Part 11 - Discovering SQLI

Video Activity

This lesson focuses on the Arachni free scanner. In this lesson, participants receive step by step instructions in how to cd into Arachni and use it to scan for vulnerability via the local host and admin account using the target URL command to check for SQL injections and perform a direct scan and discover examples of SQL injections. You can hit 'r...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson focuses on the Arachni free scanner. In this lesson, participants receive step by step instructions in how to cd into Arachni and use it to scan for vulnerability via the local host and admin account using the target URL command to check for SQL injections and perform a direct scan and discover examples of SQL injections. You can hit 'review' to see what was injected, what was sent as well as the response (if any).

Video Transcription
00:03
>> Finally, we're going to show you
00:03
another great free scanner, which is Arachni.
00:03
Let's go check it out. We're going
00:03
to come over to the folder.
00:03
Let's come over here and
00:03
jump into the Arachni folder
00:03
through our CD to our desktop.
00:03
Do a quickly LS.
00:03
I see our Arachni folder,
00:03
CD into arachni.
00:03
[NOISE]
00:03
Here we are.
00:03
I can't remember exactly where it was located at.
00:03
We're going to run the Arachni web script here,
00:03
to get the Arachni web setup.
00:03
We see here that it's listening on port 9292 localhost.
00:03
We're going to come over here to our browser,
00:03
we're going to do localhost 9292.
00:03
The admin account is admin@admin.admin,
00:03
and then the password is administrator.
00:03
I typed that incorrectly. There we are.
00:03
We're going to come up here to Scans, click Now.
00:03
I'm going to do a target URL of 192.168.0.11,
00:03
or whatever it is that you choose.
00:03
Remember to add the http.
00:03
We're going to check for SQL injections.
00:03
If you want some special description in here,
00:03
something for you to remember,
00:03
the different kinds of scans that you're doing
00:03
or who you're doing for or something like that,
00:03
you type that right here in the description portion.
00:03
We're going to perform a direct scan,
00:03
and then click Go.
00:03
Now, our scanner is initializing and running through,
00:03
so let's let it do its thing.
00:03
We're starting to see some results here.
00:03
We scroll down here.
00:03
We can see, hey,
00:03
look at that sqlexample1 has found
00:03
>> a SQL injection here.
00:03
>> We click Awaiting Review,
00:03
and it'll give us some further detail such
00:03
as what exactly was injected into it,
00:03
then the request that was sent.
00:03
If there was a proper response back,
00:03
it would be here, but there was
00:03
no a proper response for this one.
00:03
Here's some more information about the SQL injection,
00:03
which can be very helpful for building your report.
00:03
Now, you can click Scans here,
00:03
and it will show you
00:03
your current scans and
00:03
any scans that you had in the past.
00:03
Then you just click on the I,
00:03
and it'll take you back to your current active scan,
00:03
and you can continue looking at and reviewing
00:03
the different injections here that you get.
00:03
Now, as you can see here,
00:03
that this may be missing some contacts
00:03
because the scan is still running.
00:03
If we wait for the end of the scan,
00:03
it'll give us some more detail about what
00:03
actually it found, fully.
00:03
Let's let this continue scanning here.
00:03
As we can see here, we can see the run-time,
00:03
how many pages it's actually scanned,
00:03
and how many issues it's found.
00:03
Let's let it continue doing its thing here.
00:03
The scan is complete.
00:03
Its found seven different vulnerabilities.
00:03
Let's go check out the review further to see
00:03
what additional details we may have gotten from this.
00:03
It recognize a fantastic tool,
00:03
it allows you to heavily edit your scans.
00:03
Now, we can look at the different profiles for
00:03
scannings and we can see
00:03
what different areas is actually fussing in,
00:03
what it actually it's putting
00:03
into the different fields here?
00:03
If we wanted to customize the SQL injection,
00:03
we go over to our profiles,
00:03
click the Edit button.
00:03
In here is where we
00:03
would edit what we were audited and things like that.
00:03
This is very important
00:03
for how in depth you may want the scan and go,
00:03
how aggressive you may want,
00:03
any usernames that you want put in and in passwords.
00:03
Say you have an application that
00:03
requires being logged into,
00:03
you can put your authentication methods here,
00:03
let it login and scan even deeper into the page.
00:03
Very handy stuff, very useful stuff.
00:03
Download Arachni, tweak it,
00:03
check it out, it's fantastic.
00:03
What exactly was covered?
00:03
Why the scanning is important.
00:03
Why the discovery is important.
00:03
Two different types of discoveries,
00:03
and then we also discussed
00:03
these different tools that you can use.
00:03
I showed you some examples of how to use them.
00:03
Go, play a little,
00:03
try out the different variables,
00:03
see what you can dig up.
00:03
>> Happy Arachni, everyone.
Up Next