/SQLi-BruteForcer-Test-RustServer

The following example illustrates a potential vulnerability in the use of enumerations and SQL injection in a localhost Rust server.

Primary LanguagePythonMIT LicenseMIT

SQLi and BruteForcer Test in a Rust Server

Description

SQLi-BruteForcer-Test-RustServer is a test application designed to demonstrate potential SQL injection vulnerabilities through enumeration on a local Rust server. This project includes a server that simulates both a vulnerable and a secure application for educational and security testing purposes.

It also includes a Python bruteforcer that exploits vulnerabilities through enumeration.

Features

  • SQL Injection Demonstration: Includes examples of how SQL injection vulnerabilities can be exploited and how to prevent them.
  • Rust Server: Implementation of a server in Rust using Actix-web.
  • Brute Forcer: A python-coded tool for brute-forcing usernames and passwords.

Installation

Prerequisites

  • Rust (for compiling the code if needed)
  • PostgreSQL
  • Python 3 (for the brute forcer)

Compiled Executables

You can use the compiled executables found in the release directory:

  • Safe_sqli: Secure code version.
  • Unsafe_sqli: Vulnerable code version.

Run the appropriate script to start the server:

./sqli_example/release/run_Safe_sqli.sh

or

./sqli_example/release/run_Unsafe_sqli.sh

The server will start at http://127.0.0.1:8080.

Database Setup

  1. Ensure you have a PostgreSQL server running locally with user postgres and password postgres.

  2. Create a database named users_sqli and a table users with username and password columns.

CREATE DATABASE users_sqli;
\c users_sqli
CREATE TABLE users (
    id SERIAL PRIMARY KEY,
    username VARCHAR(255) UNIQUE NOT NULL,
    password VARCHAR(255) NOT NULL
);
-- Insert users 
INSERT INTO users (username, password) VALUES ('protos50', 'protos50') RETURNING id;
INSERT INTO users (username, password) VALUES ('papitas', 'pure') RETURNING id;
INSERT INTO users (username, password) VALUES ('admin', 'admin') RETURNING id;

  1. Access the login page:

    • Open your web browser and navigate to:

      http://localhost:8080/login

    • You can test the SQL injection vulnerability by entering the following in the username or password field:

      ' OR '1'='1

    • It is possible to attempt other SQL injections, such as:

        '; DROP TABLE users;--'

Running or Modifying the Code (Optional)

If you want to execute or modify the code yourself, follow these steps:

  1. Clone the repository:
git clone https://github.com/protos50/SQLi-BruteForcer-Test-RustServer.git
  1. Install Rust dependencies (if you want to compile the code yourself):
cargo build
  1. Run the server:
cargo run

Code Details

The main.rs file contains both the secure and insecure login handling code. The secure code is active by default, while the insecure code is commented out. You can switch between them by commenting/uncommenting the respective sections.

Brute Forcer

This project includes a modified version of the FJZ-Bruteforcer v1.0, originally intended for educational purposes such as Portswigger labs. It has been adapted to test SQL injection vulnerabilities through enumeration on a local Rust server.

Features

  • Multithreaded username validation.
  • Multithreaded brute-force password cracking.
  • Saves discovered credentials to a JSON file.

Understanding the Brute Forcer

The Brute Forcer included in this project is designed to find valid usernames and passwords from pre-supplied files for a given login form vulnerable to SQL injection.

Instructions

  1. Install dependencies

    Ensure you have Python installed. Install necessary Python dependencies:

    pip install requests colorama

  2. Running the Brute Forcer

    Execute the script to begin testing for SQL injection vulnerabilities:

    python main_bf.py

    or

    python main_bf.py

  3. Follow the menu prompts provided by the Brute Forcer:

    1. Press '1' to provide the login URL or change it. If using the default localhost and port, the URL is:

      http://localhost:8080/login

    2. Press '2' to find valid usernames.

    3. Press '3' to perform the brute-force attack.

    4. Press '4' to view the results.

    5. Press '5' to save found credentials to a JSON file.

    6. Press '6' to exit the script.

Disclaimer

Use this tool responsibly and only on targets where you have explicit authorization.

Contributing

Contributions are welcome. If you wish to contribute.

Feedback

Your feedback is highly appreciated! If you found this tool useful or have applied it in your projects, please consider leaving a comment or feedback. Your insights can help improve this tool for everyone.

Feel free to open an issue to report bugs, suggest improvements, or share your experience using the tool.

License

This project is licensed under the MIT License. See the LICENSE file for more details.