Time
1 hour 6 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hey, everyone is Canada Hill Master Instructor, A cyber. In this video, we're gonna talk about Web defense.
00:06
Hi, everyone. Welcome back to the course. So in the last video, we wrapped our discussion on Web application defenses. So we talked about the old glass top 10 in specific. And in this video, we're gonna go ahead and take a look at a quick sequel injection attacks. We'll do a couple of different commands and we're going to be used in the cyber lab environment. However, you can use your own virtual machines.
00:25
Now we're gonna be using a tool called Mutilate Day,
00:28
which is a deliberately vulnerable web application provided by a lost.
00:33
So, as I mentioned, we're gonna be using the cyber live environment for this particular lab. But you can also do it on your own lattes as well.
00:40
So all you need to do in the catalog is just come here to the search box and just type in. We're gonna be looking for the old glass top 10 a one injection lab on. That's a whole lot to type in. So the easiest thing to do is actually just typing in a one
00:53
and then you're searching for that
00:55
and you'll see it'll give us a couple different results here, but this one right here is what we're looking for. This introduction toe awas top 10 a one injection. So just go ahead and click on that
01:03
cook on the launch button next.
01:06
And then now you're gonna click on the launch item, But that's gonna actually go ahead and launch the lab for us. Now, it might take a minute or two. Do you actually go ahead and launch the lab? In most cases, in most cases, it takes about 45 seconds. So I'm just gonna policies video briefly and let it boot all the way up on my machine on and on your machine. You can just go ahead and pause the video and just wait until it fully boots up for you.
01:26
All right, so once the lab boots up for you, you're gonna be taken to the log in screen for Callie Lennox now, very important here. You're gonna want to use a user name and password of student all lower case and not the traditional route in tour, as we normally see with Callie Lennox. So just type in student for the user name again, All over case
01:47
and looks like it actually didn't take that. So there we go. So a student all over case and student for the password all over a case and that she had brought you into the Cali machine again. If we're using the traditional username and password for Callie Lennox, it's gonna take you into the wrong environment inside of the cyber relapse. Now, if you're using your own
02:05
lab set up with Callie Lennix, you're going to using the traditional
02:07
log in for that to access your machine.
02:12
All right, you'll see here. It doesn't take too long to boot up the Cali machine forest. So our next step, we're gonna go ahead and launch fire Fox. So the way we do that, we should just click on this orange colored icon here near the top left.
02:22
Go and click on that is gonna launch Firefox for us. And what I should do is take us immediately to the mutilated a Web page.
02:30
It just takes a few seconds or so. Now it's a matching Mattila days just deliberately vulnerable Web application. If for some reason when you launch Firefox here it doesn't take you to the page. You should see a, uh, shortcut here. To go to me till today Invented should take you to the page. I've noticed. Sometimes in this lab, it's It's a little, uh,
02:47
a little buggy sometimes. And so it may not take you directly to the page,
02:52
but you can always click on that, and it should take you directly here.
02:55
All right, so let's go back to our step by step lab guide here and again. The step by step lab guides, along with all the other supplementary sources, are in the resource is tab of this course. So if you haven't downloaded those yet, be sure to do so.
03:07
So we're just going ahead. As I've talked you through this, we've gone ahead and skipped through many of these steps here. So we we already loved into Siberia. We should have already been loved in. We went to the catalog and search for the lab. We launched the lab. We went ahead and let it launch up for us here
03:22
and now We're at the Cali lyrics log in screen.
03:24
We've gone ahead and entered in student for the user name and password where we went to the Kelly desktop. And then we just launched Firefox again. I mentioned it should take us to the Mattila Day Web page. If it doesn't, just go ahead and click that little icon there. That should redirect you to the correct spot. So now we're down here on step number nine. So we're just gonna navigate
03:44
to a particular log in screen inside of Mattila day here,
03:46
and then we're going to do our first sequel Injection attack. Now, as I mentioned before with injection attacks is very good as one of the defenses to validate input. So this is what we're gonna see here is because the input is not validated, were able to do certain things.
04:02
So let's go ahead. And on the left side, we're gonna navigate to a lost 2017 that we're gonna navigate to a one injection sq. Well, that we're gonna navigate to SQL. I bypass authentication and then finally to the log in page. And then we're gonna go ahead and use this username and this password for loving in.
04:23
All right, let's go and do that now. So we're just gonna go to the ER lost 2017. We're gonna go to the A one injection the SQL this top one here, we're gonna go to SQL. I bypass authentication. So the 2nd 1 down there and then you'll see that the only option we have is the log in options. It's going and click on that.
04:41
Our son, our the log in screen. Here's let's go back to our lab document. We're gonna use this username right here on step number 10. So use your name of admin all over a case and then the password We're gonna be happening. This statement here, this whatever a pasta free space or space one equals apostrophe one,
04:59
and then we're gonna press enter on the keyboard, and we're gonna see what happens. We've got a question coming up in just a few steps there to take a look and see what's actually happened once we've done this.
05:08
So just go and type in admin
05:10
for the user name and then in the password field again. Whatever
05:15
apostrophe space for
05:18
space one equals apostrophe one.
05:21
All right, So once you've done that, either hit, enter on the keyboard, I just click the logging, but in there
05:28
and you don't worry about remembering. The password is going X out of that there. Let's go back to our step by step lab guide real quick. We're just gonna come down here. So we see our question one here. We're gonna look at the top right of the Mattila day page here. And are we loved in his route is the question Are we loved? It is a route user now with using that user name and password.
05:47
All right, well, you see here that that's a pretty easy question to answer, right? We see that I am logged in as the admin on it even tells me, Got route S O. I get a good hint there that Yes, that is a route to count.
05:59
Are Let's go back to our lab guide here.
06:01
So next we're gonna go ahead and just lock out on. Then we're gonna be typing just this into the user name field. So let's go ahead and try that. Let's go and take the log out here near the top left,
06:13
and it should redirect us back to the log in page. And then now we're just gonna go ahead in the user name field and just type in admin. All over. Case
06:21
apostrophe,
06:26
semi colon. Move my mouth so you could see and then the pound sign. So just like that, And then again, you can either press enter the keyboard or just click the log butt in there.
06:36
Well, it's doing that. Let's go back to our lab guide.
06:39
So, you know, we did leave the password field blank here. The question is, does didn't allow us to log in while leaving that password field blank.
06:46
And then the second question here,
06:48
if it did allow us to log in what account shows as logged in at the top. Right. So we see here that Yes, it looks like we've been able to log in like we did before. And we see we have the same username, that same admin account up there. So we've been able to log in, Is the administrator
07:05
All right, Let's go back to our lab guide here. So now we're at step number 17. We're just gonna navigate to a slightly different location. So still the last 2017 Still the a one injection, and then the SQL I extract data was to change here, and then we're gonna go to the user info, sq will. That's gonna give us a different log in screen. So let's go ahead and do that now.
07:29
So all last 2017
07:31
a one injection SQL
07:33
SQL. I extract data. So this top one here and then finally, user info and again, Ah, lot of times with me till today. It just gives you that one option or a couple of options. So it's pretty easy to navigate around this particular tool.
07:46
All right, let's go ahead. Just click that user info area. We should see another log in screen as we do here.
07:51
All right, So first we're gonna try a previous attack. We'll just go back to our lab guys. You could see that. So we're to try the previous attack. We did. So just in the user name field, we're gonna type in admin, apostrophe, semi colon and the pound sign. And the question is, with that, do we see any password information after we run that particular command? So let's see what happens when we run that
08:09
command at this log in screen. So admin,
08:13
apostrophe, semi colon and the pound side
08:18
and again either just press enter in the keyboard or just click the view account details button.
08:22
And we want to see if we see any type of password information. That's our question here. Question number four. Do we see any password information
08:30
and, well, at least I do on my side, right? I see that the password is admin past, so no, I have the password. I've also got a signature here which may or may not be valuable in real life, but I've definitely got a password here and a user name, which I already knew, and so that's very valuable information.
08:46
All right, so now we're down here on step number 20. So the next thing we're going to do here is we're gonna go ahead and type in this command into the user name fields where it's gonna type in the string here. This admin apostrophe space or equals one equals a serving of space or space One equals one semi colon in the pound sign.
09:07
And then the question is, do we see any of the type of user credentials once we've type that in, So let's go and just type that in now.
09:15
So it's gonna type in admin apostrophe space or space one equals one
09:22
semi colon in the pound sign.
09:24
And we're gonna see what kind of information we get back here.
09:28
So if we scrolled out just a little bit, the question here was Do we see any other user credentials in the output? And yes, we do, right? We see that we've got Adrian stuff, John stuff, Jeremy, stuff, prices, stuff, etcetera, etcetera. So we get a lot of other users information,
09:41
and the reason we get that is because we're telling the database. Well, if one equals one, essentially send us, you know, back all the user name stuff, right. And obviously one equals one. We know that for anyone that knows math on so that database, because we're not validating the input, we're not
09:56
putting any parameters on it. It's just spitting us back, basically all the user names and passwords that are in the database.
10:03
Next, we're gonna go back to the top here, just log out and we'll go back to our lab guide.
10:09
When you have one more command, we're gonna run here. It's a union statement, and basically this allows us to target if we know how many columns are in the database or if we have ah, generalized guest, we can basically run. Keep running this statement and increment it on this type of something that we probably do like in a script. If we're attacking a company or, you know, some some target,
10:28
I would just do this type of thing in a script because I wake it incriminated
10:31
by Warren every single time. And we wouldn't have to sit there manually typing this in.
10:35
All right, so what we're gonna do here in step 21 we're gonna go back to the essentially the same spot for step 17. So we're gonna go back to the A one injection SQL SQL. I extract data and then user in fault.
10:48
Since you were going back to this same log in screen, but we just want to refresh it. The easiest way to do that, uh, least that I found in the cyber lab is to go through just like this. So just go in, uh, injection SQL SQL. I extract data and then user info.
11:03
And then once we get there just in the admin Excuse me. The username field, we're gonna type in that long commands were going type in that admin
11:11
apostrophe space union
11:15
space. Select
11:18
one
11:20
common space. Use your name
11:22
comma space password.
11:26
Common space for the same thing here. Common space 56
11:31
seven
11:31
And then from and then accounts
11:35
apostrophe and the pound sign. So if you're follow along here, If I went too fast, they're just going to pause the video and go ahead and enter him that command off the step by step guide there, once you've entered that and just go ahead and hit, enter in a keyboard or just click the button there to log in.
11:52
And so the question here is there anything different about this output than the previous one we had just seen where listed all the user name and password. Is there anything different on this output that you notice
12:05
hearts? If he said that the signatures are different, you would be correct, right? You notice all these have the same signature number here, but at the previous command that we did, we noticed we actually have the signature itself, right? So we had the string of letters or numbers. Whatever was that? The person signature was that that information we have with the previous one

Up Next

Web Defense Fundamentals

In this web application security course, you will learn the fundamentals of web defense and web aapplication security, with a focus on the Open Web Application Security Project OWASP Top 10 and how they approach the various vulnerabilities that can be found in said web applications.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor