Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson focuses on how to check for tables in the database using SQLMAP to check known vulnerable web pages.

Video Transcription

00:03
So our next step is now to check for the tables in that database.
00:09
Now, the database is going to
00:12
when we go back, we'll decide which data basically want. But well, again. But
00:17
sequel map
00:18
deck, You are known vulnerable Page Tak tak tables Tak d
00:25
And then
00:26
which ever database? We want to go with you. Let's go check it out.
00:33
So here we are, back here. We're going to tack tack
00:37
tables
00:39
Tak uppercase d
00:41
and we're gonna go with exercises.
00:48
Now we see that the excess database has one table and that table is users, so that is very handy. Now we can look into that table and find for their information.
01:00
Uh, let's go back over your slides and check out. Checked it out.
01:03
So next
01:06
we went to look at the columns
01:08
in the database website
01:12
for the table users. So they'll be tec tec columns, Tak de website
01:19
or in our case, will be exercises
01:22
intact. T users. Let's go check it out.
01:42
All right,
01:45
so
01:46
we have our sequel map Tak you
01:49
page tec tec columns tak d
01:53
for the database exercises intact T users for the user's table. Let's say whatever but we'll get back.
02:02
All right. From this we got aged group I D I D name and then
02:08
their password, huh?
02:12
Well,
02:13
how could we, uh, we steal his passwords off out there? How can we get that column?
02:20
Well, we conduct that column and view all the information,
02:23
so let's go back over ice allies and check that out.
02:29
So if python sickle map
02:30
dot p y tak you so same as before. All that stuff
02:35
we're gonna do tech tak dump
02:38
tech d
02:38
I mean
02:39
our database tak t for the table users to check it out.
02:55
All right, so there's take columns out and type dump,
03:02
and
03:04
now the database
03:06
exercise table users
03:08
see the group I d. And I d. In the age,
03:14
the name and look at that.
03:16
We've got all of the passwords
03:21
for this page.
03:30
So very handy tool, too.
03:34
The numerator
03:35
passwords and that cz one tool that you can use to exploit
03:39
the
03:40
sequel databases. She got the other tool

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor