Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,510 --> 00:00:09,000 Let's type a scale map and let's fill in the file that we have just saved by using the option dash are 2 00:00:10,020 --> 00:00:13,580 and let's provide the file as input Escuela. 3 00:00:15,180 --> 00:00:21,870 Now, there are a lot of options that we can use with a scale map, but to keep it simple, I'm just 4 00:00:21,870 --> 00:00:27,550 going to show you the most commonly used options when exploiting sequel injection vulnerabilities. 5 00:00:28,230 --> 00:00:35,760 So in this process, the first thing that we do is to dump the databases available that can be done 6 00:00:35,790 --> 00:00:38,670 using dash dash DBS option. 7 00:00:39,210 --> 00:00:46,140 If you hit enter a skill map is going to dump the list of databases by exploiting the sequel injection 8 00:00:46,150 --> 00:00:53,190 vulnerability in the login page, specifically by using the one that will perimeter's username and password. 9 00:00:53,880 --> 00:01:03,180 In fact, we can specify which parameter we want to exploit by using the option dashboard so that the 10 00:01:04,260 --> 00:01:12,390 user, when we specify the parameter ESKIL map is going to test for a skill injection only using this 11 00:01:12,390 --> 00:01:13,590 specific parameter. 12 00:01:14,220 --> 00:01:18,750 So we can do that if we are specifically testing one single parameter. 13 00:01:19,500 --> 00:01:23,730 Otherwise, a scale map is going to test all the available parameters. 14 00:01:24,390 --> 00:01:28,620 OK, so let's remove this and let's get into. 15 00:01:31,430 --> 00:01:39,170 I have run this command earlier, so Eskil Map is using the previously stored resource, I haven't removed 16 00:01:39,170 --> 00:01:41,840 those results just to keep the demo faster. 17 00:01:42,170 --> 00:01:47,900 Otherwise it is going to take longer to exploit this because it's a blind SQL injection vulnerability 18 00:01:48,530 --> 00:01:51,440 in your case, since you're doing it for the first time. 19 00:01:51,710 --> 00:01:55,670 It may take longer when Eskil Map shows this output to you. 20 00:01:56,530 --> 00:02:04,520 OK, so in the output we can see that there are a few databases we have gotten and what we are interested 21 00:02:04,520 --> 00:02:07,420 in is the user's table, which is here. 22 00:02:07,940 --> 00:02:18,470 So let's clear the screen and let's change this scale map command to specifically tell a skill map to 23 00:02:18,470 --> 00:02:22,330 dump tables from the user's database. 24 00:02:22,880 --> 00:02:30,200 So to do that, I'm specifying the database by using the Bagby B flag and I'm instructing a skill map 25 00:02:30,440 --> 00:02:34,080 to dump the tables by using dash dash tables flag. 26 00:02:34,670 --> 00:02:40,340 So let's hit enter and see if we can get the list of tables from the user database. 27 00:02:44,210 --> 00:02:51,410 Look at that, we have got in two tables from the users database, the first table is admin and the 28 00:02:51,410 --> 00:02:53,360 second table is users. 29 00:02:54,170 --> 00:03:02,310 We can dump the column names from both these tables by specifying dash dash columns option. 30 00:03:02,420 --> 00:03:10,610 So let's remove this dash dash tables and let's replace that with the columns where at the same time 31 00:03:10,610 --> 00:03:15,340 we will have to specify which table we want to dump these columns from. 32 00:03:15,830 --> 00:03:18,790 So that can be done by using the nasty flag. 33 00:03:19,160 --> 00:03:23,750 So I'm just going to use the user's table from the user's database. 34 00:03:24,410 --> 00:03:26,240 OK, so let's hit enter. 35 00:03:28,630 --> 00:03:35,530 Once again, the list of columns are dumped very quickly because I have run this command earlier. 36 00:03:36,850 --> 00:03:42,260 Now we can see that there are three columns here, idy password and username. 37 00:03:42,970 --> 00:03:47,820 Now, what we are interested in is to dump the actual data from this table. 38 00:03:48,520 --> 00:03:51,510 So I'm just going to clear the screen once again. 39 00:03:54,730 --> 00:04:03,730 And just add dash, dash dump at the end, when we run this command, Eskil map is going to dump all 40 00:04:03,730 --> 00:04:08,500 the content from the user's table, which is in the user's database. 41 00:04:09,220 --> 00:04:12,400 OK, so let's hit enter and see what we get. 42 00:04:14,870 --> 00:04:22,790 Look at that, there are three entries in the user's table with three different users, admin Bob and 43 00:04:22,790 --> 00:04:23,120 John. 44 00:04:23,900 --> 00:04:26,150 This is how sequinned map can be used. 45 00:04:26,780 --> 00:04:30,340 There are many more options that can be used with a skill map. 46 00:04:30,560 --> 00:04:37,010 I would recommend you to go through the ESKIL maps, help options and see what else can be done using 47 00:04:37,010 --> 00:04:37,910 a skill map. 48 00:04:38,780 --> 00:04:39,980 That's all for this video. 49 00:04:40,280 --> 00:04:41,560 See you in the next one. 5430