Download the Microsoft JDBC Driver 6.0 for SQL Server. Linux, Unix, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2. In a later post I will explain exactly how a SQL injection attack works, but explaining that process first requires setting up the software stack that is vulnerable to such an attack. That stack is typically server-side java code that interfaces with a back-end database like MySQL. So this post will explain how to install and configure the MySQL database under Ubuntu Linux 14.04 and also install the Java Database Connector (JDBC) library that is required for Java to interface with MySQL. Finally, I will create and load a small, sample database into MySQL so we have something to exploit when we get to the SQL injection attack. Prerequisites Before installing MySQL, make sure you have a system capable of support it. Any fairly modern server will do, but here’s the breakdown of my system Server • Intel i5-2400 CPU running at 3.1 GHz. ![]() Four cores per socket. • 16 GB of DDR3 RAM • OS: Ubuntu 14.04 (Trusty Tahir) with kernel version 3.19.0-84 Before you begin, make sure you: • You have root admin privilege (either su root or you can sudo) • Have adequate disk space • You Ubuntu install is updated • Have Internet access Step 1: Connect to the host server Open an xterm directly on your host machine, or you can do what I did – ssh into the host from a secondary machine that is running Ubuntu in a VM (Virtualbox) Below, I have connected to the host machine (hostname: ubu) as root. I issue a couple commands to show you I am root, what the OS is of the machine and how much disk space is available. # whoami root root@ubu:~# uname -a Linux ubu 3.19.0-84-generic #92-Ubuntu SMP Fri Mar 24 15:46:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux root@ubu:~# df. -h Filesystem Size Used Avail Use% Mounted on /dev/disk/by-uuid/bae050d2-01e7-4404-bcc3-b812eb03abc7 450G 2.3G 425G 1% / Step 2: Check for available mysql-server versions I am going to use Ubuntu’s Advance Package Tool (apt) to search for and install mysql server. You could also go to Oracle’s website and download the latest mysql server tarball and install it. Below, I use apt-cache search command to search the available debian repositories for mysql-server application available to me.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2018
Categories |