Friday, November 4, 2011

Web Hacking Video Series #3 MySQL Part 1 (SQL Primer)

Video Lesson Topics:
  1. Creating a SQL-cmdShell in python
  2. Setting up a SQL lab/learning environment
  3. Learning basic SQL queries
  4. More advanced queries for pulling meaningful data
  5. Interacting with the operating system
  6. Basic filter bypass and built in encoding mechanisms
  7. MySQL specific functions and structure
This part of the series is a manual sql/python tutorial which will instruct the viewer on how to create their own database interaction with python, the audience being both hackers and new developers.  After connecting to the database learn how to use that interaction for pulling meaningful data from a SQL database and interacting with the underlying operating systems and DB functionality. I will cover basic to more advanced sql queries and interactions. None of the videos contain any injection whatsoever,  instead a DB and SQL primer for the purpose of learning a foundation prior to trying to attack the unknown.  I do delve into many topics related to injection and relate many topics to injection but everything is done on the command line in an interactive lab environment you create for yourself!!  The next blog in the series will cover Injection followed by code analysis and recoding applications with parametrized queries. There will also be MSSQL based stuff in the same sequence of events in future posts.

Needed To follow Along:
  • BT5 VM
  • Test Database http://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2
  • The Pillager: http://consolecowboys.org/pillager/pillage_0.6.zip 
Whats next:
MySql Injection
MSSQL specific learning and Labs
Source Code analysis
Recoding your applications in PHP and ASP


Part 1.1 Coding your Python SQL cmdShell:


Part 1.2 Learning SQL:

3 comments:

  1. Thanks!! Be online at some point... keeping kind of low key lately

    ReplyDelete
  2. I am not a programmer but I have this SQL subject this session and have to prepare for it. What all topics should be covered in it?
    And has anyone studied from this course www.wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
    would really appreciate help

    ReplyDelete
  3. I am not sure about other resources Shipra, Sorry for the late reply I dont check my blog comments all that often... I know that this 2 part series I did goes pretty far into using sql on a real world basis and part 2 on using that same knowlege to exploit an application... Armed with that you should be more then prepared for your into sql course...

    ReplyDelete

Note: Only a member of this blog may post a comment.

Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks

 Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests..   This is ...