Web Hacking Video Series #3 MySQL Part 1 (SQL Primer)

Video Lesson Topics:

1. Creating a SQL-cmdShell in python
2. Setting up a SQL lab/learning environment
3. Learning basic SQL queries
4. More advanced queries for pulling meaningful data
5. Interacting with the operating system
6. Basic filter bypass and built in encoding mechanisms
7. MySQL specific functions and structure

This part of the series is a manual sql/python tutorial which will instruct the viewer on how to create their own database interaction with python, the audience being both hackers and new developers.  After connecting to the database learn how to use that interaction for pulling meaningful data from a SQL database and interacting with the underlying operating systems and DB functionality. I will cover basic to more advanced sql queries and interactions. None of the videos contain any injection whatsoever,  instead a DB and SQL primer for the purpose of learning a foundation prior to trying to attack the unknown.  I do delve into many topics related to injection and relate many topics to injection but everything is done on the command line in an interactive lab environment you create for yourself!!  The next blog in the series will cover Injection followed by code analysis and recoding applications with parametrized queries. There will also be MSSQL based stuff in the same sequence of events in future posts.

Needed To follow Along:

• BT5 VM
• Test Database http://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2
• The Pillager: http://consolecowboys.org/pillager/pillage_0.6.zip 

Whats next:
MySql Injection

MSSQL specific learning and Labs

Source Code analysis

Recoding your applications in PHP and ASP

Part 1.1 Coding your Python SQL cmdShell:


Part 1.2 Learning SQL: