Рет қаралды 1,956
SQL Injection - Episode 2 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢Portswigger: Gin and Juice Shop↣
ginandjuice.shop
portswigger.net/blog/gin-and-...
portswigger.net/burp/vulnerab...
portswigger.net/web-security
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Intro
0:10 Recap
0:46 Redeploy live audit scan
1:21 Known vulnerabilities endpoint
1:57 Review scan results
4:07 Recreate the vulnerability (SQLi)
7:09 Useful SQLi resources
7:45 Union vs Blind injection
8:28 Finding the correct syntax (comments)
9:30 Identify number of columns (order by)
11:25 Determine column datatypes
12:16 Enumerate databases (union attack)
13:32 Enumerate tables
14:15 Enumerate columns
14:41 Extract username and password
15:30 Blind SQLi attack
16:50 Determine database name length
18:06 Extract database name (substring)
19:37 Automate extraction with burp intruder
26:03 Issue #2: SQL in base64-encoded JSON cookie
26:54 Fail to automate with burp (macros / session handling)
30:30 SQLMap burp extension (bApp)
31:46 Test SQLMap CLI (fails to get DB type/version)
33:22 Conclusion