Part 7 - Discovering SQLI

Video Activity

This lesson talks about automated types of discovery and teaches participants about the gollowing variants and where to find them: 1. VEGA: Freeware and GUI-based found on KALI 1 and 2 2. SQLMAP: Freeware and CMD line based found on KALI 1 and 2 3. NMAP: Freeware and CMD line based found on KALI 1 and 2 4. ZAP: Freeware and GUI-based found on KALI ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson talks about automated types of discovery and teaches participants about the gollowing variants and where to find them: 1. VEGA: Freeware and GUI-based found on KALI 1 and 2 2. SQLMAP: Freeware and CMD line based found on KALI 1 and 2 3. NMAP: Freeware and CMD line based found on KALI 1 and 2 4. ZAP: Freeware and GUI-based found on KALI 1 and 2 5. ARACHNI: Freeware and GUI-based found via the Arachni Scanner web site 6. BurpSuite: Freeware and GUI-based found on portswigger.net This lesson specifically focuses on VEGA and offers participants step-by-step instruction in how to use it.

Video Transcription
00:00
>> The other form of
00:00
discovery where we are going
00:00
to discuss here is automated.
00:00
There a lot of awesome tools out there that will force
00:00
different web applications to
00:00
find these vulnerabilities for you.
00:00
We're going to talk about a couple of
00:00
them here that you can give a free.
00:00
VEGA is GUI based freeware found in Kali and Kali 2.
00:00
SQL map is command line base and it's
00:00
also free and found Kali and Kali 2.
00:00
N map is also command line-based.
00:00
Again, based on Kali.
00:00
ZAP or the OWASP Zed Attack
00:00
Proxy is GUI based and that
00:00
can be found on the operating system as well.
00:00
Recognize GUI based, however,
00:00
you have to download
00:00
>> it from the Arachni scanner website,
00:00
>> which you should have done earlier
00:00
when we were setting up the environment.
00:00
Finally, Burp Suite is
00:00
GUI basically purchased from Portswigger.
00:00
I don't expect anybody to actually
00:00
purchase Burp Suite for this class.
00:00
Burp Suite is a $300 program.
00:00
However, there is a free version
00:00
of Burp Suite on there that does
00:00
everything except
00:00
the actual scanner portion of the program.
00:00
Let's hop on a Kali and check out how VEGA operates.
00:00
Here we are in our Kali 2 environment.
00:00
Remember you have to go to applications,
00:00
web application analysis and then
00:00
click VEGA in order to get the tool operational.
00:00
We'll take a second for it to pop up.
00:00
Once it does, you'll be good to go.
00:00
We have our VMs networked properly.
00:00
Because we were able to browse
00:00
to the Pentester lab's website.
00:00
Now in order to scan with
00:00
VEGA and you will click New Scan,
00:00
>> will start a new scan.
00:00
>> You will want to enter the address
00:00
[BACKGROUND] of what you'll be scanning.
00:00
Then in here you want to select
00:00
your different types of modules
00:00
that you'll be scanning for.
00:00
We want to be scanning first people injection.
00:00
Let's turn everything off.
00:00
Let's scroll down here and find
00:00
>> all of our SQL injection.
00:00
>> There's some blind SQL here.
00:00
Scroll down further and make sure
00:00
we didn't miss anything.
00:00
Here we go. Blind SQL injection missed that one.
00:00
Click Next. Now if you had an identity you wanted to
00:00
sign in as, where you would select here.
00:00
You would have to set the identity up
00:00
and in the configuration of VEGA if you wanted to,
00:00
but we don't need an identity to
00:00
scan the site as for the SQL injection.
00:00
If there are any special parameters
00:00
that you want to exclude,
00:00
this is where you would put those parameters.
00:00
If there's anything that might be
00:00
sensitive on your network
00:00
that you don't want getting fuzzed,
00:00
that's where you put this at.
00:00
Now, the scans going to kick off here.
00:00
Up here we can see that some spidering has been done.
00:00
We see the address of 19268, 11.
00:00
These are some links that were found by
00:00
VEGA and it attempted to spider out to them.
00:00
However, since we're not connected,
00:00
it wasn't successful with
00:00
attempting despite of it was successful,
00:00
you'd see a whole lot like this here.
00:00
There's one reason why we want to be careful
00:00
with how we're performing our scans environment-wise.
00:00
Because anything that we spider could reach
00:00
out and touch and continuous spidering,
00:00
other things that we might not have permission
00:00
to and it might look like an attack.
00:00
Let's give VEGA some time here to scan.
00:00
[NOISE] Now the scan
00:00
is complete and we see
00:00
that we have some SQL injection vulnerabilities here.
00:00
Let's come over to our scan alerts.
00:00
Drop it down and we see the IP address of the server,
00:00
that website that we were scanning here,
00:00
drop down again, we see our high results.
00:00
If there was anything else,
00:00
those medium or low, those would be listed here.
00:00
Here we have all of our web pages that
00:00
are supposed to have SQL injection vulnerabilities.
00:00
We know for a fact that they do
00:00
because that's how the lab is designed.
00:00
We'll come over here and click on example one.
00:00
It gives us this nice little breakdown here.
00:00
It gives us real quick the resource,
00:00
parameter that was used, the method.
00:00
It will get method. That's how it performed
00:00
the SQL injection. The risk here.
00:00
Then it shows the exact request that was sent.
00:00
You see here in the request,
00:00
the escape characters that
00:00
we had talked about earlier are being used.
00:00
If we go further down,
00:00
there are some discussion
00:00
about the SQL injection vulnerability,
00:00
the impact of it, and
00:00
remediation as well as some references.
00:00
This portion of the report is awesome because
00:00
it helps you write your report very easily.
00:00
If you're a person who you're creating a report for,
00:00
doesn't really care about the impact.
00:00
Once a remediation, you can give
00:00
them these remediation tips.
00:00
It's very good free tool you can use here.
Up Next