1 00:00:01,270 --> 00:00:07,160 This lecture and the next few lectures we're going to be talking about a popular type of vulnerabilities 2 00:00:07,180 --> 00:00:10,310 called Escurial injections. 3 00:00:10,530 --> 00:00:16,410 Before we start talking about how this occurs and how to exploit it let's first learn what security 4 00:00:16,470 --> 00:00:24,180 is now for if you're you're an apprentice on a certain website chances are this Web site is a little 5 00:00:24,180 --> 00:00:26,250 bit bigger than smaller Web sites. 6 00:00:26,310 --> 00:00:29,550 So it will it's probably use in a database. 7 00:00:29,550 --> 00:00:36,850 Most web sites other than very simple websites use databases and the databases are used to store data. 8 00:00:36,850 --> 00:00:44,280 So there are usernames passwords news articles blog posts pictures anything that anything that happens 9 00:00:44,280 --> 00:00:50,340 on the website literally is stored on a database and web application which is in the database and then 10 00:00:50,340 --> 00:00:56,640 displays the data to you or to the users onscreen when the users do something it'll either update delete 11 00:00:56,730 --> 00:01:04,440 or modify the data that exists in the database this interaction between the web application and the 12 00:01:04,440 --> 00:01:05,160 database. 13 00:01:05,220 --> 00:01:08,630 Happens using language called ask you out. 14 00:01:09,430 --> 00:01:12,250 So let me show you what I mean by database. 15 00:01:12,250 --> 00:01:13,660 This is just an example. 16 00:01:13,690 --> 00:01:14,820 I'm not hacking anything. 17 00:01:14,830 --> 00:01:21,640 I'm literally just going to log in to the database that is installed on our political machine and then 18 00:01:21,640 --> 00:01:24,340 we're just going to see what's being stored on it. 19 00:01:24,340 --> 00:01:26,740 So I'm not doing any hacking. 20 00:01:26,740 --> 00:01:28,050 There is nothing here. 21 00:01:28,090 --> 00:01:31,040 Nothing fancy just logging into my ask help. 22 00:01:31,240 --> 00:01:36,850 And then I'm putting the user name is root and my the potable doesn't use the password for The Root 23 00:01:36,850 --> 00:01:40,920 which is really bad but obviously it's a vulnerable system. 24 00:01:41,080 --> 00:01:45,590 So I'm just going to log in and I'm not hacking anything I'm not doing any Escorial injections. 25 00:01:45,610 --> 00:01:52,180 This is just the terminal for my ask you of which the web application would use to interact with the 26 00:01:52,180 --> 00:01:52,940 database. 27 00:01:52,960 --> 00:01:57,980 So I'm just trying to show you what I mean by databases and what's saved in their. 28 00:01:58,080 --> 00:02:07,070 So the first thing I'm going to do is I'm just going to type in show databases and that'll show us the 29 00:02:07,070 --> 00:02:13,770 databases that exist on our target server and I can see that we have the information schema. 30 00:02:13,820 --> 00:02:20,230 This is a default database that holds default information information about all the other databases. 31 00:02:20,240 --> 00:02:26,450 So this one gets gets installed by default when you answer my ask you all the rest have been installed 32 00:02:26,630 --> 00:02:32,200 for each web application so we can see we have 140 we keep. 33 00:02:32,420 --> 00:02:44,050 We have one for us 10 and that's for this one with all day. 34 00:02:44,070 --> 00:02:51,570 We also have one called Masquerier Well we have one called Mrs. Floyd and one for the VW which is the 35 00:02:51,570 --> 00:02:57,060 one that we've been using the web application so you can see for each web application we actually have 36 00:02:57,580 --> 00:03:03,840 a database and this database holds the information that is used by that web application. 37 00:03:03,840 --> 00:03:12,170 Let me show you what's in there so I'm going to use the last turn database. 38 00:03:12,290 --> 00:03:18,950 So this is the one that is again this is the one for Mattel day for this web application. 39 00:03:19,290 --> 00:03:22,500 And we can see the table so it's database as a table. 40 00:03:22,500 --> 00:03:25,140 Tables and tables there is information. 41 00:03:25,140 --> 00:03:33,130 So I'm gonna say Joe tables to see the tables that we have and you can see we have a table for our accounts 42 00:03:33,430 --> 00:03:39,620 so you can assume that this table has information about the user names passwords and information about 43 00:03:39,620 --> 00:03:40,990 the users. 44 00:03:41,020 --> 00:03:43,200 We have a table for blogs. 45 00:03:43,390 --> 00:03:47,730 So probably has the blog and puts the posts and the comments in there. 46 00:03:48,520 --> 00:03:50,780 You can see capture data on credit cards. 47 00:03:50,780 --> 00:03:52,700 So there a table that contains credit cards. 48 00:03:52,700 --> 00:03:54,900 Now this is huge for shopping websites. 49 00:03:54,900 --> 00:04:00,080 They actually would have credit cards they will and the information for the credit cards will be stored 50 00:04:00,080 --> 00:04:00,570 there. 51 00:04:00,590 --> 00:04:07,220 Basically the database will store everything all the data that is used on the website because they don't 52 00:04:07,220 --> 00:04:08,330 get started on files. 53 00:04:08,330 --> 00:04:10,110 It's not efficient. 54 00:04:10,160 --> 00:04:15,390 So let's have a look on the accounts and if I just say select. 55 00:04:15,500 --> 00:04:21,610 So this is exactly how the web application will be retrieving information from the database. 56 00:04:21,610 --> 00:04:24,300 It will be select instead of updating or deleted. 57 00:04:24,470 --> 00:04:26,510 So I'm doing a select statement here. 58 00:04:26,510 --> 00:04:30,340 Again this is not hacking I'm not doing anything just collecting stuff. 59 00:04:30,380 --> 00:04:34,690 I'm going to select star which means everything from accounts 60 00:04:41,540 --> 00:04:44,040 was fee and as we can see if we can get. 61 00:04:44,380 --> 00:04:50,490 We have the account ID the username the password and then the signature for the person. 62 00:04:50,520 --> 00:04:52,500 And if that person is an oven. 63 00:04:52,570 --> 00:04:57,790 Now these columns depend on the table so it's actually the person who designed the database designs 64 00:04:57,790 --> 00:04:59,920 the tables the columns as well. 65 00:04:59,920 --> 00:05:03,250 And then the data gets inserted by the work application. 66 00:05:03,250 --> 00:05:07,960 So you can see that we have a user called admin and their password is admin pass. 67 00:05:08,080 --> 00:05:12,040 We can see we have a user called Adrian and their password the same password. 68 00:05:12,150 --> 00:05:19,270 So this is just to show you what databases look like and just to get a feel it because in the future 69 00:05:19,290 --> 00:05:24,210 videos we're going to try to exploit these databases and have access similar to this. 70 00:05:24,210 --> 00:05:26,640 So this I just logged in with a username and password. 71 00:05:26,640 --> 00:05:34,400 Now usually you wouldn't have access like this on the web admin would have that access and the future 72 00:05:34,400 --> 00:05:41,060 videos we're going to try to run some attacks in order to gain access similar to this so that we will 73 00:05:41,060 --> 00:05:47,110 have full control over the database so that we can read stuff and see if we can write or modify things.