2.4 Manual SQL Injection Attack Lab 1 Part 2

00:00

everyone Welcome back to the course. So in the last video, we went ahead and launched our

00:04

several have environments. We launched her virtual machines. We also went ahead and navigated to the utility a page. And then we practiced using some sequel injection commands to basically bypass a user name and password field on the page itself.

00:19

And we left off by navigating in step 17 to all US 2017 a one injection sequel extract data, and then we went to the user info logging screen, and that's where we're at right now.

00:31

So what we're gonna do again is try to bypass this particular log in screen and see what kind of information that we get out.

00:39

So what we're gonna do here is we're just gonna type in admin

00:44

single ho Tae Shin Mark and then the pound sign.

00:47

And once you do that, either hit and turn the keyboard, just click on log in. And our goal here is to see what kind of information we get back out. So he's curled on the page Here. You'll see the information. I get it if we go back to our lab document here.

00:58

Question number four do we see any password information after we ran that particular command? Well, on my end, the answer is yes. Right. I see that I've got admin passes, the password here. And if this were a real life situation, I could potentially use this username and password to gain access to other systems on this organization's network.

01:19

So now let's go back to our lab document here.

01:22

So the next thing we're gonna do here in step number 20 as we're gonna type in this string right here, So we're gonna type in admin, single quotation mark space or space one equals one, and then the pound sign in our goal here in question number five is to see if we get any other user credentials besides just the admin one.

01:41

So let's go ahead and type that in now.

01:44

So we're just gonna type in admin all over case

01:47

we'll put a single quotation mark. We'll put a space and then or

01:51

space and then one equals one and the pounds. And

01:55

once you've typed that in similar thing here, just go ahead and turn the keyboard. And again, our question on question five is Do we see any additional information

02:04

besides just the admin account.

02:06

So we see the answer to question five Police on my side initiated. The same results in yours is yes. We see that we are getting other accounts. So, for example, Adrian, we have John. We have Jeremy, and we're also getting the passwords as well as the signatures for all of those accounts.

02:23

All right, so let's go back to our lab document. No.

02:25

So the next thing we're gonna do here on step number 21 is we're gonna go ahead and log out on this page, and we're gonna navigate back to the log in screen here, So let's scroll back up to the top.

02:39

How are we?

02:47

All right. So the next thing we're gonna do here on step number 21 is we're gonna navigate back to the log in screen here are basically just gonna kind of refresh it. So we're gonna go to the lost 2017 a one injection SQL SQL. I extract data and then user info. So basically back to the same spot we're at right now.

03:04

So I lost 2017 injection SQL

03:07

SQL I extract data and then our user influence

03:13

All right. So the next thing here in step 22 we're gonna enter this long command right here.

03:19

So basically, we're gonna be using a union statement and trying to get information about these areas of the database. So we're trying to get the user name and password from these particular columns in the database.

03:30

So let's type all that in there again. This is going to go in the user name line here,

03:35

so we'll type an admin single quotation space union space, Select Space one,

03:43

Obama 4567 etcetera. All the way through this entire string here. So we'll talk. We'll talk about that as we type it in.

03:50

So here in the name field, just tape in admin.

03:53

Single quotation space union

03:55

space, Select

03:59

space one comma space user name,

04:02

comma space password,

04:05

comma space four comics based, five comma space six comma space seven. And they were gonna put a space and then from space accounts. And then we'll end with a pound sign.

04:18

So it's a lot to type in there. So if you felt I went to fastest, go ahead, positivity and type it in on your side and restart the video once you're ready.

04:26

And now we're just gonna press enter on the keyboard there. That's gonna run the command force. Now, what you're gonna notice if we scroll down here, is we see the similar credentials that we were getting before, right? But there's something different. So question number six here

04:41

Is there anything different about the output? Yes, there is. You'll notice a difference from what we entered before is that we see the signature we no longer get. So if remember, a lot of these accounts we have the signature area for we don't actually get that here. All of them. Just say the number four.

04:56

All right, let's go back to our lab document here.

04:58

Now, the last part of this lab is actually just taking a look at the U. R L So we're just gonna navigate here in step 23 to the URL address bar of the top here, and we're gonna click in there and go to the right, and we're basically just looking at the encoding and the u R l just see an example of what that looks like. So if we just click up in top here

05:15

and its use your right there on the keyboard to navigate over

05:19

and you'll see a couple of of things here from this particular command that we entered in. S O. You know, if you remember the command, we did, you know, admin, single quotation union select one.

05:30

And then we did a space, and then we did a comma. So you'll notice that the first encoding we see here in the U. R. L is gonna actually be the comma. Right? So we see the plus sign is the space and then the comma. It's not gonna take a comma, but it will take this encoding right here. So if we did 1% to see that's gonna be the encoding for a comma.

05:49

Now, the other thing that I want to show you as we continue over on this particular screen

05:56

is we're also gonna see when we get all the way to the end The pound sign on And I kinda mentioned earlier that we got the percentage and then 23 So we come all the way over here, you'll notice that right here,

06:08

this percentage sign and then the number 23. That's actually the encoding for the pound sign so again in the u. R l it's not gonna take the pound sign, But if we type in the percentage sign and then 23 it's going to take that and the equivalent is gonna be the pound sign that we would use. For example, if we were using it on the log in screen here,

06:26

if we're attacking the u. R L, we could use percentage 23

06:30

for the pound sign.

06:31

So I just want to show you that now, as I mentioned before in the next lab, we're gonna be covering a tool called the sequel Injection Vulnerability Scanners. So we're just gonna basically show you how to install that and run the commander of Quick Now again. As I mentioned these upcoming labs, I'm gonna have certain sections of them blocked out. So specifically with the SQL Ivy

06:51

lab, I'm gonna be blocking out the websites that I run the scan against.

06:57

And then when we get to the sequel map only blocking the u. R L that I'm using because again, I don't have permission for students to use that particular u R L to practice attack. So I just want to put that out there. So again, with this entire course, just make sure that you're using stuff you have access to. I provided a lot of resource is you can get hands on with

07:15

in the resource of section. So make sure you download the documents there

07:17

and visit all those areas to get more training on sequel injection. So I'll see in the next video again. In this video we just covered, we wrapped up our our lab on manual sequel injection attacks you again, just typing in the commands there. And we've specifically focused on number one, bypassing log in stages. And then also we used

07:36

commands to try to get information on back by

07:39

about user names and passwords and basically log in credentials in this particular database.

07:46

And in the next video, we're gonna be covering the SQL I Excuse me, the SQL Ivy or the sequel Injection Vulnerability scanner. Again, I'm gonna be showing you installing it real quick and Callie Lennox And then we'll also run a quick scan with it, and again just keeping in mind that of the step by step instructions for that video will not contain

08:05

the, uh, anywhere else they will contain the command that I'm using for the Google dork. But it will not contain the u. R ails that I'm getting back. I also have those blocked out and then also again in the sequel map lab. I'm going to be in the instructions. I'm just gonna basically say the U R l in the instructions. I'm not gonna tell you the actual girl that I'm using, but I will tell you like

08:24

this is where you should enter u R l in the particular command. So

08:28

wanna put that up front? Keep that in mind. And if you want more hands on sequel injection stuff the assessment for this course and we'll talk about that later on the course that will give you more some more practice hands on as well as all the resource is I've included for you with the court. So