1
00:00:10,030 --> 00:00:16,780
In the last video, we saw the manual SQL injection and we actually saw how much time it took to just

2
00:00:16,780 --> 00:00:22,200
get the data, you almost actually did 15 minutes of coding and inserting queries.

3
00:00:22,210 --> 00:00:23,900
And then finally we got the data.

4
00:00:24,490 --> 00:00:31,870
But what if I show you an automated tool to calculate and find the data within using just basic commands?

5
00:00:32,970 --> 00:00:38,850
In this video, we are going to see automating SQL injection using a popular tool known as a good map,

6
00:00:39,450 --> 00:00:45,250
a skill map is a tool which is available in Mac, Linux as well as Windows in this lecture.

7
00:00:45,420 --> 00:00:48,830
We will see how to use a scale map in Linux.

8
00:00:49,530 --> 00:00:50,560
Let us get started.

9
00:00:51,100 --> 00:00:56,340
So before moving ahead, I would like to tell you that when using a scale map, there are basically

10
00:00:56,340 --> 00:01:03,540
two types of escarole injections get based iscar injection and post based SQL injection inject based

11
00:01:03,660 --> 00:01:04,560
SQL injection.

12
00:01:05,130 --> 00:01:13,050
The parameters that user passes through the input values is clearly seen in the world, whereas in post

13
00:01:13,050 --> 00:01:16,220
based ESKIL injection the parameters are not seen.

14
00:01:16,500 --> 00:01:24,840
So while using post based as injection, we will use it to capture the request and then insert into

15
00:01:24,840 --> 00:01:25,470
a school map.

16
00:01:25,920 --> 00:01:33,930
But for this lecture we are going to see how this map works with get based SQL injection that its parameters

17
00:01:33,930 --> 00:01:36,270
are clearly seen in the user.

18
00:01:36,540 --> 00:01:38,040
So first go to Google.

19
00:01:39,220 --> 00:01:45,100
Make sure that you do not use these tools for illegal purposes because you will get compromised, all

20
00:01:45,100 --> 00:01:49,690
the tutorials and the videos in the scores are only meant for educational purposes.

21
00:01:50,100 --> 00:01:56,380
So the Google search engine type BHP questionmark idea is equal to one.

22
00:01:57,650 --> 00:01:58,280
And then.

23
00:01:59,200 --> 00:02:04,240
Contemporary Romanian writers is the website which I have found out to perform SQL injection.

24
00:02:06,580 --> 00:02:14,140
So there are basically two types of physical injections, get based ESKIL injection and post is conviction,

25
00:02:14,650 --> 00:02:16,540
post based conviction.

26
00:02:16,540 --> 00:02:23,410
The parameters that generally user enters are not seen to the U.A., but in our case, as you can see

27
00:02:23,410 --> 00:02:32,260
on the screen, it is equal to one parameter is clearly in the world and hence it is a get based SQL

28
00:02:32,260 --> 00:02:32,750
injection.

29
00:02:33,100 --> 00:02:41,440
Now when I enter a single court after one, I get an ESKIL syntax error, which means this is also vulnerable

30
00:02:41,440 --> 00:02:43,260
to error based as good indication.

31
00:02:43,600 --> 00:02:47,410
No, just remove that single code and copy the link.

32
00:02:49,570 --> 00:02:53,350
And then go to a terminal and launch a school map.

33
00:02:56,750 --> 00:03:03,860
Itch and hit, and these are all options provided a school map, if you are a keen learner and every

34
00:03:03,860 --> 00:03:11,540
security expert must know how to use all these tools, and he should be able to know the options in

35
00:03:11,540 --> 00:03:12,120
a school map.

36
00:03:12,410 --> 00:03:13,970
So just clear the screen.

37
00:03:16,240 --> 00:03:25,480
And type a school map that shows you based the order that we have copied, just do not add a single

38
00:03:25,480 --> 00:03:34,300
code after one and after that you just type Dash Dash DBAs, which stands for database and hit Enter

39
00:03:34,660 --> 00:03:35,290
the U.

40
00:03:35,290 --> 00:03:38,100
Stands for the euro, which is specified.

41
00:03:38,380 --> 00:03:42,280
And now you can see we have started getting results by.

42
00:03:42,760 --> 00:03:44,260
It is dynamic.

43
00:03:44,470 --> 00:03:46,030
It appears to be dynamic.

44
00:03:46,540 --> 00:03:54,850
Whenever it asks the school map asks you to enter yes or no, just hit enter so that it will take default

45
00:03:54,850 --> 00:03:55,330
value.

46
00:03:56,290 --> 00:03:59,740
We will wait till we get the full the result of a school map.

47
00:04:05,800 --> 00:04:14,350
So you can see that we have got the two database names, information schema and Romanian as see now

48
00:04:14,350 --> 00:04:19,690
information schema is the default database, which is present in all of my school databases table.

49
00:04:20,020 --> 00:04:22,210
And we have therefore we have got that.

50
00:04:22,210 --> 00:04:25,270
There is only one database Romanian underscore.

51
00:04:25,270 --> 00:04:30,300
As we see now, we are interested in Romanian underscore services.

52
00:04:30,640 --> 00:04:38,680
So what we have to do is you have to pay the same command as earlier and just instead of dash dash DHBs,

53
00:04:38,800 --> 00:04:39,310
right.

54
00:04:39,520 --> 00:04:49,090
Dash capitally, followed by the database name that is underscored svc dash dash tables, which turns

55
00:04:49,090 --> 00:04:50,770
to find out all the tables.

56
00:04:51,160 --> 00:04:59,590
Now in this command, Dash U stands for the usual dash distance for the database name and dash dash

57
00:04:59,590 --> 00:05:06,910
tables tells the it's map to find out all the table names which are in the database.

58
00:05:06,910 --> 00:05:09,210
Romanian underscore SWC.

59
00:05:11,790 --> 00:05:12,630
Hit enter.

60
00:05:14,660 --> 00:05:20,270
It's Goolma will work and find out all the tables which are present, as you can see, we have found

61
00:05:20,270 --> 00:05:27,670
out Ottey, Undersecretary Ari Underscore, Carti, Orte, underscore Carti, Ottery, etc..

62
00:05:28,870 --> 00:05:35,500
So you can see how easy it was to just find out all the table names, but in the last lecture we saw

63
00:05:35,500 --> 00:05:39,510
how tedious it was to write commands and then get the database stable name.

64
00:05:39,910 --> 00:05:49,980
Now, since we found out all the table names, we will find out oh columns from the contact table.

65
00:05:50,200 --> 00:05:52,480
So just type the same command.

66
00:05:52,480 --> 00:05:59,740
And instead of dash dash tables type dash capability, I mention the name of the table in which you

67
00:05:59,740 --> 00:06:07,330
are interested for this practical I will be using Dasch are a contact and just write dash dash columns

68
00:06:07,600 --> 00:06:15,500
to find out all the names of the columns present in that table are a underscore contact and that added

69
00:06:15,520 --> 00:06:20,080
underscore contact is then present in Romanian underscore evc.

70
00:06:21,210 --> 00:06:32,130
Vola, we have got Eile, email, Phonte, Neum and Booza, since I do not know which website is this

71
00:06:32,130 --> 00:06:38,490
and where it is Hosten actually, but I found out this website on some blog where they have told that

72
00:06:38,490 --> 00:06:42,520
this website is for practical purposes and this site is also not functioning.

73
00:06:42,900 --> 00:06:48,840
So basically now we are interested in finding out the data inside that column.

74
00:06:48,850 --> 00:06:55,320
So what you have to do is just you have to write dachsie and mention the names of the columns in which

75
00:06:55,320 --> 00:06:56,100
you are interested.

76
00:06:56,370 --> 00:06:58,630
In our case, we are interested in all the columns.

77
00:06:58,630 --> 00:07:06,630
So just straight idee, comma, email, comma, func the comma and you m e composer.

78
00:07:10,570 --> 00:07:15,250
And then dash, dash, dump and hit enter.

79
00:07:19,350 --> 00:07:21,500
We have got an error here.

80
00:07:28,020 --> 00:07:30,720
Instead of the brackets, you have to write double quotes.

81
00:07:37,810 --> 00:07:43,270
So just remove the opening and closing brackets and insert double quotes and then hit and.

82
00:07:45,910 --> 00:07:48,810
So hopefully we will get all the details.

83
00:07:49,510 --> 00:07:50,000
There you go.

84
00:07:50,020 --> 00:07:51,730
We have got to databased.

85
00:07:51,730 --> 00:07:52,960
We have got two emails.

86
00:07:52,960 --> 00:07:54,220
You have got to neum.

87
00:07:54,220 --> 00:07:56,770
That is name and proposal.

88
00:07:56,770 --> 00:07:58,480
That is position, I'm guessing.

89
00:07:58,780 --> 00:08:00,670
And frankly, that is the function.

90
00:08:00,850 --> 00:08:02,920
We have got the editor's e-mail, Islay.

91
00:08:03,920 --> 00:08:13,190
And we have got data now how hackers can use this data is just like an email from the from this e-mail

92
00:08:13,190 --> 00:08:19,220
to some victim and then using social engineering techniques that they can just fool the victim to get

93
00:08:19,220 --> 00:08:20,810
some malicious data.

94
00:08:21,110 --> 00:08:27,440
So right now, I'm hiding the details in front of you because this is just for political purposes.

95
00:08:27,650 --> 00:08:33,800
You might have seen that the screen is blurred, but I'm just doing it for educational purposes and

96
00:08:34,040 --> 00:08:37,450
make sure you do not use this tool for any illegal purposes.

97
00:08:37,460 --> 00:08:41,050
We are the security experts and we are ethical hackers.

98
00:08:41,540 --> 00:08:49,040
So this video, I hope this video was very useful and we actually learned how to use the school map

99
00:08:49,280 --> 00:08:55,490
and we actually finished finding the database in almost five to ten minutes.

100
00:08:56,390 --> 00:08:58,430
So this was all for this lecture.

101
00:08:58,730 --> 00:09:05,000
In the next lecture, you will see how to prevent from escalating attacks.