MYSQL Database SQL Injection with sqlmap | Aiweb1 vulnhub

The video is a tutorial on SQL Injection attacks, particularly testing for vulnerabilities in a machine designed for ethical hacking practice. The instructor demonstrates how to identify a vulnerable website, test SQL injection manually, and exploit it using automated tools like SQLMap. The tutorial is structured into multiple parts, with this video covering the identification and exploitation phase.
****
Receive Cyber Security Field Notes and Courses
Writeup
****
Store
Patreon
LinkedIn
Instagram
Google Profile
Twitter
Facebook
***
00:00 - Introduction
00:09 - Overview of SQL Injection Attack
00:16 - Target Machine: Artificial Intelligence
00:25 - Video Breakdown and Learning Milestones
00:36 - Identifying a Vulnerable Website
00:47 - Gathering the Target IP Address
00:59 - Scanning Open Ports with Nmap
01:13 - Finding Directories with DirBuster
01:25 - Identifying User Submission Forms
01:54 - Possible Exploits: XSS, SQL Injection
02:28 - Understanding Submission Parameters
03:07 - Finding the Vulnerable Parameter
03:26 - No URL Change: Identifying Blind Injection
03:38 - Intercepting Requests with Burp Suite
04:12 - Capturing HTTP Request for Analysis
04:20 - Identifying Parameters in Burp Suite
05:15 - Challenges in SQLMap Execution
05:41 - Copying Raw Request for Manual Injection
06:45 - Identifying Database Version and Type
07:01 - MySQL and Apache Server Version Details
07:52 - Importance of Database Version for Exploits
08:30 - Extracting Database Name
09:10 - Database Name: Artificial Intelligence
09:49 - Extracting Database Tables and Columns
10:20 - Identifying Tables of Interest
10:36 - Columns of Interest: Usernames and Passwords
11:08 - Dumping Table Data
12:19 - Locating SQLMap Output Data
13:00 - Accessing Extracted Information
13:48 - Harvesting Admin and User Credentials
14:46 - Decoding Password Hashes
15:22 - Extracted Passwords for Admin and Users
15:49 - Converting SQL Injection to a Reverse Shell
16:01 - Next Steps and Conclusion