[Python-Tools] Blind SQL Injection Tool - 1 (서버구축)

▣ Configuration(환경구축)

  - 개발환경 : Kali-Linux 1.0 (오라클서버는 별도 구현)

    1) Server(APM Setup)

// 1. Check Verison (Debian) # ls -al /etc/*-release -rw-r--r-- 1 root root 236  7월 22 00:27 /etc/os-release   # cat /etc/os-release PRETTY_NAME="Kali GNU/Linux 1.0" ...   // 2. APM(Apach + PHP + MySQL) Setup # sudo apt-get install apache2 # sudo apt-get install php5 php5-common # sudo apt-get install mysql-server mysql-client # sudo apt-get install libapache2-mod-php5 # sudo apt-get install php5-mysql   // 3. Excute Apache + MySQL # service apache2 start (or restart) # service mysql start (or restart)   // 4. Check Apache + MySQL # service apache2 status # service mysql status   // 5. Check PHP-Apache linkage # vi /var/www/phpinfo.php <? phpinfo(); ?>   // 6. Input Browser Address >> localhost/phpinfo.php

    2) Database Setting & Make PHP Page

// 1. MySQL Account Setting # mysql mysql > use mysql; Database changed   mysql > update user set password=password('root') where user = 'root'; Query OK, X rows affected (0.00 sec)   // 2. Making login.PHP # vi /var/www/login.php

    3) Login.php Code

<?php $username = 'root'; $password = 'root'; $link = mysql_connect('localhost',$username, $password); if(!$link) { die(mysql_error()); } else { echo "1) DB Connect Success!!<br />"; } if(!mysql_select_db('mysql', $link)) { die(mysql_error()); } else { echo "2) Use DB Success!!<br />"; } $result = mysql_query("select user, host from user where user = '" . $_GET['name'] . "'", $link); echo ""; if(mysql_num_rows($result) > 0) { echo "User exists<br />"; } else { echo "User dosen't exist<br />"; } if($_GET['debug'] === "1") { while($row = mysql_fetch_assoc($result)) { echo $row['user'] . ":" . $row['host'] . "<br/>"; } } echo ""; mysql_free_result($result); mysql_close($link); ?>