ST

Description: SQL injection is a technique in which an attacker exploits a security vulnerability occurring in the database layer of an application. This vulnerability is present when the user input is not filtered properly. In this video Nox and Patchy from Infinity Exists use an SQL (Structured Query Language) injection vulnerability to extract password hashes from the websites database.The vulnerability is present in WP-Forums. They first check for the vulnerability using universal truths like 1=1 etc . Using False  statements like 1=0 with  the AND operator produces sql errors which  give away the SQL statement used in the  website. They then  find the no of  columns in the database using the ORDER BY statement . Any ORDER BY X statement (where  x is an integer )  where x is greater than the no of columns will produce an error message.We can then find the column to which the data is output to  using select by statement using different integers for different columns  . Since wp forums is open source we can find the name of the table and the corresponding column that contains the passwords hashes.. We can modify the sql query to output the password hashes to the column to which the data is output to from the table that contains the password hashes.The administrator  password is generally the first password so we can get the password which  has  the first id ( or id=1) then use a . we can then use a dictionary attack on the MD5 hash thus obtained to crack the administrator password  using Cain and Abel.

A high resolution version of this video is available for download here.