Understanding Blind SQL Injection - Natas15 - Overthewire.org - Walkthrough

This application allows you to check if a user exists or not, and also reveals when a query does not work. Can it be used to extract information from the database? E.g. the password of a user in the database? Sure enough it can, and in this video we will go through step by step how to accomplish this.

In these video series I am running through the Overthewire.org Natas wargame. It’s all about web hacking and shows an array of different web vulnerabilities for us to practice on. This video features Natas15.

If you liked it, or you want more, let me know. Subscribe for updates to my channel.

You can check out my twitter account here for updates: https://twitter.com/ChrisADale

Interested in hiring my team and I for consulting? Check us out at https://riversecurity.eu/

I’m also a SANS certified instructor, and you can come to my classes. Check out my schedule here: https://www.sans.org/instructors/chris-dale