Back to Course

The Practical Guide to sqlmap for SQL Injection

0% Complete
0/0 Steps
  1. About the Course

    About the course
  2. About the course author
  3. Pre-requisites
  4. Setting up our lab environment
    Creating a home lab environment
  5. Downloading the latest sqlmap (optional)
  6. sqlmap Overview
    What is sqlmap?
  7. sqlmap: An introduction
  8. Techniques used by sqlmap
  9. Features and usage
  10. Understanding the source code
  11. Knowledge check
    1 Quiz
  12. sqlmap Options Deep Dive
    Navigating the options sections
  13. Using vulnserver.py
  14. Main Options
    Options
  15. Target
  16. Practical Knowledge Check
  17. Requests Options
    HTTP headers, methods, and data
  18. Cookies
  19. HTTP authentication
  20. Proxies and using sqlmap anonymously
  21. CSRF tokens
  22. General Options
  23. Eval
  24. Practical Knowledge Check
  25. Optimizations Options
    Optimization
  26. Injections Options
    Injection part 1
  27. Injection part 2
  28. Tamper scripts
  29. Detection Options
    Detection
  30. Practical Knowledge Check
  31. Techniques Options
    Techniques part 1
  32. Techniques part 2
  33. Fingerprinting Options
    Fingerprinting
  34. Practical Knowledge Check
  35. Enumeration Options
    Enumeration part 1
  36. Enumeration part 2
  37. Enumeration part 3
  38. Practical Knowledge Check
  39. Brute Force Options
    Brute force
  40. UDF Options
    User-defined function injection
  41. File, OS, and Windows registry access
    File system access
  42. Operating system access
  43. Windows registry access
  44. Practical knowledge check
  45. General & Miscellaneous
    General part 1
  46. General part 2
  47. General part 3
  48. Miscellaneous
  49. Practical Knowledge Check
  50. sqlmap in action
    Information gathering
  51. Finding an SQL injection vulnerability
  52. Exploiting an SQL injection vulnerability to extract data
  53. Cracking extracted password hashes
  54. Bypassing WAFs
    WAFs overview
  55. WAF identification
  56. Manual WAF bypass
  57. WAF bypass with sqlmap
  58. Running sqlmap as an API
    Why run sqlmap as an API?
  59. How to run sqlmap as an API
  60. Conclusion
    Additional resources
  61. What now?
Lesson 2 of 61
In Progress

About the course author

Christophe June 14, 2021

Hi, I’m Christophe Limpalair, and I’m the author of this course! I’ll keep this short and sweet so you can learn a little bit more about me, who I am, and what my background is. If you don’t care and would rather get straight to learning, please feel free to skip this lecture! I know some people like to learn more about the person who will be teaching them, so that’s why I created this lesson.

Some of you may have already taken courses from me on Cybr, while others may have seen me on Linux Academy which was a cloud, Linux, and DevOps training platform. Back in 2016, I sold my first online IT business to Linux Academy, where I then created multiple AWS training courses, including certification-prep training, and also helped develop, maintain, and defend our hands-on labs platform. We were acquired and merged with a competitor called ACloudGuru, and they just announced being acquired by Pluralsight this year (2021).

So I’ve been training individuals all the way to Fortune 500 companies for about 6 years now, which means I’ve seen everything from great technical implementations to bad technical implementations.

Before that, I was a web developer, and in fact, I got started when I was about 11 years old. I had just moved from France to the United States. I had no friends and nothing to do and turned to computers. I started with building web apps, then desktop apps, and eventually played around with creating and defending against malware, simply for the sake of learning.

Some of my first web apps to get publicly deployed were compromised literally within days.

I had no idea how, but I wanted to learn, and so I did. Back then, there were not nearly as many resources as there are today, but to be honest, in some ways, that’s actually overwhelming, and I hear that from students all of the time: there’s either a lack of accessible and affordable training resources or there are so many that conflict with each other that you don’t know where to start or where to go next.

So now, I create entry to intermediate-level training for cybersecurity topics, and whenever I’m not creating content, I’m usually helping people in our community, or I’m bug bounty hunting.

I hope that you like my training content. Whether you do or don’t, I would love to hear your feedback as I’m always looking to improve and I directly implement feedback in my existing and upcoming courses.

So don’t hesitate to reach out either on Discord, our Cybr forums, or even directly via my email christophe at cybr.

Thanks for watching this, let me know if you have any questions, otherwise, let’s get started with the course!

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.