1
00:00:01,290 --> 00:00:08,490
Now let's see if we can select and get and have a look on all the accounts that exist within this table

2
00:00:08,490 --> 00:00:17,150
so let's see if we can query the database and read the information stored in the accounts table to do

3
00:00:17,150 --> 00:00:18,020
that.

4
00:00:18,080 --> 00:00:24,980
We're going to first need to know the column names of the columns that exist within this table because

5
00:00:24,980 --> 00:00:31,920
if you look at the way we're using our statement we're doing unioned select column name from a table.

6
00:00:32,000 --> 00:00:35,570
So we still don't know what columns exist in accounts.

7
00:00:35,600 --> 00:00:41,390
Now we can try and guess that there is a username and password but sometimes they could be different

8
00:00:41,390 --> 00:00:41,850
names.

9
00:00:41,870 --> 00:00:47,010
So I'm going to show you how you can select the columns for a certain table.

10
00:00:47,120 --> 00:00:54,040
The command is going to be very similar to the tables come on and the only difference is instead of

11
00:00:54,050 --> 00:01:01,810
table name we're going to say column names and instead of selecting it from the information schema tables

12
00:01:02,080 --> 00:01:05,110
we're going to select this from information schema those columns

13
00:01:08,070 --> 00:01:10,710
and we're going to say where at the table name

14
00:01:13,810 --> 00:01:19,600
is equal to accounts because we're interested into the accounts table if you want to get columns for

15
00:01:19,600 --> 00:01:24,850
another table then you just substitute this with the table or with the contact with the table that you

16
00:01:24,850 --> 00:01:25,450
want.

17
00:01:25,810 --> 00:01:32,980
So our company is going to be union select one column name from the information schema or those columns

18
00:01:33,670 --> 00:01:39,520
where the table name is the table that we're interested in which is the accounts and this should show

19
00:01:39,520 --> 00:01:44,200
us all the columns that exist within the accounts table.

20
00:01:44,650 --> 00:01:45,820
So let's run this command

21
00:01:56,560 --> 00:02:03,020
and purrfect same columns that we've seen before and see ID username password.

22
00:02:03,070 --> 00:02:06,680
My signature is Aardman.

23
00:02:06,680 --> 00:02:12,400
Now let's take this one step further and select the user names and passwords from the account table.

24
00:02:13,410 --> 00:02:18,530
So again the command is going to be very similar to what we're running at the moment.

25
00:02:18,690 --> 00:02:20,260
We're going to be selecting.

26
00:02:20,670 --> 00:02:22,470
And we're going to select user name

27
00:02:26,970 --> 00:02:35,120
and I'm going to select the passwords for number two and for number three we're going to select the

28
00:02:35,220 --> 00:02:37,360
is admin.

29
00:02:37,360 --> 00:02:43,270
Now remember I can't select anything instead of number one and number five because they don't they're

30
00:02:43,270 --> 00:02:46,630
not they're never displayed for me on screen.

31
00:02:46,630 --> 00:02:52,230
The only thing that I see was number two three and four which were displayed here two three and four.

32
00:02:52,420 --> 00:02:58,150
So therefore I want to substitute in values for two three and four.

33
00:02:58,490 --> 00:03:00,480
And we're going to select that from my count

34
00:03:03,130 --> 00:03:04,690
and we're not going to need the word.

35
00:03:04,720 --> 00:03:06,730
So I'm going to delete the word.

36
00:03:07,540 --> 00:03:09,520
So very simple statement.

37
00:03:09,550 --> 00:03:14,430
We're selecting username password is oddment from the accounts.

38
00:03:14,710 --> 00:03:21,400
And this should return all the usernames and passwords that exist within the current table that exist

39
00:03:21,430 --> 00:03:22,850
in the accounts table.

40
00:03:32,080 --> 00:03:39,790
And I have an extra quote here that I'm going to delete and as you can see we've got all these rules

41
00:03:39,800 --> 00:03:43,300
and passwords we have the admin and their password is our impasse.

42
00:03:43,340 --> 00:03:46,390
We have other users and we have their passwords.

43
00:03:46,400 --> 00:03:50,540
And it also tells us whether they are admins or not.

44
00:03:50,660 --> 00:03:56,210
This is very useful because in most websites when you log in as admin you have so much more privileges

45
00:03:56,210 --> 00:03:57,470
than a normal person.

46
00:03:57,560 --> 00:04:03,800
And then you'll be able to upload ph Rochelle's or backdoor viruses whatever you want to do really.

47
00:04:03,860 --> 00:04:05,800
And then further exploit the system.

48
00:04:07,420 --> 00:04:15,780
So at the moment I can actually log in with a username admin and a password and Prowse and this can

49
00:04:15,800 --> 00:04:17,920
accept that because it's correct.

50
00:04:20,840 --> 00:04:26,750
So no matter how complicated the password was we're just going to be able to read it because we're reading

51
00:04:26,750 --> 00:04:28,420
it straight from the database.