Hey guys hackers Floyd here back again with another video and welcome back to the ethical hacking course and today I have something really exciting for you guys so we’re actually done with with scanning and basically anonymity the anonymity section of the ethical hacking course and now actually going into performing the actual hacks or exploits so this is the.
Actual hacking section and in today’s video we’re going to be checking out SQL injection so I’m actually going to show you how to set it up and how to use SQL injection so you might be asking.
Yourself what is SQL injection well basically SQL injection as some of you may know it has the abbreviation SQL and SQL is basically a language that communicates with databases I don’t know with whether any of you have actually done SQL programming it’s a very very simple language but that’s besides the point so basically the idea behind SQL injection is basically pulling a database in pulling database info that exists behind a web server so basically pulling a database of a website behind the website in not the web server that will contain information about the.
Website for so for example it can contain information like usernames and passwords it Kinkaid can contain the downloads that the different files that are up for downloads on the website and basically just usernames and passwords information about people who log in there and the administrators and etc etc you you you get the idea now when talking about SQL injection it obviously is an exploit that you a hacker or or a pen tester would use to to.
Gather information from a database and usually the most targeted information are usernames and passwords.
But nowadays the databases have usually have have their usernames and passwords encrypted so actually that info that information is usually not really targeted by hackers nowadays really what hackers would target would be for example credit card information as you’ve seen Sony and the PSN again and the most valuable information is credit card information and before the simple reason that the credit card information is not encrypted.
All right for the simple reason that company’s encrypting a credit card okay it depends on the method.
Of encryption but I’m not gonna go into that right now but it’s much easier just to keep the credit card info the way it is because if you convert a credit card it may resemble another credit card number and that may cause a mix-up but that’s just one of them so basically that’s the information that usually target now you might be asked yourself.
Why should I use SQL injection.
Well basically SQL injection is as I said just getting the the database of a website and seeing what you can gather from there so for most cases you will find that the username and password section or the user names of the users on that website will be encrypted so other information you.
Might target from a user would.
Be for example if you can get access to those database tables would be for example credit card information date of.
Birth spouse details emails things that really really would really help you in whatever you’re doing where they’re performing a hack or just of analysis as I was saying usually what’s targeted is very critical information like credit cut.
But you cannot overlook that you might find other information.
For example files that are not actually available to download on the website but are actually on the database so that’s basically what I wanted to explain about SQL injection what it is how it’s used how you can use SQL injection for performing an attack now to actually demonstrate this first down to mention I just want to throw out a disclaimer that it is highly illegal to use the SQL injection exploit for the simple reason that you are tampering with the database if you have permission then it’s fine but you have to have.
Written permission from the owner of the website or the administrator giving you access to the.
Database otherwise it’s highly illegal and I will not be held.
Responsible for anything that you do I.
Feel really really bad saying this but I have to throw it out to protect myself so for the safety of.
Everyone watching this video especially the younger audience I’m gonna show you how to set up a pen testing lab now a pen testing lab will allow us to basically run all our basically to learn ethical hacking in.
A safe way by creating our own database and performing exploits on that because we.
Are the owners and we can do whatever we want so basically you can increase the difficulty you can increase the encryption and just test yourself out and make yourself a better SQL injector so to speak I don’t know whether that word exists but basically okay so let’s actually set up this pen testing lab it’s.
Very very simple so what you.
Want to do is run going to your browser and you want.
To search for a damn vulnerable web application damn vulnerable web web application so I will leave the link in the description and what this is is basically a damn vulnerable web application as it says here it’s basically a PHP MySQL web application that is damn vulnerable and as you can see it’s saying its main goals are to be an aid for security professional.
To test their skills and tools in a legal environment so that’s all you need really.
So all you want to do is just hit download it’s native to Linux and it’s basically and you can also use this on Windows if you feel like but I don’t know why you do that but just download its 1.3 megabytes is a zip file and once you have it downloaded I already have you downloaded it’s in my downloads.
Folder right here and haven’t extracted it yet because I wanted to show you guys how it’s done so let’s open it with archive manager hopefully.
You’re on Kali Linux if not it’s the same process just extract the folder into your downloads section and it’s going to extract it and once it’s done we have the d-damn wonderful web application master folder so we’re going to leave that for now we don’t really need to focus there so again open your terminal this is heart of everything that we’re going to be doing so in the terminal now we have we actually have a a web folder the default web folder for kali.
Linux now actually gonna we have we actually have to go.