SQL Injection to Meterpreter

Goal: By exploiting SQL Injection vulnerability fully compromise the victim server and get reverse shell (Meterpreter) using SQLMap.

Victim System: Damn Vulnerable Web App (DVWA) is installed in Windows XP for creating such virtual lab. IP:

Attacker System: Kali Linux 2.0 [Python 2.7, SQLMap and Metasploit installed by default]. IP:


SQLMap: sqlmap is a python based open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. For any quires: http://sqlmap.org/

Meterpreter: Meterpreter is a payload (shell) of Metasploit. After successful exploitation Meterpreter shell will give you command line access to victims system. Using Meterpreter you can do whatever you want to do. For any quires: https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/



FIG 1: Login to DVWA for SQLi [admin:password]


FIG 2: Set Security Update as “Low”


FIG 3: Setting Burp Proxy to analyze the response


FIG 4: Random check by using value “1”


FIG 5: Putting a Single Quote in GET parameter “ID” causing an DB error


FIG 6: Analyze the response and find the session cookie


FIG 7: SQLMap command to exploit SQLi and get the DB


FIG 8: Got the DBs | SQLi Proved


FIG 9: SQLMap Command to gain system level access


FIG 10: Some options that we have to choose


FIG 11: Successfully injecting payload to victim’s server


FIG 12: Bingoooo!!!! We pwned the system with Meterpreter

Leave a Reply

Your email address will not be published. Required fields are marked *

Secured By miniOrange