Chapter 2 - 04 - Understand Application-level and OS-level Attacks - 02_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks - Exam 212-82 SQL Injection Tools R sgqlmap sqlmap sqlmap automates the process of detecting and exploiting SQL injection flaws and the : taking over of database servers Mole 0006 hetps://sourceforge.net Metps://sourceforge.net Blisqy https://github.com https://github.com blind-sql-bitshifting https://github.com bsql hetps://github.com NoSQLMap https://github.com hetps://github.com https//sqimap.org mitps/fsqimop.ocg EC-Commcil. All ANl Rights Reserved. Reproduction is Strictly Prohibited Copyright © by EC-Comncil. SQL Injection Tools = sqlmap Source: https://sqlmap.org Being an open-source penetration testing tool, sqlmap automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for advanced penetration testers, and a wide range of switches for database fingerprinting, data fetching from the database, accessing the underlying file system, and executing commands on the OS via out-of-band connections. Attackers can use sqlmap to perform SQL injection on a target website through various techniques such as Boolean-based blind, time-based blind, error-based, UNION querybased, stacked queries, and out-of-band injection. Module 02 Page 227 Certified Cybersecurity Technician Copyright © by EG-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 LN J (N File Edit abs-1=0" Parrot Terminal View Search Terminal Help --dbs (=15 } http://sqlmap.org http://sqlmap.or [!'] [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 01:09:41 [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] testing connection to the target URL checking if the target is protected by some testing if the target URL content is stable target URL content is stable testing if GET parameter 'id' is dynamic GET parameter 'id' appears to be dynamic [WARNING] [INFO] [INFO] [INFO] 43]3] [INFO] injectable (with [01:09:44]) [INFO] [01:09:44] er' it looks like the for other DBMSes? /2021-08-12/ reflective value(s) found and filtering kind of WAF/IPS out heuristic (basic) test shows that GET parameter 'id' might be injectable testing for SQL injection on GET parameter 'id' testing 'AND boolean-based blind - WHERE or HAVING clause’ GET parameter 'id' appears to be 'AND boolean-based blind - WHERE or HAVING clause' --string="DC") heuristic (extended) test shows that the back-end DBMS could be 'Microsoft SQL Serv| Servj back-end [Y/n] DBMS is 'Microsoft SQL Server'. Do you want to skip test payloads specific specific“ J Figure 2.27: Screenshot of sqimap Some additional SQL injection tools are listed below: * Mole (https://sourceforge.net) = Blisqy (https://github.com) »* blind-sql-bitshifting blind-sql-bitshifting (https://github.com) (https.//github.com) »= bsql bsql (https://github.com) **= NoSQLMap (https.//github.com) (https://github.com) Module 02 Page 228 Certified Cybersecurity Technician Copyright © by EC-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Cross-Site Scripting (XSS) Attacks How XSS Attacks Work O Cross-site scripting ('XSS' or Normal Request 'CSS') attacks exploit http://certifiedhacker.com vulnerabilities in dynamically generated web This example uses a vulnerable page, which handles requests for nonexistent pages: a classic 404 error page 404 Not found pages, enabling malicious attackers to inject client-. (Handles requests for a nonexistent page:a classic 408 error page) /3ason_file.html side scripts into web pages viewed by other users ‘ ' It occurs when unvalidated input data is included in dynamic content that is sent to a user's web browser for rendering [ O