I’m currently learning abut SQL Injection and as luck happens I was asked to have a poke around at an internal web application that we have to see if it has any problems. I’m by no means a pen tester just someone who likes to poke around at stuff.
I was quickly able to find a way to return logon names and passwords from the SQL database using SQL injection but password seem to be encoded/encrypted.
Is there a way to tell what encoding/encryption is used?
What I could see was that many accounts have the same stored password (12 characters and always starting with a = symbol) which I guessed correctly is “password”. However, my stored password (which isn’t “password”) is 16 characters and also starting with a = symbol. Other accounts that I now are not “password” are also 16 characters.
I have verified my findings with the backend database but I would like to demonstrate that although I can retrieve information on all the accounts I can then use the credentials to log in.
I have run the stored passwords through encoders on clez.net but it doesn’t decode my password to what I know it should be.
Thanks in advance for any help.
PS. I have permission to do this testing.