Part 15 - Exploiting SQLI

Video Activity

This lesson focuses on using SQLSUS which is found on the Kali 2 platform. In this lesson, participants learn how to use SQLSUS to create a config file, name the attack, nano the file and then use the config file to launch an attack against a vulnerable web page to find tables, columns and users.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson focuses on using SQLSUS which is found on the Kali 2 platform. In this lesson, participants learn how to use SQLSUS to create a config file, name the attack, nano the file and then use the config file to launch an attack against a vulnerable web page to find tables, columns and users.

Video Transcription
00:03
>> Our next tool we're going to be using is SQLSUS.
00:03
SQLSUS can be found on K2 automatically.
00:03
There are some steps that we're going to have to take.
00:03
For SQLSUS, you have to type SQLSUS,
00:03
take G first,
00:03
to create the config file
00:03
and then name it whatever you want.
00:03
Well, we're going to name that Attack.
00:03
After that, we're going to Nano that
00:03
attack file to edit it.
00:03
Once we go to edit it,
00:03
we want to change the URL START to our TARGET page.
00:03
After we do that,
00:03
we're going to type SQLSUS ATTACK that
00:03
calls the config file that we created.
00:03
Whatever you call
00:03
your config file, that's what you'll type there.
00:03
Then we're going to type "Start" and then we're
00:03
going to type "Get Item".
00:03
That's going to show us all the available items,
00:03
that we can get.
00:03
It's going to show we're able to get tables.
00:03
Then now we're going to type "Get Tables".
00:03
Then it's going to show us the columns and
00:03
we're going to see a column for users.
00:03
Then we're going to type "Get Columns Users".
00:03
After that, we're going to type,
00:03
"Select Everything From Users"
00:03
to get the passwords. Let's go check it out.
00:03
[NOISE] Let's type,
00:03
SQLSUS here and we see some basic commands here.
00:03
We want to do SQLSUS,
00:03
tech G attack,
00:03
and the configuration successfully saved to attack.
00:03
Now we're going to type
00:03
nano attack and we're going to
00:03
>> open up that config file.
00:03
>> Now, if we come down here,
00:03
we see URL start.
00:03
Now in-between these double quotation
00:03
is where we're going to put our URL.
00:03
It's going to paste in our URL from before,
00:03
then we're going to hit "Control X".
00:03
It's going to ask, do you want to save?
00:03
We're going to say yeah, we want to save.
00:03
File name to write ATTACK,
00:03
and you hit enter and it's written.
00:03
Then we go back and we type SQLSUS [NOISE] Attack.
00:03
A session has been created for attack.
00:03
Next we're going to type start
00:03
[NOISE] and has pooled some targets for us.
00:03
We're able to see the version
00:03
the user and the database here.
00:03
I'll just type "Get Item"
00:03
and here are some items we can get.
00:03
It says" Hey, you can get tables", say get tables.
00:03
[NOISE] We have users as one of the tables we can get,
00:03
let's say, get columns, [NOISE]
00:03
Users never go.
00:03
Now we've gotten the columns.
00:03
We say, "Hey, they have IDs, names,
00:03
age group, IDs, and passwords."
00:03
We want to get the database here.
00:03
We want to dump this information.
00:03
What we're going to do is a little SQL query here.
00:03
We're going to say, select everything from users.
00:03
Look at that, we've now gotten
00:03
all the names and all the passwords for this website.
00:03
Once you've gathered your information,
00:03
you save exit and hit "Enter".
00:03
What's covered in this video?
00:03
We discussed exploiting SQL injection manually.
00:03
Then we discussed exploiting with tools.
00:03
The two tools we use were SQLMAP and
00:03
SQLSUS, happy hacking everyone.
Up Next