Advanced SQL Injection In Easy Steps

Custom Tools For Kali Linux

Advanced SQL Injection In Easy Steps

SQL Injection is a very familiar for every penetration testers.

SQL Injection or SQLi is a  type of an injection attack which makes possible to execute malicious SQL codes. Those codes can control a database server. Attacker can use SQL vulnerabilities to bypass the security of a web application, and they can access the database of web server. This attacks comes in public in the year 1998 in a article in “Phrack” magazine. So we can call it very old vulnerability. New web applications are almost free from SQLi vulnerabilities.

But their are billions of old websites are still have the fault in SQL. Anyone can easily find those websites using “Google dorks”.
SQL injection is a very easy attack, even a 4 year old can perfrom this with the help of some automated tool like haviz, but advanced SQL injection is not so easy but here we have a tool that make easy normal and advanced SQL injection quite easy. The name of the tool is LazySQLi.

lazysqli by cipherhexx

This is written in bash and it is very user friendly and easy to use. At first we need to clone this tool from github to do that we open our terminal window and type following command :

git clone https://github.com/cipherhexx/lazySQLi

The following screenshot is the output of preceding command:

cipherhexx github

Now we need to go to the directory by using cd command, and then ls command to see the files in the directory,as following:

cd LazySQLi

The screenshot is following:

lazysqli

Now, we need to give executable permission to the file by using following command:

chmod +x LazySqli

This tool is specially made for Termux environment but we gonna use it in Our Kali Linux system, so we need a little bit configuration. We open the bash script with leafpad by using following command :

leafpad lazySqli

Then we change the first line to #!/bin/bash whatever it is. Check the following screenshot:

lazysqli for linux

Then save the script and close leafpad.

Now run the bash script by using following command:

./lazSQLi

Output of the preceding command is following:

Lazysqli

Now we are going to install the requirements by pressing 1, this is for first run only. This may take some time depending on internet speed.

The screenshot is following:

After successfully installed we need to run again this tool by using ./lazySQLi and select option 2 :

./lazySQLi

The screenshot is following:

lazysqli an advanced sqli tool codded by cipherhexx

Here we can see lots of types are SQL injections are available, normal injection and advanced injection are supported.

Enter our choice (type of injection) and enter vulnerable website and then the automated script will RUN.
KP

KP AKA Koushik Pal is a Security researcher and specialist focused on educating about Linux for cybersecurity and URL‑masking vulnerabilities. Creator of MaskPhish, a well‑known open‑source bash-based URL‑masking tool. Linux enthusiasts Active speaker, trainer, and advocate for secure web practices.

view all posts

Related Posts

10 comments

comments user
smiler kai

Does it still work? , I would like to ask now to know if I should install it,thank for seeing

Reply
comments user
Kali Linux

Yah its Working kai
Reply
comments user
smiler kai

oh sir, i will can…
Reply
comments user
smiler kai

and Does it work better than sqlmap?

Reply
comments user
smiler kai

./LazySqli: line 68: cd: sqlmap: No such file or directory
python2: can't open file 'sqlmap.py': [Errno 2] No such file or directory
Enter the name of the database you got from sqlmap
is it now admin, and so it is not scanable or i am missing some steps @@
Reply
comments user
Kali Linux

This uses SQLMap to scan .. just you no need to remember the long commands of SQLMap…
Reply
comments user
Kali Linux

did you installed requirements ?? Real the tutorial carefully..
Reply
comments user
smiler kai

yes, I followed the same steps even though I used sqlmap but your cd didn't … still show the above lines …
Reply
comments user
Kali Linux

Sorry for the problem Smiler Kali…I don't know you should start an issue in the github page of this tool
https://github.com/cipherhexx/LazySQLi
May the developer fix your issue.
Reply
comments user
Azlan

Direct Fuel-Injection goes above and beyond by putting the injector legitimately in the burning chamber, much the same as a flash fitting.injector cleaner
Reply

Post Comment

You May Have Missed