Friday, November 11, 2011

Web Hacking Video Series #4 MySQL Part 2 (Injection and Coding)

Video Lesson Topics:

  1. Setting up your victim application, databases and lab
  2. Attacking a simple injection with information Schema
  3. Automating your injections with python and beautiful soup
  4. Dealing with various web encoding in Python and PHP
  5. Bypassing LoadFile Size restrictions and automating it
  6. Decrypting sensitive data via PHP and Python interactions
  7. As always me rambling about stupid nonsense :P FTW

Part 2 of Mysql covers the topic of injecting a simple SQL injection example. Starts out slow then combines techniques and moves into more advanced topics. Prior to attempting this lesson make sure you have watched the videos in the previous blog or understand both SQL and basic python coding. I will show how to automate the injection process via python utilizing simple HTML processing abilities of beautiful soup.  I will cover many python libraries for encoding data and calling web based applications. I also talk about how to deal with encrypted data and methods of enumerating files and folders looking for possible implementation issues and attack points to decrypt sensitive data via PHP/Python interaction with whats available on the server. This is the 2nd part of a 3 part series on MySQL for attacking web applications.

Files Needed:
Lab Files
BT5

Video Lesson:

Whats Next:
PHP source code analysis
Recoding PHP applications to fix SQLi

Friday, November 4, 2011

Web Hacking Video Series #3 MySQL Part 1 (SQL Primer)

Video Lesson Topics:
  1. Creating a SQL-cmdShell in python
  2. Setting up a SQL lab/learning environment
  3. Learning basic SQL queries
  4. More advanced queries for pulling meaningful data
  5. Interacting with the operating system
  6. Basic filter bypass and built in encoding mechanisms
  7. MySQL specific functions and structure
This part of the series is a manual sql/python tutorial which will instruct the viewer on how to create their own database interaction with python, the audience being both hackers and new developers.  After connecting to the database learn how to use that interaction for pulling meaningful data from a SQL database and interacting with the underlying operating systems and DB functionality. I will cover basic to more advanced sql queries and interactions. None of the videos contain any injection whatsoever,  instead a DB and SQL primer for the purpose of learning a foundation prior to trying to attack the unknown.  I do delve into many topics related to injection and relate many topics to injection but everything is done on the command line in an interactive lab environment you create for yourself!!  The next blog in the series will cover Injection followed by code analysis and recoding applications with parametrized queries. There will also be MSSQL based stuff in the same sequence of events in future posts.

Needed To follow Along:
  • BT5 VM
  • Test Database http://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2
  • The Pillager: http://consolecowboys.org/pillager/pillage_0.6.zip 
Whats next:
MySql Injection
MSSQL specific learning and Labs
Source Code analysis
Recoding your applications in PHP and ASP


Part 1.1 Coding your Python SQL cmdShell:


Part 1.2 Learning SQL:

Learning Binary Ninja For Reverse Engineering and Scripting

 Recently added a new playlist with about 1.5 hours of Binary Ninja Content so far..    Video 1: I put this out a couple months ago covering...