how hackers use SQL Injection to dump out passwords?!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

i know why you're here you want to be able to see all the passwords on the website isn't it i know that and yes we are going to do just that as crazy as it sounds [Music] now before we get started kids remember hacking is illegal if you get caught hacking you don't tell them you know who is mr heckler okay come here smash the like button and subscribe to the channel so that you don't get hacked sorry i mean so that you can be kept abreast of the latest article hacking tutorials that we're doing for you all right so this will be what we'll be hacking today so i mean this will be what we've been learning today so you have a best friend mr hackaloy on the left right here and what mr hackaloy will be doing is to target a server so from the server right here what we are looking out for is different types of displays that allow us to look at say user information like a user profile or a user profile page or it could be about products so whatever the case is we are trying to find what we call as injection points so this will be the places where we're looking for so that we can inject our sql statement over so we're able to retrieve and display those data so in this case what the hacker could do is that target server and after which they use statements like union to help us query into all the tables within the database so that we're able to retrieve other information like say for example the password field right or any other information like the address and all this different personally identifiable information and then be able to display them back as they are being processed and then after which retreat from the database going back to the web page so we're able to view and dump out all this critical information so right here we've called it's running and we are on a browser and we're targeting a site so right in front of us we're mutilated too so this is going to be a vulnerable website for us to target so what we can do now is we can go on the web services under rest sql injection and click on our user account management and this is a really popular way for different types of systems and services to interact by exposing different web services so in this case for example we have the get method and from the get method it states the following get a particular user so what can happen here is that if i click onto the link you can see the changes made under the uri and from here you can see the following so there's a result accounts username signature information so this display certain information from us and we know that backend there could be a database running and we're trying to pull out our information from it so what i've done here is i've already started purposely to be our interceptor and i hit back over to the browser i go to the top right corner i clicked on this foxy proxy i clicked on worksweet so now we're beginning to intercept a request and if i go hit enter again and we can see right here we have the interception and from the interception what i can do is to right click send over to repeater so what we are doing here is we're trying to change up the different way that we're requesting into a target server to see whether it is susceptible to different types of attack methods and whether we're able to ultimately retrieve information from other tables so from here i can go ahead and send the request and we get back the same information so in this case resolve accounts username and so on and so forth so all these outstanding things are happening and what i can do now is i can test out different type of input say for example i can put a single code click send on that and you can see right here we're getting exception line two to nine file we have the error number one zero six four you have an arrow in your sql syntax check the manual that corresponds to mysql server so we're getting a lot of information we're getting the syntax to use near so you can see right here and we have the query so query select username my signature so that's two columns from accounts where username equal to adrian alright so this gives us insight into the sql query that's being used as part of querying the database to return and display information on the web application server and so what we can do here is you can see the following we have sql statements we're in the bluetree schools and we have the select so we're selecting the columns within the tables of a database all right so you can see here we're selecting the column customer name address from customers and i click run sql and from here we have the number request we have 91 records and we can see different information so this helps us develop the sql query that we want to use to hijack into the target system and what we can do next is to think about okay there is a where all right so in this case we have a customer name equal so say for example in this case we have the first customer right so this is what we're inputting into the target system okay and once we have that what we can do next is to be able to say union select so this is the part where we are trying to pull out information possibly from other tables so if you see on the right side with like customers categories employees and so on so all this could be the other possible target tables and the columns within them now what we can enter say from union select is that we can go ahead and enter say things like all right perhaps i want to look for a birth date perhaps i'll look for notes from employees so we are targeting a separate table so once i go ahead and click run sql on this you can see the following right we have now replaced the data in the column for customizing address or able to pull up information from the other table and populate them into the following columns so here we have the following so in this case we have the birthdate and the nodes all right from employ so which is a different table so in this case what we are doing here is we are targeting other possible fields or columns say for example like password field or it could be possibly on the other information like username from a separate table so we're trying to retrieve those sensitive data out of the tables within the database so say for example what i can do here is i have the single quote and what i can do now is go enter say union and then follow by select followed by say username alright so which is a critical column and then followed by say comma password which is a not a critical column and then followed by from and in this case possibly one of those table names could be accounts or it could be users so all this is a different type of common table names that are regularly used that we can try to go after so once you're ready go ahead in three two one click send and we can see right here we have the following information all right so we have the username we have the signature all right that's the first information we got then subsequently we have username admin the my signature in this case is going to be the password so if admin pass so we managed to get the password of all these different users within the table and if you look at the end we have the following interesting information here we have hacker and with the password one two three four five six seven eight so if i jump back over into the side i can enter the username hackaloy all right and one two three four five six seven eight and then we click login so we manage to hack into mr hackaloy if you see right here on the top right corner locked in user hackerloy so one problem you encounter is that we are retrieving two columns at one time and that may not be sufficient number of columns if you're trying to pull out the whole of the table so what can we do then so we can use something like concatenate all right so in this case we can say select concat and what we doing here if you click run on it is that we are matching or we are being able to push in multiple strings together right so in that case this becomes one single column so we're able to retrieve multiple columns and then be able to display them out into a single column when it comes to being able to retrieve all this different information so say for example what i can do here is i can change this and add this with the concatenate so i enter concat and then followed by say for example password and then is all right so once i have that over here i can do a comma and then we have the password field and then with this i go ahead and click send all right so once i click send on this you can see the following here right my signature password is all right so this helps us add in additional information or even possibly pulling out more information from multiple columns and then displaying them out into the limited say two columns that we're able to display so once again i hope you've learned something valuable in today's tutorial and remember like share and subscribe and turn on notifications of the channel so you are kept abreast of the latest article hacking tutorials thank you so much once again for watching

Info

Channel: Loi Liang Yang

Views: 32,460

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp, sqli, sql injection

Id: RF5btkpEevM

Channel Id: undefined

Length: 7min 54sec (474 seconds)

Published: Thu Aug 11 2022