Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
Thanks to you ma'am. Many of my doubts are clear now and have concise overview how to think like you as a hacker. But I have one doubt here in this video, please consider answering my question. The main point of SQLI is to find out tables, columns and finally data. Here we may find the "users" table by brute forcing. But how could you find the columns' names by brute forcing or any other techniques when exploiting in real world having no prior knowledge. Thank you ❤❤❤
you mentioned that password can be cracked by scripting with python. more details, about that please ? thank you so much for this in depth details explanation !
Great video. Instead of buying the professional edition, I used a Burpsuite extension called turbo intruder. I created my attack list of numbers from 1 to 100 and gave it to the payload. The attack was completed in 3-4 seconds. Maybe it's even faster than the professional edition itself. XD
Thanks a million for your awesome awesome videos. I have a request, Please make a video on scrypting with python. Also, when will you release your videos on Lab16 and above?
First of all great video, well explained MashAllah! Somequestions!!! 1. what if users table exists with a different name like users_jkftb or users_yyytf? 2. What if administrator was named as admin or super user? 3. Does the vendor of the database matter? i think it does based upon if oracle or mysql our payloads would differ. 4. How can we construct an attach methodology that can work irrespective of database vendor and predefined names of tables or users? A real life approach. Thanks AHmed
you can use the same substring() function for those fields like "database name", "user table name" or "username" if you have access to information_schema.tables with the injection. but it is the same way.
Hi Rana, You told that the speed of intruder can be faster by using python scripting. Would you please point me toward any such material which teaches how to do scripting on Burp? Thanks
You cannot do Python scripting in Burp. She is saying if you only have access to the Community edition a clusterbomb attack would take too long and she would rather write a Python script to perform the attack, because it has no built-in throttling like Burp Community Edition.
Well try and do that. Try brute-forcing a password, that is 20 characters long. In this lab, you have a specification, that the password is made up using only lowercase characters. That is 26 characters per slot. That is 20^26. The number is so large, you can not put it into a scale, that the human brain could comprehend. A modern computer can hash let's say 70k hashes a second. It would take 3040011596723926000000 years to break this password. Good luck with that.
I believe you made a mistake at 17:00 , you also should have changed 'administrator' after the = sign into 'admnistratorfwiofoweow' because if the query checks administratorfwiofoweow with administrator then obviously it will always be false, even if the username administratorfwiofoweow actually exists
I have seen your writeups and blog and masha allah its very good and interesting... I humbly request one more writeup or video playlist from you is about BOF... I dont see good resources for this.
I can't tell you how helpful your videos have been. While doing the labs side by side I do it once with you, then again on my own, and it's been night and day in proficient results. I hope I'm lucky enough where you did all the labs in practitioner, so I can follow along and so happy I found your channel. Thanks for your hard work and educational videos. - grateful, newb.
this content is free, yet invaluable. i wish i was rich enough to donate $5m to Rana, i wonder what benevolent act for the infosec community she'd cook up next
This was the best one yet! Thanks Rana! One thing to note is how this process could be improved by using greater than or less than operators instead of just equal to.
Al salam alike , Rana, I can't find the SQL injection theory video you mentioned in the first minute of this video can you please share the link, also I want to tell you that you are a very good instructor
and (select username from users WHERE username='administrator'and LENGHT(password)>1)='administrator'--' this statement might not work in the burpsuite instead of this go with and(SELECT+'a'+FROM+users+WHERE+username%3d'administrator'+AND+LENGTH(password)>1)%3d'a
@@victornicol2136 try this: and(Select 'a' from users where username = 'administrator and LENGHT(password)>1)='a (make sure to encode it as url by pressing ctrl+u)
@@anirudhsaxena9214 doesnt work aswell 😕 but i think thé error com from the lenght command function because i tried with other values and it never work that weird : ' and (select 'a' from users where username='administrator' and lenght(administrator)>1)='a i feel like im missing something really stupid haha
She mentioned so she wouldn't get a syntax error which cant be in the SQLi since you don't need it in this situation so my only guess would be so Obsidian (the note app she's using) doesn't throw up a syntax error.
![DDG & G Herbo - Nosey [Official Video]](http://i.ytimg.com/vi/I9Ra0Zc2NlQ/mqdefault.jpg)
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
These videos are amazing, Rana. Thank you!
Thanks to you ma'am.
Many of my doubts are clear now and have concise overview how to think like you as a hacker.
But I have one doubt here in this video, please consider answering my question.
The main point of SQLI is to find out tables, columns and finally data.
Here we may find the "users" table by brute forcing.
But how could you find the columns' names by brute forcing or any other techniques when exploiting in real world having no prior knowledge.
Thank you
❤❤❤
Like the way you teach you explain as you go which is good for beginners
Thank you for being very thorough, and descriptive
Hi Rana, i follow your video and solve the lab using a python script with Binary Search. Thank you for you content!!!
you mentioned that password can be cracked by scripting with python.
more details, about that please ?
thank you so much for this in depth details explanation !
Nothing is stopping you from sending HTTP requests using Python
thanks for this series ☺️☺️
Very nice video, seriously this helped me a lot. Thank-you Rana Khalil..
Really nice and well explained. Also like your clear voice 👍🏻
where is the video where you script this in python?? burp community is way too slow to do these labs
Great video. Instead of buying the professional edition, I used a Burpsuite extension called turbo intruder. I created my attack list of numbers from 1 to 100 and gave it to the payload. The attack was completed in 3-4 seconds. Maybe it's even faster than the professional edition itself. XD
thanks for this tip ill try it out too
Thanks a million for your awesome awesome videos. I have a request, Please make a video on scrypting with python. Also, when will you release your videos on Lab16 and above?
First of all great video, well explained MashAllah!
Somequestions!!!
1. what if users table exists with a different name like users_jkftb or users_yyytf?
2. What if administrator was named as admin or super user?
3. Does the vendor of the database matter? i think it does based upon if oracle or mysql our payloads would differ.
4. How can we construct an attach methodology that can work irrespective of database vendor and predefined names of tables or users? A real life approach.
Thanks
AHmed
you can use the same substring() function for those fields like "database name", "user table name" or "username" if you have access to information_schema.tables with the injection. but it is the same way.
Thanks for this Ms.Khalil
Very useful, thanks Rana.
Thank you teacher, this helps me a lot
Great video! Thank you.
thank a lot. I really wanna see the python solution 😁
how to get tracking id in latest cookie editor can anyone help me to sort it out please
Has someone made a video about clusterbombing using python?
Hi Rana, You told that the speed of intruder can be faster by using python scripting. Would you please point me toward any such material which teaches how to do scripting on Burp? Thanks
You cannot do Python scripting in Burp. She is saying if you only have access to the Community edition a clusterbomb attack would take too long and she would rather write a Python script to perform the attack, because it has no built-in throttling like Burp Community Edition.
Hello, salutes from Russia. I have a question: what happened to your voice?
most stupid exercise on portswigger. Why do SQli when you can brute force with hydra. Waste of time.
Well try and do that. Try brute-forcing a password, that is 20 characters long. In this lab, you have a specification, that the password is made up using only lowercase characters. That is 26 characters per slot. That is 20^26. The number is so large, you can not put it into a scale, that the human brain could comprehend. A modern computer can hash let's say 70k hashes a second. It would take 3040011596723926000000 years to break this password. Good luck with that.
I believe you made a mistake at 17:00 , you also should have changed 'administrator' after the = sign into 'admnistratorfwiofoweow' because if the query checks administratorfwiofoweow with administrator then obviously it will always be false, even if the username administratorfwiofoweow actually exists
I was thinking the same thing.
I have seen your writeups and blog and masha allah its very good and interesting... I humbly request one more writeup or video playlist from you is about BOF... I dont see good resources for this.
Tib3rius has several videos about buffer overflow: ruclips.net/video/1X2JGF_9JGM/видео.html
@@RanaKhalil101 Jazakallah hu khair
I can't tell you how helpful your videos have been.
While doing the labs side by side I do it once with you, then again on my own, and it's been night and day in proficient results.
I hope I'm lucky enough where you did all the labs in practitioner, so I can follow along and so happy I found your channel.
Thanks for your hard work and educational videos.
- grateful, newb.
Absolutely brilliant vid you explain it so well SQL is something i struggle with well not anymore thanks to you
Much appreciated
this content is free, yet invaluable. i wish i was rich enough to donate $5m to Rana, i wonder what benevolent act for the infosec community she'd cook up next
perfectly explained
You have done a great job... shortly you will have a lot of followers. Amazing format and approach.
Well, you don't need the cookie editor extension, because nowadays viewing and editing cookies is possible directly from the browser's dev tools
This was the best one yet! Thanks Rana! One thing to note is how this process could be improved by using greater than or less than operators instead of just equal to.
i was thinking something similar as well!
Can you explain this better, please?
thank you a lot of
The results of the cluster could just have been sorted, first descending payload 1, secondly Length descending
Everyone has different password for the exercise so please don't copy from here and better do it . Thank me later .😅
is url encoding really necessary ? cause it works fine without it
thank you so much , can i useing this way for users ... i tallk about brute forcer?
شكرا جزيلا
Hii sis, i cant able to apply welcome in filter section, how to fix that
abla hızlı ol ak
Great video!
you used but why? I tried
Great video. I could understand Blind SQLi from this video because the explanation was very clear. THX!
Great Video! If somebody wants to run it on Community Edition, it's not a huge deal, my scan lasted around 35 minutes.
I have been really enjoying your challenge walk throughs. Really clear and well presented. Thankyou
U think you could also make a grep match filter like "Welcome back!" or all
Al salam alike , Rana, I can't find the SQL injection theory video you mentioned in the first minute of this video can you please share the link, also I want to tell you that you are a very good instructor
Thank you! Here's a link to the video: ruclips.net/video/1nJgupaUPEQ/видео.html&ab_channel=RanaKhalil
@@RanaKhalil101 I appreciate that thanks and Ramadan mbark
if the table,columns, user names are not given , how can we do the blind SQLi to extract them ?
Does the community edition only allow one payload set per attack? :(
What's name of too that in python script : I don't have professional edition
Thank you so much teacher; this helps a lot !!
Thnx
Thank you @Rana Khali, great explanation!
Have you ever tried Bug bounty programs ?
thanks mam for this video
and (select username from users WHERE username='administrator'and LENGHT(password)>1)='administrator'--' this statement might not work in the burpsuite instead of this go with and(SELECT+'a'+FROM+users+WHERE+username%3d'administrator'+AND+LENGTH(password)>1)%3d'a
both doesn't work for me do u have any idea ? i use burpsuite community edition
@@victornicol2136 try this: and(Select 'a' from users where username = 'administrator and LENGHT(password)>1)='a (make sure to encode it as url by pressing ctrl+u)
@@anirudhsaxena9214 doesnt work aswell 😕 but i think thé error com from the lenght command function because i tried with other values and it never work that weird : ' and (select 'a' from users where username='administrator' and lenght(administrator)>1)='a i feel like im missing something really stupid haha
@@victornicol2136 you are not getting welcome back message through this or getting protocol error
@@victornicol2136 broo thatsss notttttt lenght(administrator) that's LENGHT(password )🥲🥲🥲🥲
excellent work
Thank a lot
At about 9:00, why did you add the single quote if you commented it out right after ? I’m a bit confused there.
She mentioned so she wouldn't get a syntax error which cant be in the SQLi since you don't need it in this situation so my only guess would be so Obsidian (the note app she's using) doesn't throw up a syntax error.
Does anyone have a link to a python script tutorial that Rana mentioned? I'd love to see how to do this in Python.
Links to scripts are in the description of the video :)
@@RanaKhalil101 oh ya I found those eventually... LOVE IT! Thanks so much for all your work!