Pentester Lab: From SQL injection to Shell


Run an nmap scan to find open ports.

Test the id parameter for SQL databases.

Run SQLMAP – sqlmap -u ‘’ –dump

Found a user and hash password.

Crack the MD5 password with any online decoder tool.

Login to the admin account. Add a web shell via uploading a picture.

File cant except a php file , rename the file with an extension of .php3 instead.

Start a netcat listener.

Access is gained.

List of users found in the machine.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: