Skip to Content
Becoming the Hacker
book

Becoming the Hacker

by Adrian Pruteanu
January 2019
Beginner
404 pages
8h 53m
English
Packt Publishing
Content preview from Becoming the Hacker

Async data exfiltration

There is one more challenge with this particular type of vulnerability. Its asynchronous nature makes it impossible to use traditional methods for data exfiltration. While the query may execute successfully and the SQL server will delay the query result, we'd never be able to measure this, as the application that we are targeting does not wait for the SQL server response and returns immediately.

We have to be a bit more clever to extract data and successfully compromise the target. MS SQL server, MySQL, PostgreSQL, and others all have ways to accomplish our goal. We'll just go over an MS SQL method, but with a little creativity, any database engine can bend to the attacker's will. It's also important to remember that this ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Tribe of Hackers Red Team

Tribe of Hackers Red Team

Marcus J. Carey, Jennifer Jin
How to Hack Like a Ghost
Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims
Ethical Hacking

Ethical Hacking

Daniel G. Graham

Publisher Resources

ISBN: 9781788627962Supplemental Content