Chapter 2 - 04 - Understand Application-level and OS-level Attacks - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 SQL Injection Tools sqlmap automates the process of detecting and exploiting SQL injection flaws and the : taking over of database servers sgqlmap Mole hetps://sourceforge.net Blisqy https://github.com blind-sql-bitshifting https://github.com bsql hetps://github.com NoSQLMap https://github.com https//sqimap.org Copyright © by EC-Commcil. ANl Rights Reserved. Reproduction is Strictly Prohibited SQL Injection Tools = sqlmap Source: https://sqlmap.org Being an open-source penetration testing tool, sqlmap automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for advanced penetration testers, and a wide range of switches for database fingerprinting, data fetching from the database, accessing the underlying file system, and executing commands on the OS via out-of-band connections. Attackers can use sqlmap to perform SQL injection on a target website through various techniques such as Boolean-based blind, time-based blind, error-based, UNION querybased, stacked queries, and out-of-band injection. Module 02 Page 227 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 LN J File Parrot Terminal Edit View abs-1=0" Search Terminal Help --dbs (=15 } http://sqlmap.or [!'] legal It is the assume no [*] disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. end user's responsibility to obey all applicable local, state and federal laws. Developers liability and are not responsible for any misuse or damage caused by this program starting @ 01:09:41 /2021-08-12/ [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] testing connection to the target URL checking if the target is protected by some testing if the target URL content is stable target URL content is stable testing if GET parameter 'id' is dynamic GET parameter 'id' appears to be dynamic 3] [INFO] [INFO] [INFO] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable testing for SQL injection on GET parameter 'id' testing 'AND boolean-based blind - WHERE or HAVING clause’ GET parameter 'id' appears to be 'AND boolean-based blind - WHERE or HAVING [01:09:44]) [INFO] heuristic [WARNING] injectable er' (with reflective value(s) --string="DC") it looks like the back-end for other DBMSes? [Y/n] (extended) DBMS is found and test 'Microsoft shows SQL filtering that the Server'. kind of WAF/IPS out back-end Do you DBMS want to could skip be test 'Microsoft payloads clause' SQL Servj specific Figure 2.27: Screenshot of sqimap Some additional SQL injection tools are listed below: * Mole (https://sourceforge.net) = Blisqy (https://github.com) * blind-sql-bitshifting (https.//github.com) = bsql (https://github.com) *= NoSQLMap (https://github.com) Module 02 Page 228 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Cross-Site Scripting (XSS) Attacks How XSS Attacks Work O Cross-site scripting ('XSS' or Normal Request 'CSS') attacks exploit http://certifiedhacker.com vulnerabilities in dynamically generated web This example uses a vulnerable page, which handles requests for nonexistent pages: a classic 404 error page 404 Not found pages, enabling malicious attackers to inject client-. (Handles requests for a nonexistent page:a classic 408 error page) /3ason_file.html side scripts into web pages viewed by other users ‘ ' It occurs when unvalidated input data is included in dynamic content that is sent to a user's web browser for rendering [ O