Тёмный

Blind SQL Injection Made Easy 

The Cyber Mentor
Подписаться 770 тыс.
Просмотров 30 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

00:00 Intro
01:12 Snyk Ad
02:31 Blind SQLi Primer
03:55 Hands-on lab
11:30 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Наука

Опубликовано:

 

30 июл 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 36   
@aaftabahmed6876
@aaftabahmed6876 Год назад
Insane brother ❤
@presequel
@presequel 11 месяцев назад
nice video :) when i did this i used the numbers option as my first payload, its easier than a simplelist with typing the numbers. and i use the little searchbar at the bottom of the screen(where you typed in welcome) to typ in the chars, not shocking but a little easier than grabbing notepad to do this.
@sammy49668
@sammy49668 9 месяцев назад
great content❤
@kumarsiddappa6118
@kumarsiddappa6118 Месяц назад
Can we get the link for the sql cheat sheet to understand the underlying DB Vendor
@VectorGameStudio
@VectorGameStudio Год назад
Awesome
@jaywandery9269
@jaywandery9269 9 месяцев назад
what query would you use to determine the table name if you did not have the information that the users table existed.
@seancantwell12
@seancantwell12 8 месяцев назад
It depends on the database software. For example, you could reference the information_schema.tables or all_tables. However, using this query in a blind SQL injection attack might be tricky but I’m sure you could figure it out.
@jaywandery9269
@jaywandery9269 8 месяцев назад
@@seancantwell12 thank you, I will definitely try this
@hkr37
@hkr37 2 месяца назад
​@@seancantwell12 how to determine table and column names in oracle blind error based sql injection? I tried more tricks and queries. All of failed. If u know the query, pls tell me
@adityakiddo6554
@adityakiddo6554 2 месяца назад
Before that there is one step service enumeration of sql db management systems ,, through that you can find few clues of syntaxes and use possible users table names. From web through bruteforce during live pentesting
@prashantrastogi1024
@prashantrastogi1024 Год назад
Stoic Alex🔥
@darrylwest3106
@darrylwest3106 4 месяца назад
lmao🤣
@coders_algoritmers1032
@coders_algoritmers1032 6 месяцев назад
Sqlmap showing me false positive and unexploitable point detected even vulnerability is available what i do please tell me
@krlst.5977
@krlst.5977 Год назад
I really enjoyed your video, however i am asking you to use some other tools for such tasks. I mean Burp suite without subscription is really slow, to solve these SQL labs i used hydra for example, coz it is free and fast unlike the free version of Burp :) Anyway, thanks for such useful videos!
@presequel
@presequel 11 месяцев назад
there is a plugin, i believe it is called turbo intruder, that speeds up the proces in burp, maybe that helps ( a little). interesting idea to use hydra, i would use sqlmap or zap but never thought of doing it with hydra, will give it a try :)
@konallen1510
@konallen1510 Год назад
把数据存储在oss,只能存储不能解析?
@imnothacker_
@imnothacker_ Год назад
❤️😊
@barbarosa5063
@barbarosa5063 Год назад
Hi guys what free website do you recommend for information security courses
@killergamingfamily3039
@killergamingfamily3039 Год назад
Chek HackReveal
@darknytprivate1946
@darknytprivate1946 Год назад
hackersploit and hackerone also
@seancantwell12
@seancantwell12 8 месяцев назад
The example in the video was from Port Swigger’s free academy
@vishwagautham704
@vishwagautham704 Год назад
Do we can use windows for this activity
@adityakiddo6554
@adityakiddo6554 2 месяца назад
No problem at all , if skilled you can solve labs like these even on a phone
@aaftabahmed6876
@aaftabahmed6876 Год назад
Can we have one video on Sqlmap 😍
@AppSecExplained
@AppSecExplained Год назад
For sure! I'll add it to the list :)
@kiiturii
@kiiturii Год назад
would be great if you showed how to do this with other tools, ain't nobody affording pro burp
@geekygymrat
@geekygymrat 6 месяцев назад
You can easily automate something like this with Python.
@kiiturii
@kiiturii 6 месяцев назад
@@geekygymrat ok bro🤦‍♀️
@ChristianRuiz-yw6ur
@ChristianRuiz-yw6ur 9 месяцев назад
that mean the password it's not encryption, right?
@seancantwell12
@seancantwell12 8 месяцев назад
Correct. In this case, the password was stored in plaintext. However, you could still use this method to find the password’s hash or encrypted value. Then once you have this value, you can attempt hash cracking or decrypting of the password.
@darbrown19
@darbrown19 5 месяцев назад
music distracting
@hkr37
@hkr37 2 месяца назад
Pls make a tutorial video for blind sql injection with conditional error lab. They are provide table and column names, but in real time we need to find table and column names.pls make a video How to write query for find table and columns name in oracle blind error based sql injection. Tq 🎉
@hmidadeusa6286
@hmidadeusa6286 Год назад
Please, brother, teach us how to hack any Tik Tok account without software
@r.raskolnickoff1408
@r.raskolnickoff1408 Год назад
if request userID contains 'AND' send response go away n00b
@muneeburrehman547
@muneeburrehman547 8 месяцев назад
what?
Далее
How to Hack WordPress
14:06
How to Hack WordPress
Просмотров 68 тыс.
Avoid "OR 1=1" in SQL Injections
10:56
Avoid "OR 1=1" in SQL Injections
Просмотров 25 тыс.
"Бедная девочка" Люди рыдали, теряя сознание... На похороны известного блогера пришли тысячи людей
01:54
"Бедная девочка" Люди рыдали, теряя сознание... На похороны известного блогера пришли тысячи людей
Просмотров 598 тыс.
Стоп продукты Оксаны Самойловой #интервью #диета
00:55
Стоп продукты Оксаны Самойловой #интервью #диета
Просмотров 2,8 млн
ЭТУ МАСКУ НЕВОЗМОЖНО ПРОЙТИ 🤬 #шортс #мем #бабич #shorts #trending #ytshorts
01:01
ЭТУ МАСКУ НЕВОЗМОЖНО ПРОЙТИ 🤬 #шортс #мем #бабич #shorts #trending #ytshorts
Просмотров 77 тыс.
#kikakim
00:31
#kikakim
Просмотров 10 млн
Cracking JSON Web Tokens
14:34
Cracking JSON Web Tokens
Просмотров 55 тыс.
SQLite Blind SQL Injection - HackTheBox Cyber Apocalypse CTF
35:25
SQLite Blind SQL Injection - HackTheBox Cyber Apocalypse CTF
Просмотров 71 тыс.
SQL Injection Beginner Crash Course
30:00
SQL Injection Beginner Crash Course
Просмотров 57 тыс.
#60 SQL injection on a Government website!! Like & Subscribe #bugbounty Full course part-60.
9:58
#60 SQL injection on a Government website!! Like & Subscribe #bugbounty Full course part-60.
Просмотров 1,1 тыс.
The Ugly Truth About Hacking
8:30
The Ugly Truth About Hacking
Просмотров 33 тыс.
SQL Injection Attack Tutorial - I didn't know you can do that
12:59
SQL Injection Attack Tutorial - I didn't know you can do that
Просмотров 31 тыс.
SQL Injection | Complete Guide
1:11:53
SQL Injection | Complete Guide
Просмотров 235 тыс.
Directory Traversal attacks are scary easy
9:41
Directory Traversal attacks are scary easy
Просмотров 19 тыс.
SQL Injection - Lab #11 Blind SQL injection with conditional responses
48:56
SQL Injection - Lab #11 Blind SQL injection with conditional responses
Просмотров 22 тыс.
SQL Injection Hacking Tutorial (Beginner to Advanced)
1:01:05
SQL Injection Hacking Tutorial (Beginner to Advanced)
Просмотров 198 тыс.
Kindle ✨📖🫶🏻 Paperwhite 11 #kindle #kindlepaperwhite #kindlepaperwhite11 #книги
0:47
Kindle ✨📖🫶🏻 Paperwhite 11 #kindle #kindlepaperwhite #kindlepaperwhite11 #книги
Просмотров 70 тыс.
S24 Ultra and IPhone 14 Pro Max telephoto shooting comparison #shorts
0:15
S24 Ultra and IPhone 14 Pro Max telephoto shooting comparison #shorts
Просмотров 10 млн
#engineering #diy #amazing #electronic #fyp
0:59
#engineering #diy #amazing #electronic #fyp
Просмотров 2,4 млн
ПРО БЛОКИРОВКУ YOUTUBE ❌ Ютуб заблокируют - как смотреть?
8:17
ПРО БЛОКИРОВКУ YOUTUBE ❌ Ютуб заблокируют - как смотреть?
Просмотров 50 тыс.
Это Xiaomi Su7 Max 🤯 #xiaomi #su7max
1:01
Это Xiaomi Su7 Max 🤯 #xiaomi #su7max
Просмотров 2 млн
CMF Buds Pro 2 - топ-вариант за 60 баксов
0:59
CMF Buds Pro 2 - топ-вариант за 60 баксов
Просмотров 724 тыс.
Новые iPhone 16 и 16 Pro Max
0:42
Новые iPhone 16 и 16 Pro Max
Просмотров 2,1 млн