Beginner’s Guide to sqlmap

Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration.

Christophe · April 14, 2021

Duration: 40 minutes

Difficulty: Beginner

Topics Covered:

  • Creating a home lab environment
  • Downloading and installing the latest version of sqlmap
  • Most useful options and configurations sqlmap has to offer for beginners
  • Finding and exploiting SQL injections with sqlmap
  • Enumerating vulnerable database information (such as database names, schema, tables, and data within those tables)
  • Cracking passwords stored within vulnerable databases with sqlmap’s built-in functionality

Recommended Pre-requisites:

  • Experience with SQL (you should know what SQL is)
  • Experience working with web applications (you should understand how apps use databases)
  • Experience working with databases (at least a high-level understanding of how databases work)
  • Knowledge of different database engines (ie: you should know what MySQL means)

About Instructor

Christophe

19 Courses

Not Enrolled

Course Includes

  • 9 Lessons
  • Course Certificate