One of the main goals of almost any hacking is to get a shell (access to the command line) to execute system commands and eventually master the target computer or network. SQL injections are usually associated only with databases and the data that they contain, but in fact they can be used including to get the shell. In this tutorial, we will use SQL injection to exploit a simple vulnerability to get the ability to execute commands, resulting in a reverse shell on the server.

To perform the attack, we will use Kali Linux and a specially created virtual machine with vulnerabilities – DVWA http://www.dvwa.co.uk/. If you are new to Kali, then we recommend that you work through our Kali configuration and security guidelines to ensure that your system is ready for the tasks in this article.