Part 8 - Discovering SQLI

Video Activity

This lesson offers examples of sequel map script using the Python programming language: • -U • --Forms • --Batch • --Crawl • --Level • --Risk Using the Kali environment, participants receive step by step instructions in how to conduct pen testing.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers examples of sequel map script using the Python programming language: • -U • --Forms • --Batch • --Crawl • --Level • --Risk Using the Kali environment, participants receive step by step instructions in how to conduct pen testing.

Video Transcription
00:03
>> Next, we're going to show you SQL map.
00:03
Here's some syntax for SQL map.
00:03
If you had the SQL map script,
00:03
rather than having a brainstorm,
00:03
you would have to type PYTHON SQLMAP.PY.
00:03
However, we already have it pre-installed,
00:03
so you'll just need to type SQL map.
00:03
Then you will type -U
00:03
and -U is for the URL.
00:03
After that, you would type the URL.
00:03
For us, it would be the IP address
00:03
>> of the pen tester lab.
00:03
>> We do --FORMS,
00:03
which that means it will parse
00:03
through and test all the forms.
00:03
--BATCH,
00:03
which is non-interactive mode.
00:03
Usually, SQL map will ask you a bunch of questions.
00:03
These just accept all of the define answers for you.
00:03
--CRAWL equals 10.
00:03
How deep do you want it to cross sign?
00:03
Meaning, if it finds other pages,
00:03
how far down the rat hole do you
00:03
want it to go with all these other pages?
00:03
You necessarily don't want
00:03
it to follow every single page,
00:03
especially if you have something like Facebook.
00:03
If you own a website like Facebook or
00:03
some other site where users
00:03
have user profiles and they're all
00:03
>> linked to each other,
00:03
>> you don't want your program to just
00:03
be running until it goes through
00:03
every single user profile because
00:03
the user profile pages are going to have
00:03
the same vulnerabilities
00:03
>> if they do have a vulnerability.
00:03
>> Then --LEVEL level is different from
00:03
the level of tests like crawl. --LEVEL.
00:03
This is how in-depth do you want this test to go.
00:03
Then --RISK is are you
00:03
really worried about causing
00:03
>> a lot of noise and traffic,
00:03
>> or are you worried about possibly crashing something?
00:03
We're not worried about this, our risk
00:03
is going to be three when we do it.
00:03
Let's go check it out. Here we
00:03
are in our Kali environment.
00:03
We have SQL map -U,
00:03
we have our IP address forms, batch,
00:03
crawl, that equals 5 and risk, will equal three.
00:03
crawl is going to be level 1
00:03
because we really don't need to crawl this.
00:03
Everything that we need is going to be right there at
00:03
face value right on that one page.
00:03
Let's hit enter here. It starts
00:03
running through its tests of SQL vulnerabilities.
00:03
Now, you can see it started on XSS example 1.
00:03
Now, it's going to go through a whole gamut of tests.
00:03
We know there's SQL vulnerabilities
00:03
on cross-site scripting example 1 page.
00:03
What we're going to do is hit Control C,
00:03
and it's going to ask us if we
00:03
want to skip the current test,
00:03
go to the next parameter change for verbosity, or quit.
00:03
We want to skip the current test.
00:03
We see it jumped over that test.
00:03
That's good if there's a test that's hanging,
00:03
but we want to skip over the entire page.
00:03
We're going to hit Control C again.
00:03
I'm going to hit E,
00:03
and it jumps over to the next page.
00:03
Now we see here that it's going to
00:03
>> example 2 right here.
00:03
>> I hit Control C again.
00:03
We're going to keep doing this until
00:03
we get over into our SQL injection pages.
00:03
Then we're example 4,
00:03
example 5, example 6,
00:03
example 7, we're getting close.
00:03
I believe we are in our first SQL injection page here.
00:03
Now, we're going to do a quick hop over here.
00:03
I may accidentally exit it.
00:03
Be very careful with what commands you
00:03
type or else you will mess up your scan like that.
00:03
Let's quickly get back there real quick here.
00:03
We are in our first SQL injection page.
00:03
Now, it's going to run through a whole
00:03
gamut of test here.
00:03
I've run this before,
00:03
and sometimes it can take a little bit of time,
00:03
sometimes it could take a long time,
00:03
but here we see it took relatively quick time.
00:03
We have detected a SQL injection vulnerability here.
00:03
It's telling us a whole gamut of information here.
00:03
It tells us the type of test that was used.
00:03
We get a blind SQL injection or
00:03
Boolean blind a union query,
00:03
and it all came back as
00:03
identifying that there was a vulnerability here.
00:03
It also tells us some
00:03
additional database information here
00:03
which is extremely helpful
00:03
if we want to further exploit this.
00:03
It tells us it's a MySQL database.
00:03
The web application uses PHP and Apache,
00:03
and the operating system is Linux Debian 6.
00:03
When it comes time to exploit,
00:03
this information will be very handy.
Up Next