The Practical Guide to sqlmap for SQL Injection
-
About the CourseAbout the course
-
About the course author
-
Pre-requisites
-
Setting up our lab environmentCreating a home lab environment
-
Downloading the latest sqlmap (optional)
-
sqlmap OverviewWhat is sqlmap?
-
sqlmap: An introduction
-
Techniques used by sqlmap
-
Features and usage
-
Understanding the source code
-
Knowledge check1 Quiz
-
sqlmap Options Deep DiveNavigating the options sections
-
Using vulnserver.py
-
Main OptionsOptions
-
Target
-
Practical Knowledge Check
-
Requests OptionsHTTP headers, methods, and data
-
Cookies
-
HTTP authentication
-
Proxies and using sqlmap anonymously
-
CSRF tokens
-
General Options
-
Eval
-
Practical Knowledge Check
-
Optimizations OptionsOptimization
-
Injections OptionsInjection part 1
-
Injection part 2
-
Tamper scripts
-
Detection OptionsDetection
-
Practical Knowledge Check
-
Techniques OptionsTechniques part 1
-
Techniques part 2
-
Fingerprinting OptionsFingerprinting
-
Practical Knowledge Check
-
Enumeration OptionsEnumeration part 1
-
Enumeration part 2
-
Enumeration part 3
-
Practical Knowledge Check
-
Brute Force OptionsBrute force
-
UDF OptionsUser-defined function injection
-
File, OS, and Windows registry accessFile system access
-
Operating system access
-
Windows registry access
-
Practical knowledge check
-
General & MiscellaneousGeneral part 1
-
General part 2
-
General part 3
-
Miscellaneous
-
Practical Knowledge Check
-
sqlmap in actionInformation gathering
-
Finding an SQL injection vulnerability
-
Exploiting an SQL injection vulnerability to extract data
-
Cracking extracted password hashes
-
Bypassing WAFsWAFs overview
-
WAF identification
-
Manual WAF bypass
-
WAF bypass with sqlmap
-
Running sqlmap as an APIWhy run sqlmap as an API?
-
How to run sqlmap as an API
-
ConclusionAdditional resources
-
What now?
Hi, I’m Christophe Limpalair, and I’m the author of this course! I’ll keep this short and sweet so you can learn a little bit more about me, who I am, and what my background is. If you don’t care and would rather get straight to learning, please feel free to skip this lecture! I know some people like to learn more about the person who will be teaching them, so that’s why I created this lesson.
Some of you may have already taken courses from me on Cybr, while others may have seen me on Linux Academy which was a cloud, Linux, and DevOps training platform. Back in 2016, I sold my first online IT business to Linux Academy, where I then created multiple AWS training courses, including certification-prep training, and also helped develop, maintain, and defend our hands-on labs platform. We were acquired and merged with a competitor called ACloudGuru, and they just announced being acquired by Pluralsight this year (2021).
So I’ve been training individuals all the way to Fortune 500 companies for about 6 years now, which means I’ve seen everything from great technical implementations to bad technical implementations.
Before that, I was a web developer, and in fact, I got started when I was about 11 years old. I had just moved from France to the United States. I had no friends and nothing to do and turned to computers. I started with building web apps, then desktop apps, and eventually played around with creating and defending against malware, simply for the sake of learning.
Some of my first web apps to get publicly deployed were compromised literally within days.
I had no idea how, but I wanted to learn, and so I did. Back then, there were not nearly as many resources as there are today, but to be honest, in some ways, that’s actually overwhelming, and I hear that from students all of the time: there’s either a lack of accessible and affordable training resources or there are so many that conflict with each other that you don’t know where to start or where to go next.
So now, I create entry to intermediate-level training for cybersecurity topics, and whenever I’m not creating content, I’m usually helping people in our community, or I’m bug bounty hunting.
I hope that you like my training content. Whether you do or don’t, I would love to hear your feedback as I’m always looking to improve and I directly implement feedback in my existing and upcoming courses.
So don’t hesitate to reach out either on Discord, our Cybr forums, or even directly via my email christophe at cybr.
Thanks for watching this, let me know if you have any questions, otherwise, let’s get started with the course!
Responses