As penetration testers, the tools, information, and knowledge we have available to us directly correlates to the amount of entry points we can identify and exploit in any environment. The longer we spend researching and developing individual escalation paths reduces the amount of time for digging into other parts of the network or application. Below we discuss some of the problems we’ve had with SQL injection and its related online resources and introduce our solution to fix them.
Another SQL Injection Wiki?
SQL injections are one of those vulnerabilities that, without a proper knowledge base, can take a surprising amount of time to exploit and still get meaningful results. When you have to exploit them in multiple Database Management Systems (DBMSs) every week it becomes annoying looking up all the queries and table names repeatedly. There are many resources on the internet for various injection types and DBMSs, but they only seem to give a cursory glance of the injections and lack in describing what to do after you successfully exploit one.
One of our Senior Consultants, Alexander Leary, brought up this issue and proposed an idea to Ben Tindell and I earlier this year. Ben, who loves a good wiki, and I, who was terrible at advanced SQL injection, really enjoyed the idea of a comprehensive centralized knowledge base for SQL injection. Through that exchange the NetSPI SQL Injection Wiki was born. Like other sites, aggregating the basics of injections was important. But we also wanted to aggregate what data was most valuable and where it resided within the various DBMSs, while adding injection techniques to extract that data, obfuscate queries, pivot further into the internal network, and more. Most importantly we wanted it all in one, easy to understand, place.
Today we are open-sourcing our wiki to address the problems listed above. You can view the wiki at https://sqlwiki.netspi.com and you can help contribute to its development on Github. We are striving to make this a teaching tool as much as it is a lookup tool. Beginners will benefit from starting at Step 1: Injection Detection, while experienced testers may want to skip straight to the thick of it at Step 5: Attack Queries. If you think any information is inaccurate, or think there is more information we should add, please feel free to create an issue or submit a pull request.
A huge thanks to all those who have already contributed!
We’re excited to be releasing this and we will continue to work on making it as informative and intuitive as possible. For the time being, what other vulnerabilities do you waste the most time on Googling for exploits? Let us know on Twitter @NetSPI, or by leaving a comment below!