background image

Simulated Penetration Test

255

Figure 17-3: Error message: SQL injection is present.

Exploitation

When we looked for vulnerabilities in the web application, we found a viable 
attack vector via SQL injection. In this instance, Fast-Track is our best option 
for compromising the MS SQL server and gaining access to our target through 
Meterpreter, because, as you’ll recall from Chapter 11, it attacks Microsoft 
SQL–based injection vulnerabilities with ease.

After we have a Meterpreter console, we’ll look at how to gain access to 

the Metasploitable system on the internal network.

Customizing MSFconsole

We’ll use SQLPwnage to deploy the Meterpreter console via SQL injection 
on the target to gain administrative access to its backend database. Recall 
from Chapter 11 that SQLPwnage is an automated way of attacking MS SQL–
based injection flaws, and it uses multiple methods of attack in an attempt to 
fully compromise the SQL server via the 

xp_cmdshell

 stored procedure.