1
00:00:00,280 --> 00:00:05,650
And Lou everybody when it comes to my advanced ethical hacking networking penetration testing goes

2
00:00:16,080 --> 00:00:21,520
this video will cover the concept of a secure injection.

3
00:00:21,540 --> 00:00:24,340
We are going to elaborate on it.

4
00:00:24,500 --> 00:00:29,070
Do it quickly as well as practically calling you action.

5
00:00:29,100 --> 00:00:29,970
What is it.

6
00:00:30,000 --> 00:00:37,030
It's a vulnerability that is firm one on when you have applications.

7
00:00:37,050 --> 00:00:40,090
There there Tucker or the anniversary.

8
00:00:40,170 --> 00:00:49,170
He has only to inject some input so some input codes or some payloads so that he get access to the web

9
00:00:49,170 --> 00:00:50,500
server side.

10
00:00:50,590 --> 00:00:58,290
And while having access that he can manipulate database all he can get control of the full access of

11
00:00:58,290 --> 00:01:00,890
the administration final dashboard.

12
00:01:01,440 --> 00:01:02,000
OK.

13
00:01:02,760 --> 00:01:11,490
So as soon as current edition he's admitted the advantages of how separate into art 0 0 works with it

14
00:01:11,490 --> 00:01:20,580
back and that can server when the attacker gets the information that he needs if he scan your website

15
00:01:20,970 --> 00:01:26,020
and then he phones that his Web site is vulnerable to a school injunction.

16
00:01:26,190 --> 00:01:30,770
He might explode it if he's back at hackers.

17
00:01:30,870 --> 00:01:39,770
He can destroy your website e-mails could any an attack a server is treated in passing is could comment

18
00:01:40,050 --> 00:01:47,230
through their web application didn't get processed and executed by it but in every server in some order

19
00:01:47,230 --> 00:01:53,840
the benefits of a successful attack could be by passing the qualification in gaining access to the data

20
00:01:54,110 --> 00:02:02,520
changing the data modifying need you know to control execution of course made your list of times and

21
00:02:02,520 --> 00:02:13,140
we're told it depends it depends on the types of the database server that is being used to target for

22
00:02:13,140 --> 00:02:14,250
example.

23
00:02:14,710 --> 00:02:23,000
Many many different parts or many programmers already I mean he's tried all they use my askew database.

24
00:02:23,130 --> 00:02:28,630
Some of them use Postgres Kuwait as well but many of them used to use.

25
00:02:28,750 --> 00:02:38,070
Oh I used to have my secure database if you are working in a company or in if you were responsible for

26
00:02:38,070 --> 00:02:41,530
analyzing it to do it when we're told to not.

27
00:02:41,640 --> 00:02:51,030
If your application is noble to execute injection where an attacker might get you into the trap is you

28
00:02:51,040 --> 00:02:56,060
have to go check your local file of your server back inside.

29
00:02:56,080 --> 00:03:00,620
Many employees struggle they don't even know where to look.

30
00:03:00,620 --> 00:03:03,300
Five of these system is located.

31
00:03:03,300 --> 00:03:10,560
It is really quite shocked to know because while you say it'll be the notification of your local filing

32
00:03:10,560 --> 00:03:18,750
system even if you don't set the notification but if you know where it is located you can always always

33
00:03:18,750 --> 00:03:27,120
make a daily check to let you know if your website has been attempted to give information to it now

34
00:03:27,120 --> 00:03:37,000
its source so that you know exactly what kind of attempt has been made on your system.

35
00:03:38,420 --> 00:03:39,960
It's good condition to be done.

36
00:03:40,020 --> 00:03:44,600
Even from browsing a site if it has a database for each auction there.

37
00:03:45,090 --> 00:03:50,750
So you it can also indicate up to a career has been set.

38
00:03:50,820 --> 00:04:01,160
We know mostly three main types of is good in chicken but there do exist much more visually important.

39
00:04:01,860 --> 00:04:02,460
OK.

40
00:04:02,580 --> 00:04:06,450
You will based union based in brain based.

41
00:04:06,450 --> 00:04:11,700
We can use time sensitive weakest and in the description gross although I'm going to elaborate much

42
00:04:11,700 --> 00:04:15,500
more on those this injections that you will beneath.

43
00:04:15,570 --> 00:04:17,070
So what is it.

44
00:04:17,070 --> 00:04:24,150
It is in an infinite secured injection mater that we lies on in one message to one by the database server

45
00:04:24,360 --> 00:04:29,010
to obtain information about this trial to draw into that of the database.

46
00:04:29,010 --> 00:04:39,480
So while the attacker froze the database or tweak the database in it weakest in the database itself

47
00:04:39,480 --> 00:04:47,760
as it Ninos and because he was once set on by his administrator so that he keeps the information to

48
00:04:47,760 --> 00:04:54,960
the user for example he might say we don't recognize this user check this all this user input is not

49
00:04:54,960 --> 00:05:01,800
valid all the data are in my secure query does it accept this thing you know if if your database gives

50
00:05:02,040 --> 00:05:04,680
you gives the attacker some information.

51
00:05:04,860 --> 00:05:06,140
This is not good.

52
00:05:06,150 --> 00:05:13,110
This is really notable when you are really useful which the different phases of the web application

53
00:05:13,390 --> 00:05:20,680
there should be disabled on a life site or logged to a file it was tweaked it access instead.

54
00:05:21,240 --> 00:05:31,250
Ok now we are only part of a school based union based union BS is in being a rescuer in chief Jim Middleton

55
00:05:31,250 --> 00:05:33,550
as well at that leave which near Union Square.

56
00:05:33,560 --> 00:05:41,400
If we were to combine it with a sort of two or possibly even more select statements into a single one

57
00:05:41,730 --> 00:05:44,430
which is then we returned as part of the issue.

58
00:05:44,490 --> 00:05:48,090
We spend it in feeling sure it is good.

59
00:05:48,120 --> 00:05:50,130
We are not going to do it on order we think.

60
00:05:50,250 --> 00:05:56,640
So we give your own boss stuff guys so that you can read it by yourself and understanding the reason

61
00:05:56,640 --> 00:05:57,530
behind dissent.

62
00:05:57,540 --> 00:06:08,220
That is good chicken occurred on the civil side made from the attackers much like bowling bears appear

63
00:06:08,460 --> 00:06:09,780
to survive a quick review.

64
00:06:09,780 --> 00:06:16,770
It's a kind of meta that relies on sending in a school to query the database which forced it which forced

65
00:06:16,770 --> 00:06:24,080
the application to return in different ways depending on whether your query returns it to or fast a

66
00:06:24,130 --> 00:06:24,990
pooling system.

67
00:06:24,990 --> 00:06:32,200
This is true of us depending on the ways the content within its GDP was spent we changed or we made

68
00:06:32,240 --> 00:06:35,760
this then the is there for a story to infer.

69
00:06:35,900 --> 00:06:42,060
You have the parent who is trying to offer us even to know that that form the database is returned but

70
00:06:42,330 --> 00:06:48,000
it gives him very quick information because it equivalent to or fathers.

71
00:06:48,060 --> 00:06:52,600
So this attack is typically slow especially underaged databases.

72
00:06:52,710 --> 00:06:58,880
Since the attacker will need to enumerate databases it determines step by step character by character

73
00:06:59,420 --> 00:07:02,370
like timeline blindness fuel injection.

74
00:07:02,490 --> 00:07:08,590
So it is a law that relies on sending in a school query to the debt office which follows the means is

75
00:07:08,610 --> 00:07:14,570
to wait for is pacified amount of time before we are spending.

76
00:07:14,640 --> 00:07:16,160
This is credible.

77
00:07:16,250 --> 00:07:22,590
And do we spend time really indicate to the attacker whether the result of the query is true of fast

78
00:07:25,560 --> 00:07:29,080
came out or ran out of men intuition.

79
00:07:29,100 --> 00:07:29,710
Isn't that a.

80
00:07:29,720 --> 00:07:30,470
Come one.

81
00:07:30,490 --> 00:07:36,720
But mostly because it depends on the feature being enabled on the database server being used by the

82
00:07:36,720 --> 00:07:39,170
application out of land.

83
00:07:39,200 --> 00:07:46,650
This condition occurs much more when an attacker isn't that able to use this child or ranch the attack

84
00:07:46,920 --> 00:07:54,320
in get away resulted in distinct techniques or for the attacker in a to influential time based techniques

85
00:07:54,550 --> 00:07:58,820
especially this server which spins out fairly under very stable.

86
00:07:58,930 --> 00:08:09,590
Now I met AQ wait I mean so you can find on much more information about the obscure comment to this

87
00:08:09,590 --> 00:08:10,470
land guys.

88
00:08:10,530 --> 00:08:18,350
It's a vote could is important to learn before duty so that you can manage your system practically.

89
00:08:18,910 --> 00:08:24,310
And we're in very one minute attack and will not be sitting and doing attack for more.

90
00:08:24,450 --> 00:08:28,270
They can use automated tools like Smith.

91
00:08:28,410 --> 00:08:30,770
As I said earlier as an attacker.

92
00:08:31,080 --> 00:08:34,620
So I will require you as an attacker to be a good attacker.

93
00:08:35,130 --> 00:08:42,570
I mean being at a group to hack yourself or to penetrate through the system so that you have the knowledge

94
00:08:42,900 --> 00:08:50,040
enough their required knowledge to have your self have their whole world after that.

95
00:08:50,040 --> 00:08:59,760
Okay we have a video with no tools in color limits which is a purpose read news that I see as inbuilt

96
00:08:59,820 --> 00:09:06,240
system because it hasn't the free edition of obviously proceeded there but I would require you if you

97
00:09:06,240 --> 00:09:08,700
can buy the proof we should not impose.

98
00:09:08,700 --> 00:09:15,780
It would be best for you because the book sheet professional has a lot of much more functions.

99
00:09:15,810 --> 00:09:16,530
Let's take a few.

100
00:09:16,660 --> 00:09:18,660
Let's take one example.

101
00:09:18,660 --> 00:09:28,110
If you go to your to your if you want to make a life scanning and then you don't have it Ed. professional

102
00:09:28,770 --> 00:09:31,420
you will not have this option on your community.

103
00:09:31,810 --> 00:09:32,060
Yeah.

104
00:09:32,220 --> 00:09:38,430
So that's why we would require you to buy it or find a way to to get the perps professional.

105
00:09:38,640 --> 00:09:39,600
Or if you want you can.

106
00:09:39,690 --> 00:09:50,260
I can provide you the exact prices exact information how to Harvey because we have it in our proxy but

107
00:09:50,460 --> 00:09:57,610
for the sake of all we knew was earlier so we dated and we downgraded we upgraded we downgraded.

108
00:09:57,830 --> 00:10:02,570
OK so attacker can use proxy warning much as a proxy server.

109
00:10:02,580 --> 00:10:08,670
So our weakest will pass to bourbon birdseed and it will modify that case with windows and if possible

110
00:10:08,710 --> 00:10:19,210
we get to compromise the database and automating to is how the V O age so which can be used in equipped

111
00:10:19,230 --> 00:10:26,260
with terrorists and allowed to test any website for getting the insecure injection.

112
00:10:26,950 --> 00:10:35,410
So here are in d We're billing address it's a site where it's a site.

113
00:10:35,790 --> 00:10:43,400
So there you can try to get the Timor of food vision to test any web page here again to look in court

114
00:10:43,420 --> 00:10:52,000
to all us so that you can find much more information about obscure injection how it works what it is

115
00:10:52,030 --> 00:10:55,820
and how to prevent it out to detect it and stuff like that.

116
00:10:56,250 --> 00:11:03,380
Okay well so can we use it and sort no know if you follow or implement implementation if you use 80

117
00:11:03,380 --> 00:11:11,260
years in IP is 80 as it is the intrusion detection system in IP as this intrusion protection protection

118
00:11:11,260 --> 00:11:12,230
system.

119
00:11:12,370 --> 00:11:18,770
Or you can try to use the web application code configuration to check the size the type content weakest

120
00:11:19,030 --> 00:11:21,850
going to the database in another high.

121
00:11:22,000 --> 00:11:32,100
Obviously we quite who need step to do is always check the user input while you program your site.

122
00:11:32,170 --> 00:11:41,890
I mean while a developer try to code some pages so that it opposed to a particular website because if

123
00:11:41,890 --> 00:11:50,080
the attacker finds a rule you will take advantage of it because if you don't have some sanitization

124
00:11:50,380 --> 00:11:57,590
some filters that prevent the user input so that a particular character can't into the database.

125
00:11:57,660 --> 00:12:05,590
I'm telling you guys you've stuck because if that is me as an attacker if I want to get access to it

126
00:12:05,620 --> 00:12:09,330
and then I find it not so I can might use it in a one way.

127
00:12:09,610 --> 00:12:13,860
So a person can use any one way against you.

128
00:12:13,860 --> 00:12:18,970
You have to be aware of it and then take all of these responsibilities when you are launching a website

129
00:12:19,210 --> 00:12:27,160
so that before launching it you try to analyze it all the pictures over the pages inside it step by

130
00:12:27,160 --> 00:12:34,700
step and try to detect if there is a need for nobody to inside.

131
00:12:34,700 --> 00:12:35,370
All right.

132
00:12:35,620 --> 00:12:43,660
Here we have some some streams that you can use what is called injection and put the one there one which

133
00:12:43,720 --> 00:12:45,210
we like to watch more.

134
00:12:45,310 --> 00:12:50,520
Is this one so input to external brackets to external codes.

135
00:12:50,530 --> 00:12:51,200
I'm sorry.

136
00:12:51,310 --> 00:12:59,920
And then you put one single codes all single codes equal to one D.

137
00:13:00,010 --> 00:13:02,910
External code.

138
00:13:03,250 --> 00:13:05,090
Don't put it in the field.

139
00:13:05,100 --> 00:13:07,760
D don't put it end if Indiana County.

140
00:13:07,920 --> 00:13:08,610
All right.

141
00:13:08,800 --> 00:13:17,580
So if a user name is admin we will bypass the password field like this.

142
00:13:17,590 --> 00:13:23,350
You see you just copy and paste it that end to the puzzle field and then you present it.

143
00:13:23,740 --> 00:13:27,550
If it is good knowable SQL injection it might work.

144
00:13:27,550 --> 00:13:30,520
If it does it we can try to find you.

145
00:13:30,700 --> 00:13:37,390
You can try injecting chrome does things or you can make your own research and then you insert in this

146
00:13:37,390 --> 00:13:42,460
school injection there so that you get access to the system that you have as a target.

147
00:13:43,060 --> 00:13:47,830
Okay so this is some command a semicolon.

148
00:13:47,830 --> 00:13:50,890
It means it is the end of a school stick man.

149
00:13:51,280 --> 00:13:55,290
This one single quote to it was in the close of the school statement.

150
00:13:55,300 --> 00:14:00,460
Double Dash it is a comment is not to go and this comment.

151
00:14:00,460 --> 00:14:03,160
It is also the way of finding stuff like that.

152
00:14:03,160 --> 00:14:10,770
So guys if you get in here you already have the knowledge of the basics.

153
00:14:10,990 --> 00:14:17,420
You have to take before and your upside so to be really advanced.

154
00:14:17,450 --> 00:14:19,510
Use it in testing.

155
00:14:19,690 --> 00:14:25,600
If you want to be a wheel intercom hacker you have to know how to hack what is this.

156
00:14:25,670 --> 00:14:31,630
Be good and everything because what you do on what you would find on it.

157
00:14:31,930 --> 00:14:33,100
So be careful.

158
00:14:33,100 --> 00:14:38,010
Don't attack people attack yourself to hurt yourself.

159
00:14:38,170 --> 00:14:42,510
Don't attack to destroy attack to help and then don't attack.

160
00:14:42,610 --> 00:14:50,800
One thing this is really my good advice that I can assure you that I can that I can tell you that I

161
00:14:50,800 --> 00:14:56,990
can give to you because you have to be good in everything because you know some eat.

162
00:14:57,130 --> 00:15:01,850
It doesn't mean that you have to practice it on someone in your one way.

163
00:15:01,880 --> 00:15:05,450
Oh so this was the part of the tea or tea call.

164
00:15:05,470 --> 00:15:07,430
Information about is called comments.

165
00:15:07,500 --> 00:15:13,800
And in this video we are going to make the practice for obscure injection.

166
00:15:13,930 --> 00:15:16,600
Looking forward to seeing you in the next video.

167
00:15:16,600 --> 00:15:24,820
Thank you.