1
00:00:01,270 --> 00:00:07,160
This lecture and the next few lectures we're going to be talking about a popular type of vulnerabilities

2
00:00:07,180 --> 00:00:10,310
called Escurial injections.

3
00:00:10,530 --> 00:00:16,410
Before we start talking about how this occurs and how to exploit it let's first learn what security

4
00:00:16,470 --> 00:00:24,180
is now for if you're you're an apprentice on a certain website chances are this Web site is a little

5
00:00:24,180 --> 00:00:26,250
bit bigger than smaller Web sites.

6
00:00:26,310 --> 00:00:29,550
So it will it's probably use in a database.

7
00:00:29,550 --> 00:00:36,850
Most web sites other than very simple websites use databases and the databases are used to store data.

8
00:00:36,850 --> 00:00:44,280
So there are usernames passwords news articles blog posts pictures anything that anything that happens

9
00:00:44,280 --> 00:00:50,340
on the website literally is stored on a database and web application which is in the database and then

10
00:00:50,340 --> 00:00:56,640
displays the data to you or to the users onscreen when the users do something it'll either update delete

11
00:00:56,730 --> 00:01:04,440
or modify the data that exists in the database this interaction between the web application and the

12
00:01:04,440 --> 00:01:05,160
database.

13
00:01:05,220 --> 00:01:08,630
Happens using language called ask you out.

14
00:01:09,430 --> 00:01:12,250
So let me show you what I mean by database.

15
00:01:12,250 --> 00:01:13,660
This is just an example.

16
00:01:13,690 --> 00:01:14,820
I'm not hacking anything.

17
00:01:14,830 --> 00:01:21,640
I'm literally just going to log in to the database that is installed on our political machine and then

18
00:01:21,640 --> 00:01:24,340
we're just going to see what's being stored on it.

19
00:01:24,340 --> 00:01:26,740
So I'm not doing any hacking.

20
00:01:26,740 --> 00:01:28,050
There is nothing here.

21
00:01:28,090 --> 00:01:31,040
Nothing fancy just logging into my ask help.

22
00:01:31,240 --> 00:01:36,850
And then I'm putting the user name is root and my the potable doesn't use the password for The Root

23
00:01:36,850 --> 00:01:40,920
which is really bad but obviously it's a vulnerable system.

24
00:01:41,080 --> 00:01:45,590
So I'm just going to log in and I'm not hacking anything I'm not doing any Escorial injections.

25
00:01:45,610 --> 00:01:52,180
This is just the terminal for my ask you of which the web application would use to interact with the

26
00:01:52,180 --> 00:01:52,940
database.

27
00:01:52,960 --> 00:01:57,980
So I'm just trying to show you what I mean by databases and what's saved in their.

28
00:01:58,080 --> 00:02:07,070
So the first thing I'm going to do is I'm just going to type in show databases and that'll show us the

29
00:02:07,070 --> 00:02:13,770
databases that exist on our target server and I can see that we have the information schema.

30
00:02:13,820 --> 00:02:20,230
This is a default database that holds default information information about all the other databases.

31
00:02:20,240 --> 00:02:26,450
So this one gets gets installed by default when you answer my ask you all the rest have been installed

32
00:02:26,630 --> 00:02:32,200
for each web application so we can see we have 140 we keep.

33
00:02:32,420 --> 00:02:44,050
We have one for us 10 and that's for this one with all day.

34
00:02:44,070 --> 00:02:51,570
We also have one called Masquerier Well we have one called Mrs. Floyd and one for the VW which is the

35
00:02:51,570 --> 00:02:57,060
one that we've been using the web application so you can see for each web application we actually have

36
00:02:57,580 --> 00:03:03,840
a database and this database holds the information that is used by that web application.

37
00:03:03,840 --> 00:03:12,170
Let me show you what's in there so I'm going to use the last turn database.

38
00:03:12,290 --> 00:03:18,950
So this is the one that is again this is the one for Mattel day for this web application.

39
00:03:19,290 --> 00:03:22,500
And we can see the table so it's database as a table.

40
00:03:22,500 --> 00:03:25,140
Tables and tables there is information.

41
00:03:25,140 --> 00:03:33,130
So I'm gonna say Joe tables to see the tables that we have and you can see we have a table for our accounts

42
00:03:33,430 --> 00:03:39,620
so you can assume that this table has information about the user names passwords and information about

43
00:03:39,620 --> 00:03:40,990
the users.

44
00:03:41,020 --> 00:03:43,200
We have a table for blogs.

45
00:03:43,390 --> 00:03:47,730
So probably has the blog and puts the posts and the comments in there.

46
00:03:48,520 --> 00:03:50,780
You can see capture data on credit cards.

47
00:03:50,780 --> 00:03:52,700
So there a table that contains credit cards.

48
00:03:52,700 --> 00:03:54,900
Now this is huge for shopping websites.

49
00:03:54,900 --> 00:04:00,080
They actually would have credit cards they will and the information for the credit cards will be stored

50
00:04:00,080 --> 00:04:00,570
there.

51
00:04:00,590 --> 00:04:07,220
Basically the database will store everything all the data that is used on the website because they don't

52
00:04:07,220 --> 00:04:08,330
get started on files.

53
00:04:08,330 --> 00:04:10,110
It's not efficient.

54
00:04:10,160 --> 00:04:15,390
So let's have a look on the accounts and if I just say select.

55
00:04:15,500 --> 00:04:21,610
So this is exactly how the web application will be retrieving information from the database.

56
00:04:21,610 --> 00:04:24,300
It will be select instead of updating or deleted.

57
00:04:24,470 --> 00:04:26,510
So I'm doing a select statement here.

58
00:04:26,510 --> 00:04:30,340
Again this is not hacking I'm not doing anything just collecting stuff.

59
00:04:30,380 --> 00:04:34,690
I'm going to select star which means everything from accounts

60
00:04:41,540 --> 00:04:44,040
was fee and as we can see if we can get.

61
00:04:44,380 --> 00:04:50,490
We have the account ID the username the password and then the signature for the person.

62
00:04:50,520 --> 00:04:52,500
And if that person is an oven.

63
00:04:52,570 --> 00:04:57,790
Now these columns depend on the table so it's actually the person who designed the database designs

64
00:04:57,790 --> 00:04:59,920
the tables the columns as well.

65
00:04:59,920 --> 00:05:03,250
And then the data gets inserted by the work application.

66
00:05:03,250 --> 00:05:07,960
So you can see that we have a user called admin and their password is admin pass.

67
00:05:08,080 --> 00:05:12,040
We can see we have a user called Adrian and their password the same password.

68
00:05:12,150 --> 00:05:19,270
So this is just to show you what databases look like and just to get a feel it because in the future

69
00:05:19,290 --> 00:05:24,210
videos we're going to try to exploit these databases and have access similar to this.

70
00:05:24,210 --> 00:05:26,640
So this I just logged in with a username and password.

71
00:05:26,640 --> 00:05:34,400
Now usually you wouldn't have access like this on the web admin would have that access and the future

72
00:05:34,400 --> 00:05:41,060
videos we're going to try to run some attacks in order to gain access similar to this so that we will

73
00:05:41,060 --> 00:05:47,110
have full control over the database so that we can read stuff and see if we can write or modify things.