1
00:00:01,090 --> 00:00:06,690
And this lecture and the next few lectures were going to be talking about a popular type of vulnerability

2
00:00:06,690 --> 00:00:14,350
is called Eskil injections before we start talking about how this occurs and how to exploit it.

3
00:00:14,350 --> 00:00:18,440
Let's first learn what Pascual is now for.

4
00:00:18,460 --> 00:00:25,060
If you're getting a pen test on a certain website chances are this Web site is a little bit bigger than

5
00:00:25,060 --> 00:00:29,500
smaller Web sites so it'll it's probably using a database.

6
00:00:29,500 --> 00:00:34,180
Most Web sites other than very simple Web sites use databases.

7
00:00:34,240 --> 00:00:36,760
And the databases are used to store data.

8
00:00:36,790 --> 00:00:43,720
So there are there are usernames passwords news articles blog posts pictures anything that anything

9
00:00:43,720 --> 00:00:46,930
that happens on the Web site literally is stored on a database.

10
00:00:46,930 --> 00:00:53,500
And the web application queries the database and then displays the data to you or to the users on screen

11
00:00:53,700 --> 00:00:55,150
when the users do something.

12
00:00:55,190 --> 00:01:01,430
It's either update delete or modify the data that exists in the database.

13
00:01:01,830 --> 00:01:08,430
This interaction between the web application and the database happens using language called you out.

14
00:01:09,360 --> 00:01:12,210
So let me show you what I mean by database.

15
00:01:12,210 --> 00:01:13,560
This is just an example.

16
00:01:13,620 --> 00:01:19,410
I'm not hacking and you think I'm literally just going to log in to the database that is installed on

17
00:01:19,410 --> 00:01:23,730
our first portable machine and then we're just going to see what's being stored on it.

18
00:01:24,270 --> 00:01:26,670
So I'm not doing any hacking.

19
00:01:26,670 --> 00:01:32,220
There is nothing here that nothing fancy just logging into my Eskew URL and then I'm put in the user

20
00:01:32,220 --> 00:01:37,820
name is rude and my the myth exploitable doesn't use passwords for the root which is really bad.

21
00:01:37,890 --> 00:01:40,960
But obviously it's a vulnerable system.

22
00:01:41,010 --> 00:01:45,570
So I'm just going to log in and I'm not hacking anything I'm not doing any SSL injections.

23
00:01:45,570 --> 00:01:52,710
This is just the terminal for my skill which the web application would use to interact with the database.

24
00:01:52,890 --> 00:01:57,880
So I'm just trying to show you what I mean by databases and what saved in there.

25
00:01:57,990 --> 00:02:07,020
So the first thing I'm going to do is I'm just going to type in show databases and that'll show us the

26
00:02:07,020 --> 00:02:13,770
databases that exist on our target server and we can see that we have the information schema.

27
00:02:13,770 --> 00:02:20,190
This is a default database that holds default information information about all the other databases.

28
00:02:20,190 --> 00:02:22,790
So this one gets gets installed by default.

29
00:02:22,800 --> 00:02:30,650
When you install my school the rest have been installed for each web application so we can see we have

30
00:02:30,650 --> 00:02:32,020
one for two weeks.

31
00:02:32,330 --> 00:02:34,370
We have one for us 10.

32
00:02:34,390 --> 00:02:43,970
And that's for this one with all day.

33
00:02:43,990 --> 00:02:46,330
We also have one called my desk.

34
00:02:46,340 --> 00:02:52,960
Well we have one called me to exploit and one for DV W.A. which is the one that we've been using the

35
00:02:52,960 --> 00:02:59,470
web application so you can see for each web application we actually have a database and this database

36
00:02:59,470 --> 00:03:03,790
holds the information that is used by that web application.

37
00:03:03,790 --> 00:03:05,260
Let me show you what's in there.

38
00:03:05,260 --> 00:03:16,950
So I'm going to use the 0 us 10 database so this is the one that is again this is the one for Michelle

39
00:03:16,970 --> 00:03:23,890
de for this web application and we can see the tables so each database has a table tables and tables

40
00:03:23,900 --> 00:03:25,100
there's information.

41
00:03:25,100 --> 00:03:29,300
So I'm gonna say to our tables to see the tables that we have.

42
00:03:31,350 --> 00:03:37,030
And you can see we have a table for accounts so you can assume that this table has information about

43
00:03:37,180 --> 00:03:40,950
the user names passwords and information about the users.

44
00:03:40,990 --> 00:03:48,280
We have a table for blogs so probably has the blog and puts the posts and the comments in there and

45
00:03:48,510 --> 00:03:50,700
you can see captured data credit cards.

46
00:03:50,730 --> 00:03:52,680
So there is a table that contains credit cards.

47
00:03:52,670 --> 00:03:54,840
Now this is huge for shopping Web.

48
00:03:54,840 --> 00:04:00,030
They actually would have credit cards table and the information for the credit cards would be stored

49
00:04:00,030 --> 00:04:00,530
there.

50
00:04:00,540 --> 00:04:06,990
Basically the database will store everything all the data that is used on the Web site because they

51
00:04:06,990 --> 00:04:08,280
don't get stored on files.

52
00:04:08,280 --> 00:04:09,480
It's not efficient.

53
00:04:10,110 --> 00:04:12,210
So let's have a look on the accounts.

54
00:04:12,210 --> 00:04:15,380
And if I just say select.

55
00:04:15,420 --> 00:04:21,570
So this is exactly how the web application would be retrieving information from the database.

56
00:04:21,570 --> 00:04:24,390
It will be selecting stuff updating or deleting.

57
00:04:24,390 --> 00:04:26,430
So I'm doing a select statement here.

58
00:04:26,460 --> 00:04:31,830
Again this is not hacking I'm not doing anything just selecting stuff and I'm going to select star which

59
00:04:31,830 --> 00:04:34,640
means everything from accounts

60
00:04:41,390 --> 00:04:42,030
for a fee.

61
00:04:42,050 --> 00:04:44,100
And as we can see we can get.

62
00:04:44,330 --> 00:04:50,450
We have the account I.D. the user name the password and then the signature for the person.

63
00:04:50,450 --> 00:04:52,410
And if that person is an admin.

64
00:04:52,520 --> 00:04:57,860
Now these columns depend on the table so it's actually the person who designs the database designs the

65
00:04:57,860 --> 00:04:59,840
tables the columns as well.

66
00:04:59,840 --> 00:05:05,390
And then the data gets inserted by the web application so it can see that we have a user called admin

67
00:05:05,540 --> 00:05:11,000
and their password is admin pass we can see we have a user called Adrian and their password is some

68
00:05:11,000 --> 00:05:12,050
password.

69
00:05:12,050 --> 00:05:19,240
So this is just to show you what databases look like and just to get a feel on it because in the future

70
00:05:19,240 --> 00:05:24,130
videos we're going to try to exploit these databases and have access similar to this.

71
00:05:24,160 --> 00:05:26,620
So this I've just logged in with the username and password.

72
00:05:26,620 --> 00:05:29,920
Now usually you wouldn't have access like this.

73
00:05:29,920 --> 00:05:34,990
Only the web admin would have that access in the future videos.

74
00:05:34,990 --> 00:05:41,470
We're going to try to run some attacks in order to gain access similar to this so that we'll have full

75
00:05:41,470 --> 00:05:47,080
control over the database so that we can read stuff and see if we can write or modify things.