1
00:00:02,370 --> 00:00:02,720
OK.

2
00:00:02,740 --> 00:00:09,950
So now we know that we can put any code we want in here and it's going to be executed on the system.

3
00:00:10,130 --> 00:00:15,680
So let's have another look now in the statement so the statement says select star from accounts where

4
00:00:15,680 --> 00:00:21,170
user name was equal to the user name that we put here and passwords equal to the password that we put

5
00:00:21,170 --> 00:00:22,280
there.

6
00:00:22,280 --> 00:00:28,580
Let's see if we can use that to log in without using a password without even knowing the password.

7
00:00:28,580 --> 00:00:33,380
And I'm gonna be doing that with the admin so the admin will get the user name is going to be admin

8
00:00:36,530 --> 00:00:38,770
and I don't know what the password is for the admin.

9
00:00:39,110 --> 00:00:44,680
So what I'm going to do I'm just gonna put anything so nothing really.

10
00:00:44,680 --> 00:00:49,150
Any any random password and entry code.

11
00:00:49,150 --> 00:00:50,140
Well I should run here.

12
00:00:50,140 --> 00:00:53,380
We were doing and one is equal to one and or stuff.

13
00:00:53,380 --> 00:00:55,450
So what I'm gonna do is I'm gonna do.

14
00:00:55,450 --> 00:01:03,030
Or instead of and I'm gonna say one is equal to one so what our code is going to be once I run this

15
00:01:03,360 --> 00:01:04,490
once I inject this.

16
00:01:04,530 --> 00:01:09,000
This is going to go in here like we were doing before.

17
00:01:09,000 --> 00:01:12,360
So our code is going to look like this.

18
00:01:12,390 --> 00:01:19,130
So it's going to be select Sarah from accounts where user name is equal to admin and password is equal

19
00:01:19,130 --> 00:01:19,820
to AA.

20
00:01:19,850 --> 00:01:25,260
No this is wrong or one is equal to one which is right.

21
00:01:25,260 --> 00:01:29,550
So anytime you have an R if the R condition is right everything is right.

22
00:01:29,580 --> 00:01:31,470
That's the way our statement works.

23
00:01:31,470 --> 00:01:34,580
So select star form accounts for user names you call to admin.

24
00:01:34,620 --> 00:01:34,960
OK.

25
00:01:34,970 --> 00:01:38,220
User name is equal treatment and password is equal to a.

26
00:01:38,250 --> 00:01:39,540
That's wrong.

27
00:01:39,540 --> 00:01:40,580
Or ones you call two on.

28
00:01:40,600 --> 00:01:46,230
Okay I'll accept that and then it's actually going to execute it and let us log into the admin without

29
00:01:46,290 --> 00:01:49,060
even knowing the password for the admin.

30
00:01:49,140 --> 00:01:50,610
So let's try to inject this now

31
00:01:56,370 --> 00:02:02,630
and as you can see I was able to log in as admin and monkey is the signature for the admin.

32
00:02:03,120 --> 00:02:09,750
Now bypassing logins can be done in so many ways dependent on the code that's written on the page and

33
00:02:09,750 --> 00:02:14,310
dependent on the way you want to do it and how you imagine in the code and in all the cases when you

34
00:02:14,310 --> 00:02:17,100
put the single code here you won't see this message.

35
00:02:17,100 --> 00:02:22,290
Sometimes you do see it which makes your job so much easier if you don't then you kind of need to guess

36
00:02:22,290 --> 00:02:23,780
what it looks like.

37
00:02:23,820 --> 00:02:29,250
So I'm gonna show you another example of bypassing instead of injecting the code like this.

38
00:02:29,250 --> 00:02:34,700
The admin parameter is actually injectable as well as you see when I put the single quote the admin

39
00:02:34,720 --> 00:02:38,610
priority is injectable exactly the same way as the password.

40
00:02:38,610 --> 00:02:41,830
So we can inject code in the user name as well.

41
00:02:42,300 --> 00:02:43,620
And what I'm going to do now.

42
00:02:43,620 --> 00:02:45,260
So let's have a look on this.

43
00:02:45,380 --> 00:02:48,150
And I'm just going to reset it to the way it would usually look like.

44
00:02:48,180 --> 00:02:55,930
So you'd have and the username and password are the fields that you whatever you put in here are going

45
00:02:55,930 --> 00:02:59,550
to be substituted in the username and password.

46
00:02:59,550 --> 00:03:05,850
So let's try to inject something in the user name and what I'm going to say is I'm going to say user

47
00:03:05,860 --> 00:03:12,510
name is equal to admin and then I'm going to close the quote myself and then I'm going to add a comment.

48
00:03:12,510 --> 00:03:16,580
So my statement when I read this statement is going to look like this.

49
00:03:16,580 --> 00:03:22,590
And I'm actually just gonna copy it here and when I inject when I put this code in here in the in my

50
00:03:22,590 --> 00:03:26,220
name it's going to inject that in there.

51
00:03:27,580 --> 00:03:29,320
So this is what the code is gonna look like.

52
00:03:29,320 --> 00:03:34,270
It's gonna select staff from accounts where user name is equal to admin.

53
00:03:34,270 --> 00:03:40,620
I close the quote myself here using this right there and then I'm adding a comment.

54
00:03:40,620 --> 00:03:43,370
So basically all of this is not even gonna be executed.

55
00:03:43,890 --> 00:03:49,500
So the code is gonna be this it's gonna be select staff from accounts where user name is equal to admin

56
00:03:50,070 --> 00:03:54,600
and it's going to let me log in without even entering anything in the password.

57
00:03:54,600 --> 00:03:56,910
So let's do this.

58
00:03:57,080 --> 00:04:03,470
I'm gonna put my username as admin and I close the quote and add a comment and then you can put any

59
00:04:03,470 --> 00:04:10,160
password you want to read I'm just gonna put number one and I'm gonna log in and as you can see I managed

60
00:04:10,160 --> 00:04:19,050
to log in as admin so again and this is blackbox testing so you don't really see the code in many cases

61
00:04:19,050 --> 00:04:22,260
you want to be playing around with it and see how it works with you.

62
00:04:22,450 --> 00:04:28,440
But the main thing is you want to test if the ice kill injection exists and you'd use that using the

63
00:04:28,440 --> 00:04:30,530
method we showed you in the previous video.

64
00:04:30,600 --> 00:04:35,370
So try a single quote try the Army statement try f true and statement.

65
00:04:35,380 --> 00:04:40,620
So once you got one and then a false statement so one is equal to zero two is equal to zero.

66
00:04:40,740 --> 00:04:47,520
And if they work as expected then your target has an Eskil injection and you can start throwing around

67
00:04:47,540 --> 00:04:47,760
all.