SQL Injection For Beginners - Learn From A Pro Hacker Now

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
and today i'll be teaching you structured query language injection [Music] sqli right in front of us we have open web application security project brics so this is a vulnerable web application platform for us to load our sql injection and payloads into the website so that we can gain access into different components of the database system and the database systems houses all these sensitive data records like usernames email addresses passwords whether the passwords are protected using hashes or not either way we'll learn about how to break into those passwords too and that is really scary because the first part is learning about how can we manually run our injection payloads into the site the second part is we can identify vulnerable parameters very very quickly and be able to pull out lots of information easily from a highly automated sql injection tool and this is frightening because it speeds up the whole process of penetration testing into any website any web application platform so right in front of us we have open web application security project breaks and if you see right here this is a website and this could be an informational site it could be a login site it could be a site that provides e-commerce services whichever the case is so if we go to the top right corner we have this particular section called login pages so let's go ahead and click on it so once you're in this is a wonderful way for you to learn about penetration testing onto any web application sites so right here all i got to do is click under say the first part which is basic login so let's go ahead and click on it and here it stays the following you are not logged in and the first thing that you want to do whenever you reach into any site is to go through what i call a happy journey map meaning that this is what is to be expected from the outcome of the logic that is being built into the web application system so if i go ahead and enter say for example a username called loyolanya okay and i enter some random password and click submit and of course right here it says the following wrong username or password and you see one more particular notification at the bottom one message here which is the feedback and this is useful for you to picture what is going on behind the website as the application server tries to connect to the database and pull out query from the database system and the database houses all these records like usernames passwords email addresses and so on and so forth so it has a lot of personal and sensitive data so right here what we can see is that we have the following i'm going to copy this i'm going to go ahead and open up say a text editor and i will call it say i'll use mousepad okay and we can go ahead and open it up and i can do a right-click and paste it right here and we can see over here and this is how the application servers talk to the database literally so here we have select star which is all from users where name equal all right followed by a password and this is the query that is being sent over from the application server into the database and right here what we can notice is that we are trying to find ways of bypassing the security mechanism and see we know what is the name perhaps that there is a username that we could find on linkedin as part of information gathering we could find on facebook about the employees of the company all right or even in the website itself they could have a particular page that shows the employees who are working in the company as a directory and so on so many different ways to do reconnaissance to do information gathering so here all you got to do is say enter someone you know so it could be tom right so in this case and we have the password field so what we can do so in a sql query what we need to do is to ultimately get a true statement so all i got to do now is to enter the following say we have no idea what is the password we can enter or okay one equal one okay and let us try and insert this into the login page and look at what happens so here i can go back into the website i can enter tom and what i'll do next is to go ahead and copy and paste the payload that we have just created right here so i can go ahead and copy this and i'll paste it into the password field so once i paste it i'll click submit and let's see what happens that's it we have successfully logged into the site successfully log in and as you see at the bottom select all from users with name equal tom and password okay is as such or one equal one and what does or one equal one means right so if you remember back in school one equal one is true and it always is true or one equal one means that it will always be true though this statement is always true and as such as a result of that the web application server will issue you say a cookie a session cookie whichever the case is and you will gain access into the site a lot of sites are pretty secure now and they would have different layers of security so one of those particular word lists that you want to look out for is actually the word list that could help us find out whether okay we have different kind of payloads that we can utilize as part of the sql injection and we have over here we have general injections other strats vulnerabilities web services so let's go ahead and cd and change directory into injections enter ls and i can do say for example hey sql.txt so these are all the different kind of payloads that you can inject into the site literally and this is how we can identify whether this particular input field is vulnerable to it so i can enter cad sql.txt hit enter on this and we can see all these different sql payloads that you can inject into the page say for example your single code your double code didn't work then what can we do what we can do now is to use other forms of payloads here that you can see to run the attack against that specific parameter and see whether we're able to ultimately get an error page all right or to get some kind of response from the server that is different from what is normal and that's the whole idea behind sql injection and next up what i want to introduce to you is a way for us to do a highly automated matter in terms of finding out whether the input fields are vulnerable so what i can do now is go ahead and go to the top right corner i can use foxy proxy and we'll click under burp suite so this would enable the proxy to intercept our posts into the site so all i got to do now is just go ahead and enter burp suite so i can launch purpose directly from here so that we can see what kind of post is being sent over into the site okay so here i can delete the following temporary file i will not update now click next use burp defaults and right here we have the burp suite community edition and we click on the proxy tab and ensure the intercept is on so here we can see that intercept is on so that's great so what we can do next is to go ahead and enter some normal value and go ahead and click submit and that will get intercepted immediately by purpose as you can see right here so what i can do now is to copy the entire post all right the entire post request and copy it and what i will do now is to save it into a file all right so i'll save it into a file and i can go ahead and save this file all right so let's go ahead and say create a file and let's name it as owops break sql injection okay so let's go ahead and do a touch or whoops breaks injection okay hit enter on this and what i can do next is use mousepad open up this particular file alright so open it up and we can see right here and i can paste it and i can save it so let's go ahead and save the information so this is owasp brix injection okay so what i can do next is to go ahead and use sql map to help us target the parameter automatically to find out whether it is injectable whether it is vulnerable to structure query language injection so all i can do now is enter sql map okay followed by dash r to specify the file that we have just created which is the post request so we have owls breaks injection all right and next what we can do is to specify the target parameter so in this case we can enter the following all right so we can enter dash followed by p right so this is the parameter that we're gunning for so enter username so hit enter on this and you can see right here all right it looks like the backend dbms is my sequel do you want to skip task payloads specific for other database management systems so very very quickly we are able to identify vulnerable parameters so as you can see here username might be injectable so that's one mysql database and two might be also vulnerable to cross-site scripting which we will do up on a separate tutorial fully about cross-site scripting attacks so do we want to skip yes so they could save us a lot of time and do you want to include all right all tasks for mysql extending provider level all right so let's go ahead and enter yes for this and right here it is running all those injections into this particular parameter to see whether we're able to probe the database whether we are able to bypass the web application checks the sanitization and very quickly right here we can see that the following time-based blind is injectable meaning that we have found a way for us to bypass the security checks and get full control of the database just like that very very quickly we are able to identify the vulnerable parameter and what we can do next is the following do you want to retry define proper union column types with fuzzy tests so enter a no for this okay injection not exploitable with null values do you want to try the random integer value for option union corrector right so enter yes on this and again they're highlighting recommended steps that you can technics in sql maps so this is a fantastic tool highly automated to test your web application systems to look at vulnerabilities whether they are injectable and at the same time if you're opening up a web application firewall and you're keen to see whether you're able to detect all these different kind of payloads coming in again this will be a wonderful way for you to add in those checks and sanitization and the same time detection capabilities so that you can block anyone who is using these tools to hijack into your website next up all right do you want to try the random value all right enter yes on this and it states the following okay post parameter username is vulnerable do you want to keep testing the others if any all right so there's no need for that so let's go ahead and right here we got the following details sql map identified the phone injection points with a total of four two three http requests so another way in terms of defense is to also look at the trash hole that you have as the web requests coming in from a particular ip address so if an ip address was probing your website much more than what is considered as normal so your normal user go to your website they do a login they search for some products and then the checkout and that could be possibly say 20 30 requests on average per minute it's almost come in with over 400 requests over a minute so there could be something malicious that the user is trying to do into your website and you want to actually block that specific ip address or all those different kind of payloads from coming into your website which could then ultimately give them further access into different parts of the site so going back to tutorial here so we managed to identify the backend database management system is mysql so very quickly we found out that we have the parameter all right and boolean based blind and time based line so this particular parameter is vulnerable to this two different payloads all right these two different type of attacks under sql injection so what we can do next is to go ahead and enter w dom hit enter on this and it will try to dump out all the values all the columns all the rows all the cells inside the database system so right here we can find out the following all right before you even scroll down further we can look right here we have the columns for table users and then we have the id users name email password host all right and we scroll down further we can get all the retrieve information so we literally got the username the email address right here admin tom get mantra.com if we scroll down further we have harry we have ron okay do you want to store hashes to a temporary file so if you're doing any kind of password cracking you can store this to a temporary file for our case we are not going to do that so i entered no for this and you want to crank them via dictionary base attack why not all right so let's see what is the password being stored for certain users inside the database system so enter yes for this and this is our dictionary file so there is a word list inside usr share sql map so hit enter on this do you want to use common passwords to fixes so enter no so again right here we are doing dictionary based cracking immediately and over here we can see the whole list of all the users all right the email addresses and over here we have the following password for you we managed to correct it in seconds so very quickly we are able to see all the data that is housed behind the web application server inside the database so you saw how quickly we're able to get all the sensitive data personal information of the entire website using sql injections we learned about manual sql testing we also learn about using automated tools like sql map to help us gain unauthorized access into the entire site and is very very scary so you got to protect your website against all these possible trads as quickly as you can using layer 7 using layer 4 looking at a threshold request coming in looking at all the different kind of payloads that's heating into your web application firewall detect those as quickly as you can and block those users from further access into your website else they would be able to do all sorts of funny things on your site so once again i hope you have learned something valuable in today's tutorial and like share and subscribe to channel so that you can keep abreast of the latest cyber security tutorial thanks so much once again for watching
Info
Channel: Loi Liang Yang
Views: 547,267
Rating: undefined out of 5
Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp, sqli, sqlmap
Id: cx6Xs3F_1Uc
Channel Id: undefined
Length: 13min 28sec (808 seconds)
Published: Sat May 01 2021
Related Videos
Linux for Ethical Hackers (Kali Linux Tutorial)
freeCodeCamp.org
2.9M
Network Security 101: Full Workshop
SecureSet
1.7M
Basics of SQL Injection - Penetration Testing for Ethical Hackers
freeCodeCamp.org
94K
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
freeCodeCamp.org
1.2M
Hacking Websites with SQL Injection - Computerphile
Computerphile
2.1M
MySQL Tutorial for Beginners [Full Course]
Programming with Mosh
5.2M
Advanced SQL Injection Tutorial! Learn From A Pro Hacker Now!
Loi Liang Yang
36K
apt, dpkg, git, Python PiP (Linux Package Management) // Linux for Hackers // EP 5
NetworkChuck
290K
you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows)
NetworkChuck
3.2M
Metasploit For Beginners - How To Scan And Pwn A Computer | Learn From A Pro Hacker
Loi Liang Yang
168K
the Linux File System explained in 1,233 seconds // Linux for Hackers // EP 2
NetworkChuck
676K
Remotely Control Any Phone
Loi Liang Yang
312K
Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!
Loi Liang Yang
200K
This should NOT be in $10K Dell switches... or a HPE supercomputer
ServeTheHome
24K
$0 for Enthusiast Tech!? DUMPSTER DIVING!
Tech YES City
43K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.