From the course: Penetration Testing Essential Training
Join today to access over 24,900 courses taught by industry experts.
Web server penetration using sqlmap - Linux Tutorial
From the course: Penetration Testing Essential Training
Web server penetration using sqlmap
- [Instructor] Let's take a look at how we approach the initial penetration of a web server using SQLmap. To do this, I'll use a target in the LinkedIn learning pen testing lab. If you want to know more about this lab, check out my Advanced Kali course. The target we'll use is the Europa server, which is on address 10.10.10.22. I've VPNed into the lab and we'll do a deep nmap scan with a minus A switch. Nmap -PS -F -A 10.10.10.22. Okay, we can see we've got three ports open, SSH on port 22 and both HTTP and HTTPS web services on ports 80 and 443 respectively. And we're running an Apache 2.4.18 website. We can see the SSL certificate uses the subject name europacorp.htb with alternate names of www.europacorp.htb and admin-portal.europacorp.htb. This indicates we may be looking at a name server. Let's go visit the websites. If we go to 10.10.10.22, we can see we've got the default Apache 2 webpage. When we go to HTTPS, we have a potential security problem but we'll accept that and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.