SQL Injection

Рет қаралды 154,410

Күн бұрын

Daniel demonstrates SQL Injection using sqlmap. This is one of his favourite tools.
Big thanks to ITPro.TV for sponsoring this video.
In future videos, he will show us additional tools.
======
Menu:
======
SQL Injection Demo: 0:00
Daniel's top 5 hacking tools: 1:40
SQL Injection: sqlmap and DVWA: 2:31
Don't get shiny bracelets: 3:32
Start attack: 5:44
SQL tables: 8:00
SQL dump: 9:35
SQL Hashes: 9:45
DVWA explained: 12:40
sqlmap command: 15:27
url: 16:06
sqlmap uses the website: 17:34
Change URL to handle special characters: 19:21
cookies: 20:04
How to find cookies manually: 21:41
sqlmap switches dbs: 23:55
sqlmap tables: 26:30
sqlmap columns: 27:31
sqlmap dump: 28:29
Login as a user: 29:45
Why is it called sql injection: 30:41
Can you write to the database: 32:45
What do you want to see? 34:48
How to build the same network: 36:23
It is still used in the real world: 37:31
How to stop this: 38:30
========================
Download software and VMs:
========================
VM used: www.vulnhub.com/entry/websplo...
Kali Linux: www.kali.org/downloads/
================
Links:
================
ITProTV Free Training: davidbombal.wiki/freeitprotv
My ITProTV affiliate link: davidbombal.wiki/itprotv
====================
Connect with Daniel:
====================
LinkedIn: / daniellowrie
Blog: blog.itpro.tv/author/daniello...
================
Connect with me:
================
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZfaq: / davidbombal
sql
sqlmap
sql map
sql injection
sql injection demo
kali sql
kali linux sql
kali linux sql injection
kali linux
hacker
hacking
ethical hacking
cybersecurity
cybersecurity careers
ceh
oscp
itprotv
ejpt
cissp
ceh v10
blind sql injection
elearn securtiy
try hack me
hack the box
oscp certification
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#sqlinjection #sqlmap #cybersecurity

Пікірлер: 274

@davidbombal 3 жыл бұрын

====== Menu: ====== SQL Injection Demo: 0:00 Daniel's top 5 hacking tools: 1:40 SQL Injection: sqlmap and DVWA: 2:31 Don't get shiny bracelets: 3:32 Start attack: 5:44 SQL tables: 8:00 SQL dump: 9:35 SQL Hashes: 9:45 DVWA explained: 12:40 sqlmap command: 15:27 url: 16:06 sqlmap uses the website: 17:34 Change URL to handle special characters: 19:21 cookies: 20:04 How to find cookies manually: 21:41 sqlmap switches dbs: 23:55 sqlmap tables: 26:30 sqlmap columns: 27:31 sqlmap dump: 28:29 Login as a user: 29:45 Why is it called sql injection: 30:41 Can you write to the database: 32:45 What do you want to see? 34:48 How to build the same network: 36:23 It is still used in the real world: 37:31 How to stop this: 38:30 ======================== Download software and VMs: ======================== WEBSPLOIT2018: www.vulnhub.com/entry/websploit2018-1,253/ Kali Linux: www.kali.org/downloads/ ================ Links: ================ ITProTV Free Training: davidbombal.wiki/freeitprotv My ITProTV affiliate link: davidbombal.wiki/itprotv ==================== Connect with Daniel: ==================== LinkedIn: www.linkedin.com/in/daniellowrie Blog: blog.itpro.tv/author/daniellowrie/ ================ Connect with me: ================ Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZfaq: kzfaq.info Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

@adityajaiswal764 3 жыл бұрын

Sir can you be my friend from India 🙏

@adityajaiswal764 3 жыл бұрын

Sir can you be my friend I have no friends 🥺

@Sultan-hy9mf 3 жыл бұрын

ارجو إضافة الغة العربية في الترجمة

@Sultan-hy9mf 3 жыл бұрын

Arabic wax needs KZfaq channels that are very similar to your content

@Sultan-hy9mf 3 жыл бұрын

add Arabic in translation in all the video

@ghozttech9122 3 жыл бұрын

I love David, man! His teaching style is the best and when he has guests on his show, he makes them slow down and he also asks the questions new guys would get roasted for asking and I am truly thankful for him and everything he teaches, but especially everyone he brings together! Thank you so much for your content David!

@RbNetEngr Жыл бұрын

David, thank you for producing yet another amazingly interesting and useful video! And Daniel is the perfect instructor for this. The combination of his very clear and easy to understand explanations, and your thorough and orderly line of questions, ended up with a highly educational production. Keep up the great work, and thank you for making this information available to the community.

@tsaltslinger3268 3 жыл бұрын

7:33 ... That advice changed everything for me. No need to enumerate everything, there are already tools for that. Everyone has tools. Not worried about being a scriptKitty anymore. Thank you!

@espnyc10 Жыл бұрын

New to your content and a beginner in the industry. Love your videos! Thank you for looking out for the rookies like myself and making things understandable!

@pinglocalhost 3 жыл бұрын

Yes, please do more demos. Great video. I would like to see the sql writing to the database and file system in the future for a demo. 😍💪🤯

@howto1.1.1.1 3 жыл бұрын

Today i was searching for sql injection tutorial, but i got perfect video. Thanks David bro.

@davidbombal 3 жыл бұрын

Really happy to hear that!

@TheFreezingTuberJosh 3 жыл бұрын

I'm a simple man, I see David's video I smash the like button :)

@davidbombal 3 жыл бұрын

Thank you, Joshua!

@mohammedhussain3627 3 жыл бұрын

Wow Daniel is very informative and make this learning curve very enjoyable. Love these videos David. Thanks

@apostate1234 Жыл бұрын

I really love the community! Really love the open and inclusive people in the community. You guys are doing great job! I hope I could help this community someday.

@_polaroid_ 3 жыл бұрын

Had been waiting for one such video!! Thanks, David.

@davidbombal 3 жыл бұрын

Really happy to hear that :)

@Omar-gw8lt 3 жыл бұрын

Great SQL Injection tutorial 👌 much appreciated guys

@DreaminARealityTV 3 жыл бұрын

David, my guy, you the man. These videos during my first year bachelors Cybersecurity degree. You have no idea. I find myself learning the stuff you have no idea your even teaching. Everything is some piece to someone's puzzle man.

@davidbombal 3 жыл бұрын

Really happy to hear that Brandon!

@GhostCrypto-tm1tl 3 жыл бұрын

Fantastic demonstration ,thank you David .I'll be waiting for the powerful Metasploit framework video.

@KeithGriffiths Жыл бұрын

Good video David. This is a great tool and works really well when looking for vulnerabilities with your own websites or applications.

@tambokavz 3 жыл бұрын

Great content my man David always coming through.

@davidbombal 3 жыл бұрын

Thank you!

@fenrircorps2702 3 жыл бұрын

Always a good info source!! thanks a lot David!!

@muhammadrehman4135 Жыл бұрын

Man, you're rocks! Thank You for your course !!! I've learned so much!!!

@metrixc 3 жыл бұрын

Everytime I see Daniel typing from above (while standing) I ask myself if this is comfortable. Great video. Gets interesting at the 13.00 mark. 👌🏼

@sweetlulu4306 3 жыл бұрын

I would love to see these videos practiced and also show how the defense measures are reacting or if not at all. Would be an interesting video!

@quick.3372 3 жыл бұрын

Although I knew already everything it's good to refresh my memory sometimes :D amazing content

@alexsp1811 3 жыл бұрын

Such a nice video!👍🏻 Would love to see more of this. Staying at webapptesting would be nice maybe something about burp suite and it would be really cool to hear something about XSS and if there would be any xss tools or if it will be necessary to lern js for proper webapp testing.

@peterchari3839 3 жыл бұрын

Thanks David and your team

@prashlovessamosa Жыл бұрын

Thanks man this one is best by far full of knowledge.Thank you

@KeithGriffiths 3 жыл бұрын

Excellent video David. 👌

@teraspa1332 3 жыл бұрын

Thank you for the perfect job you are doing! i think some burp suite tutorial would be really great.

@nawid1687 3 жыл бұрын

Wow this video was phenomenal. Absolutely amazing. I'd wanna see a burp or owasp zap tutorial!!! Thx again!

@charlesyaw6514 3 жыл бұрын

David, as far as the length of the video is concerned you did a very good thing by timelining the menu; because your videos are short most of the time. Good job

@jeffreymauck9163 Жыл бұрын

Great video!!! I came here expecting an eye roll and left impressed with how easily you broke things down for the less tech savvy…. Hack The World!!! Lol

@xaanx 3 жыл бұрын

Thanks for the motivation and videos! Keep it up and Godbless your family!

@saurabhshrestha8024 3 жыл бұрын

Awesome stuff as always.

@tribikramsen5119 3 жыл бұрын

I was waiting this video so long. I've heard many times about SQL injection last week from my teacher. Finally DAVID is here. ❤❤❤

@davidbombal 3 жыл бұрын

Hope you enjoy the video :)

@tribikramsen5119 3 жыл бұрын

Yeah sir, I'm enjoying. I'm growing in this field and you're one who help me a lot. I'm surprising my friends. Thanks a lot sir. I'm waiting for more and more knowledge to be something in this field.

@nomadichacker 3 жыл бұрын

2 great educators 🧙‍♂️🧙‍♀️👏

@seca_999 11 ай бұрын

i really love you david thanks for this amazing content

@georgeiosip7070 3 жыл бұрын

You are the best David !

@Badokhon 3 жыл бұрын

you really deserve a subscription, big fan 🌟🌟🌟🌟🌟

@iceber96 3 жыл бұрын

Great video, thank you David

@synthc1786 3 жыл бұрын

I love this Channel! thank so much!

@vishalraj7532 3 жыл бұрын

ohh hooo! To much excited for this video. thank you sir

@davidbombal 3 жыл бұрын

You're welcome Vishal

@Sethbowl 3 жыл бұрын

Quality quality quality content, thank you. As a suggestion, maybe nmap or enumeration tools?

@myname-mz3lo 3 жыл бұрын

this series is great haha ive been so scared of becoming a scriptkiddie that ive been studying all kinds of stuff while im now behind on how to use tools haha

@omardahmaniofficial 3 жыл бұрын

man you gave us top cybersecurity book ones, we need a way to read and practice the same time and best websites to do that, btw nice job, keep up❤❤👌

@abhijitsingh183 3 жыл бұрын

Nice video very helpful thank you so much

@charlesyaw6514 3 жыл бұрын

Daniel is a very good presenter too and funny. Good job Dave!

@davidbombal 3 жыл бұрын

Thank you!

@daniellowrie 3 жыл бұрын

Thanks Charles! Glad you liked the video

@blaine5610 3 жыл бұрын

i love your videos david bombal from morocco ♥️♥️♥️🇲🇦🇲🇦

@amirmohamed8748 3 жыл бұрын

Really interesting . Thx bro .

@abhinavsikhakolli5848 3 жыл бұрын

Thank u david i got some clarity on sqlmap

@davidbombal 3 жыл бұрын

Really happy to hear that Abhinav

@saveriocerniglia1135 3 жыл бұрын

Hi David I love your videos and wish there was a dedicated podcast

@DevrajSingh-rs7fn 3 жыл бұрын

Love your videos

@davidbombal 3 жыл бұрын

Thank you Devraj!

@nurenijamiu 2 жыл бұрын

Thank you so much, David and Daniel, for this awesome walkthrough. You have no idea how helpful this is. However, I do have a question, and I hope you can reply to this ASAP. Will this method also walk in a blind SQL injection?

@bharathnaidu107 3 жыл бұрын

You are the best David ❤️

@davidbombal 3 жыл бұрын

Thank you

@themistoclesnelson2163 3 жыл бұрын

Just when I need something, you have it!

@davidbombal 3 жыл бұрын

Really happy to hear that!

@abdullahshoukat2075 3 жыл бұрын

Love u david thanks for the great content😍

@davidbombal 3 жыл бұрын

Thank you. And you're welcome!

@monetka79 3 жыл бұрын

Thank you, David!

@davidbombal 3 жыл бұрын

You're welcome Alyona!

@taiquangong9912 3 жыл бұрын

Nice video!

@sheinsopariwala 3 жыл бұрын

Great video.. I am a bit late but I am glad that I watched this video.

@davidbombal 3 жыл бұрын

Thank you for watching!

@ajaybechawade6989 3 жыл бұрын

thank you sir your great sir you are my motivation sir

@akshay7820 2 жыл бұрын

Need more videos with Daniel

@bronxandbrenx 2 жыл бұрын

Praise this master.

@fisiproduction2448 2 жыл бұрын

Name sake here...........love your videos.....

@samerkia 3 жыл бұрын

I just got my first certification! It's only the TestOut Linux Pro Cert, so it is a very newbie/beginner level certification but I am still very happy! I am a sophomore in college too so that's why I am a beginner.

@davidbombal 3 жыл бұрын

Congratulations!

@aravbudhiraja 3 жыл бұрын

Well same here, I got my first cert, the ejpt and I'm only in high school!

@samerkia 3 жыл бұрын

@@davidbombal Thank you! Honestly, if your videos werent so awesome and motivational I probably wouldn't have done as well as I did! Thanks!

@samerkia 3 жыл бұрын

@@aravbudhiraja Wow! That's awesome, congratulations man, pretty impressive to since you're still in high school! I wish I knew what I wanted to do exactly back then so I could've started down this path sooner than later. You'll definitely have the upper hand then since you've started so much sooner than others.

@aravbudhiraja 3 жыл бұрын

@@samerkia thank you!

@rodrigoesteban7657 6 ай бұрын

Sure, i'd like to see more from Daniel...and the channel too.

@Alain9-1 3 жыл бұрын

Quality as always 👌

@davidbombal 3 жыл бұрын

Thank you very much!

@h4cker_io 3 жыл бұрын

thank you, my teacher.

@RayHorn5128088056 2 жыл бұрын

SQL Injection only works when the server does not perform input validations. For instance, if an ID was expected and the ID is known to be digits only then the input should be validated for digits where any other character would trigger an exception and the SQL would not be used with errant inputs. Modern Web Frameworks will either perform input validations or provide the means to do so. Or just stop using SQL because it's 2021 and we should be using NO SQL. Great video. Keep up the good work.

@pete3816 Жыл бұрын

Sure. But real world is that there are many vulnerable websites meaning this tool is very useful for pentesting.

@joeman123964 Жыл бұрын

of course, videos like this are just to inspire new people and beginners. as a software engineer of 6 years, there is no way they would be able to hack average corporations. sessionIDs are double encrypted along with secure scripts in C# that regulate and parse special characters for a reason. not to mention anything that would attempt to query data would need to be whiteflaged specifically through a manual process to accept their ip of their PC. other than that they can just poke around for small bits of useless information.

@anubhavsharma5986 3 жыл бұрын

This video is really healpfull

@chriskyle8562 3 жыл бұрын

Great video

@davidbombal 3 жыл бұрын

Thank you. Daniel is great!

@etiashack2356 2 жыл бұрын

i love the way u make your vids i hv been following you and am a fan of your work just a quick suggestion though it would be great if u could give us some test website that we can practice sqlmap on

@guilherme5094 3 жыл бұрын

Thanks!

@stealthstyle1 3 жыл бұрын

@David, I’m fortunate enough to study for CCNP enterprise with all expenses covered by my employer. Which is amazing,.. But i’m currently lost in a forest of options. I have no idea how to study for the CCNP effectively. I’m not really sure if i know how to study, period.. I tend to learn by doing stuff, so the theory frightens me a tad. Could you give some guidelines to follow? What materials to buy/use and so forth? I bought your Udemy courses and am going to buy the Boson full package + CML and the books. I think i covered everything with that, but it feels overwhelming. I’m sure i’m not alone in this situation, maybe an idea for a video series? Guide somebody through the study so others can follow along? Not sure if that would work with everybody having different possibilities in life.

@Arctect 3 жыл бұрын

Very Cool!!! Waiting Meta!!!

@tomberghs7004 3 жыл бұрын

The legend has returned with another video! I'm gonna practice with the video on the big screen. Let us be greatful, and thank for Davids and networkchuck hard work and knowledge we gain everyday!

@memomarc6664 3 жыл бұрын

شكرآ ديف.... 💕

@bhavyasura 3 жыл бұрын

David, what are your Views on CPEH certification by TCM? Is it recommended?

@sotecluxan4221 3 жыл бұрын

So nice!

@davidbombal 3 жыл бұрын

Glad you like it! Daniel does a great job showing these tools :)

@hackerdude9671 3 жыл бұрын

Thank You

@davidbombal 3 жыл бұрын

You're welcome

@madhavamng8830 3 жыл бұрын

I learned whatis and how to use sqlmap. But how to use ? either sqlmap or manualy to find the sql injuction vuln . while the parameter passing via body insted of get.

@justinboss4131 3 жыл бұрын

More demo's from daniel pls

@samytexas 3 жыл бұрын

Those who commented after 2 minutes of the video release , can u give us a brief summary of the video 😂💀💀!

@dneerajkumar12 3 жыл бұрын

Vdo about SQL injection 😅😅😅

@davidbombal 3 жыл бұрын

Demo of SQL injection and then explanation of all the options.

@samytexas 3 жыл бұрын

@@davidbombal thanks David You’re the Best! My all Time Favorite! 😎

@t-seriess431 3 жыл бұрын

@@davidbombal plz..give me a link where to report the bug of Facebook..

@DonCarlione973 10 ай бұрын

People always on that BS 😂

@kaushalparab4494 3 жыл бұрын

How to setup this whole lab locally? can you make start to end video for the setup?

@MattaparthiShivaBhargav 3 жыл бұрын

David I have a question I haven't yet started out in Cyber security or not even CCNA.... But I know networking is very important for cyber security...I saw a lot of people recommend me To do CCNA first, but you know it goes much deeper ...So How much deep do I need to go in networking...... is it only CCNA for Networking?, I do know it gives a Intro to networking .....but where should i head my path towards in networking???... are there any other Networking stuff I should look into???. Tell me about how much networking is necessary and certs.... what is the highest Level of cert in networking?.

@chiranjit9529 3 жыл бұрын

Awesome 👍

@davidbombal 3 жыл бұрын

Thank you!

@felipefigueira9689 10 ай бұрын

The key idea of the video is that SQL injection is a serious vulnerability that can be exploited to gain unauthorized access to a web application's database, and it is important to implement security measures to prevent it. 🔑 SQLmap recognized password hashes in a database, demonstrated password cracking, and emphasized the importance of ethical hacking. 00:00 🔍 The speaker demonstrates how to use SQLmap to automate the process of finding and exploiting vulnerabilities in a web application, including identifying vulnerable parameters, enumerating tables, and dumping and cracking passwords from a database. 04:05 🔐 An attacker can use SQL injection to easily obtain usernames and passwords from a website's database, allowing them to log in as an admin and access sensitive information. 11:35 🔍 SQLmap is a program used for SQL injection, and it is helpful to use a verbose URL to identify vulnerabilities; adding a backslash before an ampersand character prevents it from being interpreted as a special character; websites use cookies for session tokens; manual information grabbing from browser developer tools for SQL injection demonstration. 15:47 🔍 Use tools like Burp Suite and SQLmap to find and extract cookie values from the Storage box, identify the database type and names, and run commands slowly from the beginning. 22:06 🔍 There are 17 databases in MySQL, and the speaker shows how SQL injection can be used to access tables and retrieve usernames and passwords, along with suggestions for fixing the issue. 25:24 🔐 SQL injection is a vulnerability that allows unauthorized access to a web application's database, enabling attackers to impersonate users and perform malicious actions, emphasizing the importance of implementing security measures to prevent it. 29:10 🔒 SQL injection attacks can be prevented by continuously scanning and implementing best practices, such as input sanitization and prepared statements, to secure web applications. 34:21

@Sky-wp4vj 3 жыл бұрын

Can we do metaspolit? If possible got some ctfs and that I need break into thank you both now I know what to do to complete crossroads virtual machine..

@Neos.Helios 3 жыл бұрын

Can you pls make a video on buffer overflows with Daniel.

@sialuk85 Жыл бұрын

for my lab, websploit cookie shows impossible. how do i change it to low ?

@vilma-lima5295 9 ай бұрын

muito bomm o video

@fazlulkareem254 3 жыл бұрын

waiting for the next video..........😋😋

@rohi288 2 жыл бұрын

GET parameter 'user_token' appears to hold anti-CSRF token after firing mysqlmap command with dvwa sql injection url

@aayushnepal8795 3 жыл бұрын

How to setup that server on the kali at vmware ....It's saying config.php.ini error msg....When I try to setup locally......

@adityajaiswal764 3 жыл бұрын

Sir big fan from India😎😎😎😎

@davidbombal 3 жыл бұрын

Thank you. Welcome India!

@MangolikRoy 3 жыл бұрын

Hey David how are you I'm facing I'll and some other medical problems that's why I am late in every video but don't worry doc says I can recover in 10 days after 10 days I am fully fit to watch videos👍

@davidbombal 3 жыл бұрын

Hope you feel better soon!