From the course: Ethical Hacking: SQL Injection
Join today to access over 24,900 courses taught by industry experts.
Getting our first sqlmap injection
From the course: Ethical Hacking: SQL Injection
Getting our first sqlmap injection
- One of the important pen testing tools for targets using SQL is SQL Map. Let's take a look at how we approach the initial penetration of the Europa web server on the LinkedIn Learning Lab using SQL Map. I've run an initial scan and we can see that it's ssh on port 22 on both http and https web services. Port 80 presents the Apache default web page, as does port 443. Let's look at our end map scan again. We can see the SSL certificate uses the subject name europacorp.htb with alternative names of www.europacorp.htb and admin-portal.europacorp.htb. Let's add admin-portal.europacorp.htb to our host file. Sudo nano /etc/hosts. And we'll put in 10.10.10.22 admin-portal.europacorp.htb and we'll save that. I'll start at BurpSuite and we'll turn off interception and in our target scope, we'll add admin-portal.europacorp.htb. Okay, on our website, we'll select preferences, network settings, and manual proxy. Okay, and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Inferring TRUE when blind2m 47s
-
(Locked)
Using prepared SQL queries2m 24s
-
(Locked)
Getting our first sqlmap injection5m 35s
-
(Locked)
Sanitizing input to SQL3m 1s
-
(Locked)
Inserting an SQL injection via Burp Suite1m 5s
-
(Locked)
Following up with a second injection6m 31s
-
(Locked)
Defeating the WAF5m
-
(Locked)
Navigating a complex injection11m 21s
-
(Locked)
Using request messages to inject SQL5m 24s
-
(Locked)
Checking out SQLI Labs5m 53s
-
(Locked)
-