Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:01
Hi. Welcome back to the course. And the last module we talked about Web servers and applications.
00:06
So here, March 11 we're gonna take a high level overview of sequel injection.
00:12
So what A sequel? Well, it stands for structured query language, and basically, what it is is a computer language that's used to store, manipulate and retrieve data that's stored in relational databases.
00:22
So sequel using structure data. So basically what that means it has a relationship between the variable. So, for example, will you take my name, my date of birth, my address, maybe my phone number. And so all these were in different tables, right? So I've got my name and write date of birth linked in a table. I've got my name and my phone number and a different table.
00:40
I've got my name and my address in a different table.
00:43
I've got my name and my, you know, so security number in a different table. So all these are related, right? It's related information. It's all about me, right? But they're in different tables. So this relationship between those variables, they're not exactly the same, right? My date of birth of my social that they're not the same thing, but they're related right? It is part of my identifying information,
01:04
so different types of sequel commands, and there's many, many of them out there. I just decided to select these ones here, so we've got the select command delete update and then insert into
01:14
So all these are pretty simple. As the name implies, select A laws is to select from the database and get the information that we need. So in this example, the syntax here were selecting in the with the asterisk were selecting everything and then from and then the table name. So in this case, customer I d. So select.
01:32
And then we're pulling everything from the customer i d table.
01:34
And it's very important that when you do your sequel in statements that you end with the ah semicolon there.
01:42
So you may actually want to kind of memorized that what I just said there because you it's tested in the official EEC counsel material. So more than likely it may show up on the exam and the depends. I don't I can't tell exactly what's on the exam, but it's in the material, the official material. So you definitely want to know it for the exam. So again,
02:00
the sequel statements are gonna end with that Semi colon,
02:07
the delete command. So this is used to delete existing records on the table. So, for example, we can delete from our customers, and we could specify that we just want to do it in this example, John Smith. Or we could delete everything if we wanted to as well.
02:22
So the update command, this is gonna allow us to modify existing records in the table so we could
02:28
we could look and see that John Smith Scott is information in there. We could just update that stuff. We could also just add John Smith into these tables, right? So we can do update customers. And then we can set the name, the contact named John Smith, the city to London and then our wear to the customer. I d. Number one.
02:46
So insert into so it's gonna insert new records into the table.
02:51
So here we've got an example. So insert into and then we do customers, and then we can basically list out an entire amount of stuff here, and then we want to define the values of the information we want to put it So, for example, here insert into customers and that's going to include the fields of customer name, contact, name, address, city
03:09
pulse so cold in the country.
03:12
And then we deliver the values for those particular categories, right? So Cardinal
03:17
Tom be Erickson scag. 21 stab, injure forcers owe six nor a. Obviously Those air made up things there,
03:27
So sequel injection itself. So it's a code injection technique, and basically what it does is it exploits vulnerabilities and application software. So primarily targeting the user input, right? So if I'm type of my, you know, using a password to my bank website, then if the phone if the voluble sequel injection, they could use the same log in screen to potentially
03:46
give some information back about the target.
03:49
So things like identity spoofing it can lead to avoiding transactions, data dumping, also the alteration or even the destruction of data and et cetera, et cetera. There was a lot of ways to do a sequel injection to get the information you need.
04:03
So types of sequel injection We've got different types, a union based air base and then blind sequel injection
04:11
so union based As the name implies, if you're familiar with sequel it all it involves the union statement. So basically, the union allows us to join together different select query. So I can say I wanna pull from here. I wanna pull from here, etcetera.
04:24
Now, one thing, though the select,
04:26
uh, each select needs to have a seat. Each select statement needs to have the same number of columns. And also they have to have similar data types for this to work successfully.
04:38
So air based. So basically, the goal here is just to get a terror back that either potentially contains table mains or some other type of valuable information for us that we can then use to try to exploit the database.
04:53
So blind sequel injection. This is actually the hardest one out there to do. So basically no air messages. They're gonna be received back from the database. So you don't know if you if you're really successful or not,
05:05
we've got a couple different times. We've got bullying based, which is a slow attack on the one thing that can tell you some information about if the ah, the databases vulnerable or not, basically the http Response may change. So if it if it returns back yesterday, knows answer to the statement
05:25
from the A c T. P response,
05:27
an attacker could potentially realized like okay, that that statement I threatened through we got a yes so that that's legitimate. I could do something with that or that didn't work. Let me try something else.
05:39
And then we have time based. So this one basically forces the database to await a purity time before responding ill. And so the response time can actually indicate the statement is either true or false for the attacker.
05:51
So some different types and sequel injection tools There's many of them out there. These are just the ones I've chosen. So sequel map. White Widow B B que es que well and then bluesky.
06:01
So sequel map command line Tool here and you can gather some different information.
06:09
Same thing with white widow. You'll see here just a quick screen shot to show you what it looks like.
06:15
So B b Q. SQL
06:19
and they're finally Bluesky.
06:25
So just one quick post assessment question for you here again. This was a very high level overview, a sequel injection, So question number one here based on it's the http information has changed. An attacker can see if the answer returned from the database is true or false in which type of sequel attack.
06:44
All right, so if you guessed, bully and baste, you are correct. If you remember, that's one of our blind sequel injection attacks, and the attacker can use the http information. And if that's changed, I can tell them that the statement is either true or false.
06:58
So again, in this video, we just took a very, very high level overview sequel injection, and the next module we're gonna go over hacking WiFi and also Bluetooth.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor