Part 9 - Discovering SQLI

Video Activity

This lesson offers step by step directions in how to perform a scan using NMAP. NMAP can be used as a vulnerability scanner. This lesson offers examples of scripts which can be used to accomplish this: • -p • -script • -script-arghs

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers step by step directions in how to perform a scan using NMAP. NMAP can be used as a vulnerability scanner. This lesson offers examples of scripts which can be used to accomplish this: • -p • -script • -script-arghs

Video Transcription
00:03
>> Next up, we're going to perform a scan with Nmap.
00:03
A lot of people don't know
00:03
>> that Nmap can be used
00:03
>> as a vulnerability scanner as well,
00:03
>> which is very surprising for a lot of people.
00:03
But you're going to be
00:03
>> more knowledgeable with the Nmap after this.
00:03
>> Our syntax for this scan will be nmap -p
00:03
>> which denotes the port number,
00:03
>> so we're going to run against port 80.
00:03
Then we're going to call the script
00:03
>> by typing --script.
00:03
>> The script that we're going to be using
00:03
>> is an HTTP SQL injection script that's shown here.
00:03
>> Next, we'll put --script-args.
00:03
What that does is
00:03
>> it lets us customize the script even further.
00:03
>> What we're going to be using to
00:03
customize a script even further
00:03
>> is an HTTPS spider script argument,
00:03
>> which will initiate a spidering of the page
00:03
>> and give us a max page count,
00:03
>> and will give us back all the pages up to 200 pages.
00:03
At the end, you'll type the target IP address.
00:03
Let's go check it out.
00:03
Here we are in our Kali environment.
00:03
We have our command here.
00:03
Let's execute it and see what we get back.
00:03
That was a fairly quick scan that we get from Nmap.
00:03
This scan shows why you need to use multiple tools,
00:03
and not just focus on one tool.
00:03
Nmap didn't provide back
00:03
the exact results that we wanted,
00:03
however, it's sad to say that it
00:03
won't get successful results
00:03
on another page that we might try.
00:03
>> This means that Nmap isn't really set up
00:03
>> to identify the SQL injection that is present
00:03
>> in the pen tests or lab.
00:03
>> You always need to use multiple tools here.
00:03
You can see here, however, that it did identify
00:03
some possible locations of SQL injections.
00:03
It did also give us back the MAC address
00:03
and let us know that the host is up.
00:03
It didn't give results back this time,
00:03
but it's not to say that
00:03
>> it won't give you good results back another time
00:03
>> against a different resource.
Up Next