Time
1 hour 49 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:00
everyone Welcome back to the core. So in the last video, we just did a brief introduction. Of course we talked about who I am is your instructor. We also talked about how this course is gonna be structured again. It's a shorter course than what you might be used to on the site, but we're focused primarily on learning the hands on skills.
00:15
Now, in this video, we're just gonna talk a little bit about databases. So I want to stress that this is a very high level over you of databases in general as well as, ah, high level overview of specifically some sequel commands.
00:28
And if you want to take a deeper dive into learning sequel or more information about just databases, I definitely recommend the upcoming introduce Equal course by Kit Parker. Upcoming As of the time of the filming of this particular course, and depending on when you're watching this course, it may also already be on the site. So it just starts for sequel
00:46
on the website, and it should pull up.
00:49
Now. I'm using a tool here called D beaver, so I find the easiest way to explain databases and talk about them is not some death by Power Point thing, but rather using like a hands on approach. So I have included links for Dee Beavers. Well, is my sequel in the supplement of Resource section. Should just click of the resource is tap. I've got a whole lot of stuff in there for you, by the way,
01:08
but you'll find links to go ahead and download these if you want to. It's not required for this particular course.
01:15
You won't need this for performing things like sequel injection attacks. But if you want to learn more about databases and just kind of play around a little bit, I definitely recommend you. Go ahead and just download those and play around on your own system.
01:27
So as I mentioned amusing Deeper Beaver, this year's allows us to look at my sequel databases. I don't have any databases set up. However. I'm just using the sample one here that comes with D Beaver, and that's good enough for our purposes as faras learning about databases in general.
01:44
So, databases What? What are they? Well, as the name implies were putting data in them, right. We're storing data in there, and the very simplistic form is I'm putting data in a spreadsheet, right? That's a good example for that.
01:56
Now, we most organizations nowadays, I actually can't think of any that don't use this. But most have some kind of relation. Will database management system in place? So some kind of were basically relating data. Right. So
02:08
this sample database actually gives us a good way to look at that. Right? So databases in general are gonna be gonna be consisting of tables, and then in those tables, we're gonna have different columns, you know, maybe like a ah user name. Or maybe something like an employee named Employee I D. Number, date of birth, whatever the case might be. Right.
02:29
So let's go ahead and take a look at some examples of that.
02:32
So we'll start off here on the left side. I'm gonna go play list here. Your notice. Once I go to the data tap here, that is gonna show me a couple of columns. So this is my table, this entire thing. Here's my table for this particular database. This particular table here of playlist, and then I've got my Collins here. So I've got my playlist I d and then I've got my name
02:53
off. Whatever the play list might be right
02:55
now, if I open up some other ones here, If I go to play list track,
03:00
you'll notice that I'm getting the playlist. I d a track I d. Number here. So if you go back to playing list, you'll see playlist I d.
03:07
You see? Also click on the right one. There, we'll see playlist I d here. And then if we open up track as well, What you'll notice in there is that we've got our different track. I d numbers. Right? So what we could potentially do? This is all relating the data here. And that's why I clicked on these ones and not like artists or something like that in this example here. Because if we look at this,
03:28
we see that the trek I d number
03:30
under the eyes with the playlist track. So, as an example, we see number 99 down here. Right? So that's the track I d. Now, if you come into the track table and we go down a bit on the page, we confined What? 99 is right. We could see that. Okay, That song is your time has come
03:51
now. Not such a big deal for, like, songs, right? Like in most cases, nobody's gonna hack you just to steal your latest Beyonce album. It could happen, but the reality is it is very unlikely. But if you think about this in the context of user names and passwords,
04:05
then it gets important to understand relational databases, Right? Because if we can figure out how these tables work with each other than we can craft our attack to match that and get all the information we're looking for and basically dump the database now you'll see in the labs we do later on that it gets a little easier to do things with tools.
04:24
But just at a high level over you to understand this
04:28
now, how do we get information from databases? What can we do? And we're gonna jump into here? We're going to kind of jump into a little basics of sequel databases. So
04:38
another kind of like common sense saying like if I want information from a database I need to like, you know, I need to say like, Hey, I want that right. So, ah, command that we use with sequel databases. We used the Select Command, so I basically say, like, select, You know, this table here. So select the track table or select, you know, the track playlist
04:57
select. You know, artist, whatever the case might be, right? I'm basically saying, like, select this
05:00
particular thing in the database.
05:04
I've also got the option running sequel sequel commands or even a sequel injection attack. I may want to try to update information in the database. This comes into play with a pen tester side of you
05:16
of updating user name or password for an admin account, right? Or just updating the database with a new user name and password. So that way I can maintain persistent access.
05:28
We've also got the delete Command in Sequel. So the doing command, As the name implies, you're deleting data, right? So I can use that to corrupted database. So if I just want to attack a target like let's say I'm working for a competitor or something, or competitors has hired me as a criminal hacker,
05:44
I could go in and delete data that the organization you know, the competing organization might need to actually maintain their operations or I can delete their I p or something like that. Now most companies have backups, but you'll find
05:55
every so often that somebody doesn't do things appropriately. And as you might have seen out there in various news articles that
06:01
criminal hackers can basically delete your backups, delete, you know all the data in your database backups and all sorts of stuff. We have seen that with an encrypted e mail provider that the name escapes me right down right now. But
06:15
I understand that this can occur, right? So
06:17
keep that in mind. Another command is inserted into, you know, again, we can basically insert information into the database. We can also, you know, use like that, create database to create a new database. We can also use an alter commands to the Ultra Database Command to modify the database. We can create new tables. We can alter tables again, you know, with create table or altar table.
06:36
We can drop a table, which means basically there it's gonna delete the table.
06:41
We could, even as part of our sequel injection attack, we can add a dump. So, for example, for using like sequel map that we're using later on in this course in our third lab, we can use the dump command with that to basically dump the database and get all the information from it. So you can understand hopefully how challenging
07:00
it might be for a defender
07:01
to keep all this stuff safe because an attacker only needs to be right one time, right?
07:05
The other command that you'll see commonly used by Attackers in a sequel injection attack is gonna be the union command. So basically, that allows you to combine two or more select statement so I can say, like, you know, like, my first command could be something legit, right? Like, you know, select this from here, and then I
07:24
do union statement and basically combine that with
07:27
some nefarious command that then does something else that's not intended by the database.
07:32
So this was just kind of a high level overview in this video of databases in general. So hopefully you understand a little more if you weren't familiar with them and all again, that's one of the pre Rex for this course is to have a foundational knowledge of databases. So again, it's really just a place where storing information and we start
07:47
in certain ways. So that way it makes it easier for us to make sense of all that data, especially as we scale things up, right? So if you think about organizations with hundreds of terabytes of data,
07:58
for example,
08:00
it's very difficulties. Go look at all that in a spreadsheet, Right? Like that would take you years, probably thousands of years, right? So we've tried to do these relational databases, and that's where things shifted many years ago to relational databases so we could make sense of all this data that we're aggregating.
08:15
So from an attacker standpoint, why this is important is if we understand how databases work. If we understand some basics, equal commands, you know, like the select statement or delete insert into drop table et cetera, we can understand how to attack the specific databases and even if it's not a sequel, one you know if we're doing Oracle or something like that. But
08:33
most attacks out there are gonna be sequel injection attacks because it's
08:37
the most common sort of database that many organizations are using. And that's why Attackers go for
08:43
so
08:45
again from an attacker standpoint. We're trying to understand databases so we can understand how to attack them. Right? We have to understand the foundations, you know, Think of it like anything else in pen testing. If we understand linens, for example, that we can understand Callie linens on that we can understand. Like how things are working at the terminal and what we're specifically doing with very various files
09:05
and attacks that were doing as far as the opening command shells, et cetera.
09:07
So I hope you understood databases. Now, from this again kind of a very high level overview here. As I mentioned, I got the links to debrief her in my sequel. If you wanted to download those and play around with him a little bit, I've got those in the resource of section.
09:24
Now, in the next video, we're gonna go ahead and talk at a very high level over Web applications. So I just want to kinda draw out that communications. You can understand that as well. Again, I, through pre records in this pre requisites in this course, it's really intended for an intermediate audience. But I know that some beginners we're gonna take this as well. So wanted kind of
09:43
provide a little background information for you as well.
09:46
So I'll see you in the next video

Up Next

SQL Injection

This course will cover a brief introduction to databases and SQL commands, basic information about Web applications, and basic information about SQL Injection attacks.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor