1
00:00:00,180 --> 00:00:04,910
Hello everybody and welcome back to the next sartorial in penetration testing.

2
00:00:04,950 --> 00:00:12,250
Now right now we will start off by covering some of the basics of school and the basics of Eskil injection.

3
00:00:12,330 --> 00:00:17,190
So first of all for those of you who don't know we d ask you all injection.

4
00:00:17,190 --> 00:00:22,290
We basically make an interaction with the database itself.

5
00:00:22,290 --> 00:00:28,830
Now the database is mostly used to store information for example user name and usernames and passwords

6
00:00:29,100 --> 00:00:30,290
can be stored in database.

7
00:00:30,300 --> 00:00:36,000
And once you type them in a form the server queries the database and compares password you typed in

8
00:00:36,060 --> 00:00:38,150
with the password stored in the database.

9
00:00:38,160 --> 00:00:41,840
And if they match it will allow you to log in.

10
00:00:41,880 --> 00:00:49,680
So the example would be for example for any logging form that you encounter whether it is on the Instagram

11
00:00:49,680 --> 00:00:51,780
Twitter or any social media account.

12
00:00:52,170 --> 00:01:02,590
But it will do is once you type it in it will make a query to the ask you out database and it will compare

13
00:01:02,590 --> 00:01:08,530
it first of all it will probably cache your password and compare the hash password with the hash password

14
00:01:08,530 --> 00:01:10,900
stored in the database.

15
00:01:10,900 --> 00:01:14,920
And if they match you will be able to log in.

16
00:01:15,040 --> 00:01:23,710
So the problem here happens if the person who created that website didn't filter the user input well

17
00:01:23,710 --> 00:01:31,420
enough and didn't forbid some of the characters used to query the database.

18
00:01:31,420 --> 00:01:37,360
Now it can allow it can potentially allow the user to send as quote queries and gather a bunch of the

19
00:01:37,360 --> 00:01:40,700
information that he shouldn't really gather.

20
00:01:40,810 --> 00:01:49,850
It can also allow the user to delete the entire database if he wanted to now before we begin let me

21
00:01:49,850 --> 00:01:56,600
just open leaf right here and explain a little bit more what escrow is and how you query the database

22
00:01:57,320 --> 00:02:03,460
first of all the database is just a bunch of tables that are connected with the same system and that

23
00:02:03,470 --> 00:02:06,470
are also connected between each other.

24
00:02:06,590 --> 00:02:14,600
Now table what I mean by tables is basically table is a list that contains information for the same

25
00:02:14,600 --> 00:02:17,760
type of elements for example table of users.

26
00:02:17,810 --> 00:02:25,190
So you have a Facebook dot com for example and it probably has a database with a bunch of tables of

27
00:02:25,190 --> 00:02:29,710
users and the dos.

28
00:02:29,740 --> 00:02:36,520
The tables are basically consisted of rows and columns.

29
00:02:36,520 --> 00:02:44,920
So for example you could have the new row of user than below row called password for user than below

30
00:02:44,920 --> 00:02:51,220
row of the some of the other information for users a mobile phone email or basically any other information

31
00:02:51,220 --> 00:02:51,690
you want.

32
00:02:51,700 --> 00:02:55,750
It doesn't have to be anything linked with the user itself.

33
00:02:55,750 --> 00:03:03,580
It could be for example you visit an online shop and it sells I know flowers for example and you could

34
00:03:03,580 --> 00:03:09,820
have a table of different types of flowers right there and different types of information for those

35
00:03:09,820 --> 00:03:10,800
flowers.

36
00:03:10,870 --> 00:03:21,150
And once you search the online shop it queries for those for that database no how do we query a database.

37
00:03:21,150 --> 00:03:24,090
How do we actually interact with the database itself.

38
00:03:24,090 --> 00:03:26,920
Now there are there is in the Austrian language.

39
00:03:26,940 --> 00:03:34,130
It is not that hard to learn but in the astral injection it might seem a little tricky to get used to

40
00:03:34,130 --> 00:03:34,900
it.

41
00:03:35,120 --> 00:03:41,150
But once you learn some of the basic commands it is not that hard to continue learning it.

42
00:03:41,240 --> 00:03:55,670
Now some of the top commands would be create select update insert delete drop.

43
00:03:55,940 --> 00:04:04,070
Now these comments are used to query these database and they basically do as they say create will create

44
00:04:04,280 --> 00:04:05,000
database.

45
00:04:05,030 --> 00:04:13,160
Select will select a specific for example table in the database or specific column or row it doesn't

46
00:04:13,160 --> 00:04:13,970
matter.

47
00:04:14,130 --> 00:04:20,750
Update will basically update the database insert will insert a new element to the database or to the

48
00:04:20,750 --> 00:04:28,420
table itself and delete will delete a certain part of the database for example you want to delete a

49
00:04:28,430 --> 00:04:34,610
user he decided to for example close the account and you want to delete it from the database you will

50
00:04:34,610 --> 00:04:40,820
do it with D delete comment and drop basically delete the entire database itself.

51
00:04:40,820 --> 00:04:46,030
It can be very dangerous if the site is vulnerable to the actual injection.

52
00:04:46,040 --> 00:04:52,130
So for example let's say the Facebook portable to the actual injection and you just type the drop and

53
00:04:52,130 --> 00:04:53,400
the name of the database.

54
00:04:53,420 --> 00:05:01,970
You basically delete the entire database of users and passwords which would prevent it which would become

55
00:05:02,360 --> 00:05:04,040
a really big problem.

56
00:05:04,280 --> 00:05:10,340
But luckily Facebook is not vulnerable to the actual injection and most of the bigger web sites are

57
00:05:10,340 --> 00:05:12,320
an honorable to the Eskom injection.

58
00:05:12,560 --> 00:05:18,910
But some of the less known websites could be so.

59
00:05:19,070 --> 00:05:25,310
Also one more thing the comments delete and drop are not ridiculed that much by the attackers since

60
00:05:26,240 --> 00:05:33,440
loss of information is not the preferred method of the attack itself since attacker in most cases wants

61
00:05:33,440 --> 00:05:35,810
to gather information and not delete them.

62
00:05:37,910 --> 00:05:43,430
Now put yourself in the shoes of the attacker valuable to the attacker is the passwords and user names

63
00:05:43,430 --> 00:05:49,550
that he could gather for that account then deleting every account if he deleted every account he would

64
00:05:49,550 --> 00:05:51,350
just make a big problem.

65
00:05:51,350 --> 00:05:59,330
But if you gather all usernames and passwords he could basically log in as anybody to that website and

66
00:05:59,330 --> 00:06:01,110
that could prevent a huge problem.

67
00:06:01,130 --> 00:06:09,860
If that website was for example PayPal you could send a bunch of money to himself and he would probably

68
00:06:09,860 --> 00:06:14,130
get caught after some time but that isn't the point right here.

69
00:06:14,570 --> 00:06:20,880
Now the command out of all of these that you will use always is the select command.

70
00:06:20,960 --> 00:06:24,600
So this command is used to query the database.

71
00:06:24,620 --> 00:06:31,850
So for example you want to you find out the SPL ejection injection you want to select the table with

72
00:06:31,850 --> 00:06:35,110
the passwords you will do that with this comment.

73
00:06:35,180 --> 00:06:46,070
Now the the basic the will query will look something like this so select and then some kind of elements

74
00:06:46,740 --> 00:06:58,370
that elements from Table table where condition on connotation.

75
00:06:59,030 --> 00:07:06,950
So this is the basic query for the actual database we select some elements from some table where and

76
00:07:06,950 --> 00:07:08,770
then a certain condition.

77
00:07:08,840 --> 00:07:15,470
Now the type of that and the for the example for this command would be something like this let's say

78
00:07:15,620 --> 00:07:20,480
select Name Description

79
00:07:24,090 --> 00:07:35,180
price prompt products where price is less than fine ninety nine for example.

80
00:07:35,180 --> 00:07:40,960
Now this is the basic query database for a website that would possibly be some kind of the online shop.

81
00:07:40,970 --> 00:07:44,360
So we select the name of the product that we are searching for.

82
00:07:44,360 --> 00:07:50,900
The description of that name and the price of that name from all of the products where price is less

83
00:07:50,900 --> 00:07:52,690
than five ninety nine.

84
00:07:52,850 --> 00:07:59,570
And then once the user selects that somewhere the server prints out back all of the responses that are

85
00:07:59,570 --> 00:08:03,920
below 599 and that have name description and price for them.

86
00:08:05,000 --> 00:08:05,360
So

87
00:08:08,430 --> 00:08:11,120
it doesn't have to be a single thing that we specified right here.

88
00:08:11,130 --> 00:08:13,260
We can specify two things.

89
00:08:13,290 --> 00:08:17,670
So for example you could just type select for column A.

90
00:08:17,730 --> 00:08:28,500
So we want to circle a from table X where column some other column E equals employee

91
00:08:31,190 --> 00:08:39,660
and Column F basically equals one hundred now.

92
00:08:39,740 --> 00:08:46,730
As you can see you can also use these logical conditions which basically allows us to set two things

93
00:08:46,730 --> 00:08:47,540
right here.

94
00:08:47,540 --> 00:08:57,340
So we select column A from table X will column equals employee and Column F equals one hundred.

95
00:08:57,350 --> 00:09:00,930
So this is how the basic Kasriel query looks like.

96
00:09:00,980 --> 00:09:08,080
Now you might find it a little bit tricky but you should be able to understand it if you don't.

97
00:09:08,090 --> 00:09:14,050
However just search on the Internet some of the SVR basics and you will get used to it real fast.

98
00:09:14,090 --> 00:09:20,280
It is one of the easier languages but its syntax can be a little bit weird as we can see right here.

99
00:09:20,280 --> 00:09:25,250
This select from and where is typed in I typed it in capital letters.

100
00:09:25,250 --> 00:09:27,290
You don't have to if you don't want to.

101
00:09:27,290 --> 00:09:35,010
I just wanted to type it in the capital so I can show you the different parts of it.

102
00:09:35,040 --> 00:09:40,040
So this column is the part of the database these table X is part of the database.

103
00:09:40,050 --> 00:09:42,660
The column is also part of database.

104
00:09:42,700 --> 00:09:47,420
That's why I typed it in the letters and the Select form and where and.

105
00:09:47,520 --> 00:09:52,340
And basically conditions that we use to query the database now.

106
00:09:52,350 --> 00:09:59,040
Now to show you some of the basics of the SDL I just want to let us just continue in the next lecture

107
00:09:59,040 --> 00:10:04,630
with the exploitation and the attack of the Esko injection on the our OS political machine.

108
00:10:05,670 --> 00:10:09,240
So this was about it for this lecture as I said.

109
00:10:09,390 --> 00:10:16,320
If you want to just check out on the Internet about the scale bar and I will see you in the next video.

110
00:10:16,530 --> 00:10:19,360
Well we will be attacking our first target.

111
00:10:19,410 --> 00:10:21,450
So I hope I see you there and take a.