Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,660 --> 00:00:05,340
In the previous video, we have seen how Arabised sequel injection can be exploited.
2
00:00:05,940 --> 00:00:13,510
Now let's see how we can use an automated tool called Eskil Map to dump information from the database.
3
00:00:13,920 --> 00:00:19,800
Now, before we understand how to use a sequel map, let's try to exploit an application manually and
4
00:00:19,800 --> 00:00:23,370
try to find all the difficulties we face in some applications.
5
00:00:23,850 --> 00:00:27,600
And then we will see how Eskil Map can help us in such cases.
6
00:00:28,050 --> 00:00:32,640
To do this, I'm going to open the bookshelf application in my case.
7
00:00:32,640 --> 00:00:41,400
Once again, the bookshelf application is hosted at 192 168 one or five and the number is eight zero
8
00:00:41,400 --> 00:00:46,060
eight zero and the application is available at bookshelf.
9
00:00:47,520 --> 00:00:51,820
OK, so the login page is vulnerable to sequel injection.
10
00:00:51,840 --> 00:00:53,320
We have discussed it earlier.
11
00:00:53,940 --> 00:01:03,120
Now, what we are going to do is if you try to enter Bob and Bob here, it is going to argue in what
12
00:01:03,120 --> 00:01:06,260
if you enter some descriptions, it won't end of you.
13
00:01:07,080 --> 00:01:13,470
So if you observe the parameters that are being passed from this login page are not visible in the yuan,
14
00:01:13,920 --> 00:01:17,250
which means this page is most likely using post method.
15
00:01:17,550 --> 00:01:23,430
So instead of entering the sequel injection payloads on the login page, it is a good idea to use a
16
00:01:23,430 --> 00:01:26,850
proxy tool which can ease the process of injection.
17
00:01:27,420 --> 00:01:30,390
So I'm going to use the warp speed to do this.
18
00:01:31,080 --> 00:01:35,100
Let me open my terminal and launch Bob's sweet.
19
00:01:37,760 --> 00:01:41,540
This is a community tradition that comes preinstalled with Kali Dynex.
20
00:01:44,630 --> 00:01:47,990
Let's click next and Steinbrück.
21
00:01:50,610 --> 00:01:56,850
To be able to send the traffic to this proxy tool, we will have to change the proxy settings in our
22
00:01:56,850 --> 00:01:57,420
browser.
23
00:01:58,020 --> 00:02:01,180
So I'm going to change in the proxy settings in my browser here.
24
00:02:01,380 --> 00:02:06,870
I'm opening the preferences and let's search for proxy.
25
00:02:10,030 --> 00:02:17,860
And let's change the settings to manual proxy configuration and 127 zero zero one is the localhost IP
26
00:02:17,860 --> 00:02:23,590
address, which is where Boxwood is running and it listens on Port Adelaide.
27
00:02:23,590 --> 00:02:25,540
So we can quickly check that.
28
00:02:26,140 --> 00:02:30,050
You can see that here it is listening on Port eight zero eight zero.
29
00:02:30,820 --> 00:02:33,360
So we are using Port X rated R here.
30
00:02:33,790 --> 00:02:36,940
So let's click OK and close this.
31
00:02:37,390 --> 00:02:43,660
And if you come back to this logging page and into something, it will be intercepted by this proxy.
32
00:02:44,140 --> 00:02:50,330
So let's go to proxy intercept and let's make sure that intercept is set to go on.
33
00:02:51,130 --> 00:02:57,570
Now, let's go back to the login page and enter some test credentials and click login.
34
00:02:59,260 --> 00:03:02,240
As you can see, the request is intercepted.
35
00:03:02,770 --> 00:03:06,600
Now, Bob Speed comes with a very good feature called Repeater.
36
00:03:07,270 --> 00:03:14,320
This feature allows you to repeatedly sending the request from within the box itself without requiring
37
00:03:14,320 --> 00:03:16,600
you to log into the application multiple times.
38
00:03:17,080 --> 00:03:20,740
So for that reason, we are going to send this request to repeater.
39
00:03:23,480 --> 00:03:30,800
OK, we can now temper these parameters and try to inject sequel induction payloads every time we do
40
00:03:30,800 --> 00:03:35,250
that, we can just hit send here and it is going to send a request to the server.
41
00:03:35,750 --> 00:03:37,860
So let me quickly show you an example.
42
00:03:38,270 --> 00:03:42,880
First, let's try to send this request without modifying anything.
43
00:03:45,170 --> 00:03:51,680
There is a 200, OK, and it seems like there is a message which says invalid username or password.
44
00:03:52,400 --> 00:03:58,700
Now let's add a single chord like we did earlier with Ed based sequel injection attempt.
45
00:03:59,960 --> 00:04:09,710
And it said, look at that, there is a five hundred error and there seems to be a Java null pointer
46
00:04:09,710 --> 00:04:14,580
exception, which is possibly coming from this file called Databased or Java.
47
00:04:14,750 --> 00:04:17,550
There is no specific information about sequel queries.
48
00:04:17,690 --> 00:04:21,210
What we can see that the single code is causing some exceptions.
49
00:04:21,920 --> 00:04:24,200
Now, let's add one more thing in code.
50
00:04:24,200 --> 00:04:29,350
And if this error disappears, that confirms that this application is vulnerable.
51
00:04:29,360 --> 00:04:30,280
The sequel injection.
52
00:04:30,830 --> 00:04:34,390
So let's click, send and look at that.
53
00:04:34,730 --> 00:04:37,480
This time we have gotten the status code two hundred.
54
00:04:38,000 --> 00:04:44,360
Let's add one more single code here just to confirm that this is because of the sequel injection I'm
55
00:04:44,360 --> 00:04:45,340
clicking send.
56
00:04:46,250 --> 00:04:49,640
And as expected, we have gotten an exception once again.
57
00:04:50,720 --> 00:04:56,740
So this confirms that this application is Wallabadah, the sequel injection now like we did earlier.
58
00:04:56,810 --> 00:04:59,050
Let's try to use the order by statement.
59
00:05:00,200 --> 00:05:09,530
I'm just going to put a single court order by one action and let's click send.
60
00:05:10,910 --> 00:05:12,560
Seems like there is no error.
61
00:05:13,740 --> 00:05:14,880
Let's try it.
62
00:05:17,750 --> 00:05:18,480
There is an error.
63
00:05:19,370 --> 00:05:22,040
This means the table doesn't have 100 columns.
64
00:05:22,040 --> 00:05:22,340
Right?
65
00:05:22,670 --> 00:05:27,370
So let's reduce the number to probably five and try again.
66
00:05:29,600 --> 00:05:31,150
Once again, there is an exception.
67
00:05:31,160 --> 00:05:32,570
So bring it down to four.
68
00:05:36,470 --> 00:05:38,410
Once again, there is an error.
69
00:05:38,420 --> 00:05:39,950
So let's bring it down to three
70
00:05:43,160 --> 00:05:44,240
and no errors.
71
00:05:44,720 --> 00:05:49,810
This means the back end table has three columns with this information.
72
00:05:49,820 --> 00:05:53,720
Once again, let's try to use the select statement with Union.
73
00:05:58,440 --> 00:06:04,560
So I'm just going to delete this autobio and I'm going to use union.
74
00:06:07,340 --> 00:06:08,030
Select.
75
00:06:09,650 --> 00:06:15,830
One, two, three, and a comment, a little slick said.
76
00:06:18,490 --> 00:06:25,750
This time, it just redirects us to home GSB page, but it doesn't display any information for its.
77
00:06:27,030 --> 00:06:27,810
Let's try.
78
00:06:29,850 --> 00:06:30,780
Database of.
79
00:06:34,360 --> 00:06:41,290
Once again, the same there is no information that is being retrieved for us, so this seems like a
80
00:06:41,290 --> 00:06:42,560
blind sequel injection.
81
00:06:43,030 --> 00:06:48,670
The application is vulnerable to sequel edition, but we cannot see any information being displayed.
82
00:06:48,910 --> 00:06:52,600
So this kind of sequel injection is called Blind Sequel Injection.
83
00:06:53,200 --> 00:06:58,300
To extract information in such situations, we will have to use some complex queries.
84
00:06:58,540 --> 00:07:04,690
One example would be to use timeliness that becomes too complex for us to write manually and it is going
85
00:07:04,690 --> 00:07:05,770
to take a lot of time.
86
00:07:06,100 --> 00:07:09,980
So let's try to use an automated tool to do that for us.
87
00:07:10,420 --> 00:07:13,320
So what we are going to do is we'll use a skill map.
88
00:07:14,620 --> 00:07:24,930
I'm opening a new app and we can specify the are as well as the post barometer's can be tested as important
89
00:07:24,930 --> 00:07:25,930
to the skill map.
90
00:07:26,800 --> 00:07:34,030
The one good feature with a skill map is that it can read the request from a file so we can just simply
91
00:07:34,030 --> 00:07:39,220
save this request in a file and we can just pass it to sequinned map.
92
00:07:42,760 --> 00:07:46,390
Let's go right click copy to file.
93
00:07:49,870 --> 00:07:55,480
Let's say this is clearly not the extreme, let's say it.
9556
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.