Simulated Penetration Test
255
Figure 17-3: Error message: SQL injection is present.
Exploitation
When we looked for vulnerabilities in the web application, we found a viable
attack vector via SQL injection. In this instance, Fast-Track is our best option
for compromising the MS SQL server and gaining access to our target through
Meterpreter, because, as you’ll recall from Chapter 11, it attacks Microsoft
SQL–based injection vulnerabilities with ease.
After we have a Meterpreter console, we’ll look at how to gain access to
the Metasploitable system on the internal network.
Customizing MSFconsole
We’ll use SQLPwnage to deploy the Meterpreter console via SQL injection
on the target to gain administrative access to its backend database. Recall
from Chapter 11 that SQLPwnage is an automated way of attacking MS SQL–
based injection flaws, and it uses multiple methods of attack in an attempt to
fully compromise the SQL server via the
xp_cmdshell
stored procedure.