1 00:00:00,180 --> 00:00:05,700 So before we get started with our injection attacks I wanted to quickly show you the scoreboard. 2 00:00:05,730 --> 00:00:12,420 So go ahead and navigate up to your local host makes you have a pound sign for its slash score dashboard 3 00:00:12,780 --> 00:00:20,400 and you should get an achievement here for finding the hidden scoreboard so in this scoreboard area 4 00:00:20,460 --> 00:00:28,860 you should have access to all the different types of vulnerabilities and all the different types of 5 00:00:29,840 --> 00:00:30,690 rating. 6 00:00:30,690 --> 00:00:36,300 So let's go ahead and I can show you all these and if we hit show All in minds lagging just a little 7 00:00:36,300 --> 00:00:36,540 bit. 8 00:00:36,620 --> 00:00:40,800 But this organizes it by alphabetical order. 9 00:00:40,800 --> 00:00:44,090 So this is all the different challenges that you can come through attempt. 10 00:00:44,280 --> 00:00:51,330 Now if there is a little university type hat over here it's a walkthrough it shows you an interactive 11 00:00:51,330 --> 00:00:54,430 tutorial by clicking on the orange button here. 12 00:00:54,720 --> 00:00:59,490 And there's also ways to click on these and get hints as well so you can do interactive challenges and 13 00:00:59,490 --> 00:01:02,970 you can come in here and get hints if you're able to. 14 00:01:03,070 --> 00:01:06,550 You're having issues finding some of these things. 15 00:01:06,570 --> 00:01:12,240 So what we can do is for example with injection coming up we can say hey let's go ahead and hide all 16 00:01:12,240 --> 00:01:16,610 these and just sort by injection and we could see OK. 17 00:01:16,620 --> 00:01:19,240 There's a bunch of different injections in here. 18 00:01:19,290 --> 00:01:24,980 Now we're not going to cover all these injections we're going to cover the basics of sequel injection. 19 00:01:24,990 --> 00:01:29,250 So for example if we want to start with the basics we're probably don't want to start with the least 20 00:01:29,250 --> 00:01:29,880 difficult. 21 00:01:29,900 --> 00:01:32,400 So the two star here is the least difficult. 22 00:01:32,400 --> 00:01:35,110 And guess what actually is a walkthrough for us too. 23 00:01:35,160 --> 00:01:38,230 But we can go in it says logging with the administrators account. 24 00:01:39,060 --> 00:01:42,440 OK well we had to figure out how to do that right. 25 00:01:42,540 --> 00:01:48,410 But there's hints in here if we want to click on a hint and try to get hints or we could refer to the 26 00:01:49,330 --> 00:01:51,000 the challenge solutions as well. 27 00:01:51,210 --> 00:01:53,610 But this is what's nice it brings you right to injection. 28 00:01:53,610 --> 00:01:56,130 It tells you about injection what it is. 29 00:01:56,130 --> 00:01:56,420 Right. 30 00:01:56,430 --> 00:02:02,280 You come up here it says here's what injection is and then it brings you down specifically to this one 31 00:02:02,610 --> 00:02:08,520 and kind of gives you kind of gives you hints on what you might need to do here in order to log in with 32 00:02:08,520 --> 00:02:10,640 the administrators account. 33 00:02:10,650 --> 00:02:14,710 So with that being said the scoreboard is your best friend. 34 00:02:14,760 --> 00:02:20,400 We're going to be covering a topic or two from each section from the scoreboard. 35 00:02:20,400 --> 00:02:21,720 We'll talk about an overview. 36 00:02:21,720 --> 00:02:27,210 We'll do a walkthrough and then we'll talk about defenses similar to what we did with the active directory 37 00:02:27,210 --> 00:02:29,880 portion and this will just get you familiar. 38 00:02:29,880 --> 00:02:34,860 That's all we are doing here remember this is not a full on web app of course. 39 00:02:34,860 --> 00:02:39,870 This is more of a familiarity that where you have something to bring to an interview and something to 40 00:02:39,870 --> 00:02:41,210 build upon. 41 00:02:41,220 --> 00:02:45,230 So let's go ahead and move right into injections and we'll start focusing on this. 42 00:02:45,420 --> 00:02:46,270 This one right here. 43 00:02:46,290 --> 00:02:49,500 Log in and then and we'll talk about SQL injection attacks.