaws by demonstrating exploit methods and techniques used to circumvent them. We hope that you are better you are about the danger that lurk out in society today and learn how to protect yourself with the knowledge you are about learn. In continuing you must accept that you are going to use this information only for Educational and Research purposes only. Any un-ethical use of skills gained in this training may lead to fines or a prison sentence.

SQL Injection demonstrated

  • Standard SQL injection

    Error Based

  • Blind Injection

Boolean & Timed

  • OData SQL Injection

Next steps

If you haven't already done so, install Git (as well as Git Credential Manager for Linux or Mac OS) Choose and install one of these supported IDEs:

Install Dotnet Core

Install MySQL server and MySQL Workbench:

Then clone this repo to your local machine to get started with your own project.

Your now ready to start the Demo

Ensure that you set MySQL to allow case sensitive table names.

Ensure your connection to mysql has a configuration file set.

This should usually point to the mysql install directory's my.ini file.

From Workbensh choose Server -> Options File. Then set lower_case_table_names = 2 under the general tab.

Restart your mysql instance.

Run the two sql files to create the sample databases.

Ensure the table names are Cased properly.

To run the code:

  • Navigate to the PenTestSQL\PenTestSQL folder.
  • Run:
    • dotnet restore
    • dotnet build
    • dotnet run --server.urls http://0.0.0.0:5000 --environment="Development"

Happy coding!

Create a pull request to contribute your changes back into master

Pull requests are the way to move changes from a topic branch back into the master branch. Click on the Pull Requests page in the CODE hub, then click "New Pull Request" to create a new pull request from your topic branch to the master branch. When you are done adding details, click "Create Pull request". Once a pull request is sent, reviewers can see your changes, recommend modifications, or even push follow-up commits. First time creating a pull request? Learn more