8 minutes

Video Transcription

hello and welcome to the breaking stuff with Robert Siri's. I'm so excited to be here with you today and share with you my passion for Callie Lennox and the security tools that it holds. Now, for those of you that don't know me, I am the creator and, uh,
voice of the Cali fundamentals video. I'm a director of security Service is to do things like penetration testing on its own assessments. I manage a team of consultants, and generally we have a good time and enjoy what we do. Now. I want to pass that along to you, share with you that passion. And every week we're gonna jump into some tools
use case where in the community that may fit in. Like if you're, you know, a consultant.
And we've got some tools that that that moulded you're a pen tester. If you focus on exploitation analysis or forensics, whatever the case may be, we're hoping to introduce you to tools that you may be familiar with, and maybe some use cases that you haven't considered
and maybe introduce you to some new tools that you've never been exposed to and give you additional opportunities to grow your repertoire of tools. So I look forward to working with you, and I'm excited to be a part of this series, so let's jump right to it.
Hello and welcome to Episode One of Breaking Stuff with Robert. Today we're going to be going over SQL map, and I'm very excited to share a few tips and tricks with you.
So what can you hope to achieve from this course? Well, we're going to provide you with a high level overview of the SQL Matt Toole, and we're going to demonstrate how the tool can be utilized.
Now, while everyone is welcome to view the video and check the tool out, we think there'll be some special special emphasis here for cybersecurity. Students may be looking to find references on executing SQL injection attacks or doing some academic testing.
Database administrators will probably find use in this tool for doing things like vulnerability checks against the database
and automating those processes as well. Penetration testers will enjoy the tool for again automating those SQL injection attacks and doing some data gathering for their clients and then exploitation. Analysts will get a better idea of how these tools, and especially SQL map can be used
on attacking systems and the techniques utilized there.
While you're not required to have any of the prerequisites, it is recommended so that you can get the full benefit from the demonstration. You should come into this video with a basic understanding of command line knowledge for Callie Lennox. Ah, basic knowledge of SQL injection on the types of attacks, whether that be blind, SQL injection or
ah, union type attacks or air type attacks
on dhe, then how to use tools like burps sweet and tamper data, while it's not required, is a part of this. It is recommended. So you understand what we're doing. And so, with that in mind, let's go ahead and jump into our demo.
All right, everybody. So right now we've got our handy dandy Kelly distribution up and running. And so to get us started, we've gone ahead and gotten wth e dang vulnerable Web app are Devi Devi a loaded up here and we're on the SQL injection page.
And so I was getting ready to submit one to this. We've got it on the low security standings for demo purposes,
and as you can see here currently the U R L as is as such. And so when I go ahead and turn the intercept function on in the proxy, this is going Thio, let me capture some information here that we can use an SQL map And so when we submit, one will see that something happens here.
We get some cookie information
and we can go ahead and ford that on
and we see that this gives us amount put here. So this is typically whenever you've got some kind of type of SQL vulnerability here, it will display information if you don't properly sanitized fields. And so this gives us a U R l here and that you are l is going to be beneficial in allowing us to further exploit the
pager, the database using that information.
So we've gotten what we need from birth. So let's go ahead and pull up SQL map. We'll do a quick man as kill map, and that gives you some very for boast information about what it can do and some of the things that you could do with the tool today. Really, we're gonna focus on getting some contextual information.
Such a database information and what have you so that you could use that
to further mount an attack against a system.
So to get us started, what we'll do is with the less you'll map
and then whenever you wanna put it, you, Arlen, that you're gonna have to do you
and then open here. You copy this?
You are ill.
You're gonna place that in.
I will take that hash
pad off the end and do on additional close there and then we'll initially start by trying to pull the database information. So the first thing we're gonna have to do
is we want to use that cookie information that we collected earlier and burp.
So let's go ahead
and pull that cookie.
Use that as a component of our
attack attempt here,
and we want to try to pull some database information. So we've got a dash dash DBS
Command that we can put on the end of this and we'll go ahead and let this fly.
So bam, relatively quick. As you can see here, we got seven available databases, so that information allows us to build a picture of how the back end of this system looks and where we may be able to find additional information, so I want to take this one step further
and maybe I want to get table information. Now that I know we were able to collect something there.
So we'll do. Dash, dash tables,
dash, dash. Let's see if we can get some password information out of this is Well, I will let this run.
Um, let's just say in this case,
we won't store. Hash is almost a little store hashes for future use. We won't do any dictionary bass tic tacs at this time. All right,
so that RAM gave us a lot of additional information. Now, what is this potentially helpful in? What could we do with this data? Well, depending on what you're trying to achieve one you've just shown the client or the individual in this case that the database is vulnerable to SQL injection. So this is pretty much
a done deal again. It gives you contextual information on how the database looks
and some potential vectors there. As you can see, we didn't collect any password hash information, but this just helps if you know the basic principles behind kind of using this tool and what data you need to collect to try and test against a nest. You'll back ender a database.
Then it really does cut down on your your time thio kind of review that system
and identify any potential vulnerabilities that that system may have.
Oh, and so in this case, very nice find here. So we see that this particular database
has a credit cards entry. So if I were an attacker who found that this system or this interface was vulnerable Teske you'il injection and I could query database information from that. I would definitely want to take the opportunity to try and steal some credit card information. Orson account information is listed here.
So overall, jewel map is a very strong tool. We're just scratching the surface here.
But if you can dream it, you can likely use this tool to achieve your goals or objectives in a relatively quick manner.
All right, everybody. So I hope you enjoyed that demo again. It was very brief, but this was meant to provide you with a high level overview of how you could use SQL map and a particular use case for sq amount. So hopefully you walk away from this thinking of how you could use the tool
where you can get some additional resource is, don't forget that with this video, there's also
a resource sheet that gives you some of the information we've described here today. It's one less some syntax for the tool. So really a great place to get started would be that reference material. And so I want to thank you for your time today, and I look forward to seeing you here again.

How to Use SQLMap (BSWR)

This tool automates detecting and exploiting SQL injection flaws and taking over of database servers. The tool is useful for pen testers and has a powerful detection engine that performs database fingerprinting, accesses data from the database, access the underlying file system on the server and executes commands on OS via out-of-band connections.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica