Omer CItak osquery injection slide, #hacktrickconf 2018

2. whoami
Security Researcher @ Netsparker Ltd.
Developer @ Another Times
Author @ Ethical Hacking “Offensive & Defensive” Book
Digital Nomad - instagram/birazdaburadacalisalim
Core Team @ Arka Kapi Dergi
Blog: omercitak.com | Twitter: @om3rcitak

3. osquery

4. osquery

5. osquery

6. osquery

7. osquery python

8. osquery injection
Query: select username, description from users where username=' " + name + " '

9. osquery injection
Query: select username, description from users where username=' " + name + " '
1- Detect column count

10. osquery injection
Query: select username, description from users where username=' " + name + " '
1- Detect column count
2- Detect table names

11. osquery injection
Query: select username, description from users where username=' " + name + " '
1- Detect column count
2- Detect table names
3- Generate query and inject union based query

12. osquery injection
demo

13. spas
Blog: omercitak.com | Twitter: @om3rcitak