1
00:00:01,860 --> 00:00:06,890
OK so now we know our target database is called us.

2
00:00:07,510 --> 00:00:12,820
Let's try and discover the tables that exist in that database.

3
00:00:12,840 --> 00:00:14,990
So this is our select statement.

4
00:00:15,060 --> 00:00:18,090
It's a union select one and we have these things.

5
00:00:18,180 --> 00:00:23,470
So I'm going to leave this or change this to no because I only want to select one thing.

6
00:00:23,710 --> 00:00:27,220
And I'm going to say this too as well.

7
00:00:27,270 --> 00:00:32,960
And number two we're going to select table name

8
00:00:37,970 --> 00:00:44,300
from now we're going to select this from a database called Information Kema.

9
00:00:44,310 --> 00:00:51,420
Now I said this in the first video of rescue owl that information schema is the default database created

10
00:00:51,420 --> 00:00:56,450
by my su l and it contains information about all other databases.

11
00:00:56,520 --> 00:01:00,390
So what we're doing now we're selecting the table name from information

12
00:01:03,360 --> 00:01:05,910
schema that.

13
00:01:06,090 --> 00:01:11,190
And after that you put the table.

14
00:01:11,220 --> 00:01:18,750
So basically we're selecting a table called tables from a database called Information schema and the

15
00:01:18,750 --> 00:01:21,890
column that we're selecting is called Table name.

16
00:01:22,170 --> 00:01:28,680
So we're selecting table name from the database that's called Information schema from the table tables.

17
00:01:29,420 --> 00:01:36,020
Let's execute this and see if we can get all the tables that exist and was then database

18
00:01:44,560 --> 00:01:47,940
so we can see we got 237 records.

19
00:01:48,310 --> 00:01:50,560
And you can see all the tables that we have.

20
00:01:50,560 --> 00:01:57,190
So these are all the tables that we have access to.

21
00:01:57,190 --> 00:02:03,550
So again I said we are logged in as root therefore we can actually see tables from other web applications

22
00:02:03,550 --> 00:02:05,130
such as the tickey weiqi.

23
00:02:05,410 --> 00:02:16,020
But in real life scenarios you'll only see tables related to your current database which is Matilda.

24
00:02:16,110 --> 00:02:23,370
So I'm going to do is I'm going to use a WHERE clause and I'm gonna say where the table

25
00:02:26,770 --> 00:02:37,230
schema is equal to our US 10 so us 10 was what we got when we executed when we selected the database.

26
00:02:37,260 --> 00:02:42,690
So we got ours then which is our current database that Matilda is working on.

27
00:02:42,690 --> 00:02:48,900
So we're using the same statements we're selecting the table name from information schema tables where

28
00:02:49,080 --> 00:02:59,750
the table schema is owe us 10 so I'm going to copy that and execute it here.

29
00:03:06,990 --> 00:03:13,170
And as you can see now we have so many so much less tables and we only have the ones that we're interested

30
00:03:13,170 --> 00:03:21,360
in and so we have the accounts the blogs capture data credit cards log and the painters tools.

31
00:03:21,360 --> 00:03:28,140
Now if you remember in the first or second video and the scale injection videos we showed you what's

32
00:03:28,170 --> 00:03:33,970
the content of the WASP table was and was these tables of the Aiwass database.