Back to Course

The Practical Guide to sqlmap for SQL Injection

0% Complete
0/0 Steps
  1. About the Course

    About the course
  2. About the course author
  3. Pre-requisites
  4. Setting up our lab environment
    Creating a home lab environment
  5. Downloading the latest sqlmap (optional)
  6. sqlmap Overview
    What is sqlmap?
  7. sqlmap: An introduction
  8. Techniques used by sqlmap
  9. Features and usage
  10. Understanding the source code
  11. Knowledge check
    1 Quiz
  12. sqlmap Options Deep Dive
    Navigating the options sections
  13. Using vulnserver.py
  14. Main Options
    Options
  15. Target
  16. Practical Knowledge Check
  17. Requests Options
    HTTP headers, methods, and data
  18. Cookies
  19. HTTP authentication
  20. Proxies and using sqlmap anonymously
  21. CSRF tokens
  22. General Options
  23. Eval
  24. Practical Knowledge Check
  25. Optimizations Options
    Optimization
  26. Injections Options
    Injection part 1
  27. Injection part 2
  28. Tamper scripts
  29. Detection Options
    Detection
  30. Practical Knowledge Check
  31. Techniques Options
    Techniques part 1
  32. Techniques part 2
  33. Fingerprinting Options
    Fingerprinting
  34. Practical Knowledge Check
  35. Enumeration Options
    Enumeration part 1
  36. Enumeration part 2
  37. Enumeration part 3
  38. Practical Knowledge Check
  39. Brute Force Options
    Brute force
  40. UDF Options
    User-defined function injection
  41. File, OS, and Windows registry access
    File system access
  42. Operating system access
  43. Windows registry access
  44. Practical knowledge check
  45. General & Miscellaneous
    General part 1
  46. General part 2
  47. General part 3
  48. Miscellaneous
  49. Practical Knowledge Check
  50. sqlmap in action
    Information gathering
  51. Finding an SQL injection vulnerability
  52. Exploiting an SQL injection vulnerability to extract data
  53. Cracking extracted password hashes
  54. Bypassing WAFs
    WAFs overview
  55. WAF identification
  56. Manual WAF bypass
  57. WAF bypass with sqlmap
  58. Running sqlmap as an API
    Why run sqlmap as an API?
  59. How to run sqlmap as an API
  60. Conclusion
    Additional resources
  61. What now?

Really quickly before we move on, I did want to highlight some pre-requisites that you should have before taking this course.

In order to fully utilize SQLMap, it’s important that you have a solid foundation in these areas:

SQL

You should know SQL pretty well. You don’t have to be a Database Administrator, but if you don’t know what I mean by SQL, then I would stop here and I would go find a course dedicated to SQL. Then, I would recommend that you check out my Injection Attacks course, because you will also need to learn about SQL injections before you can really understand this tool. Otherwise, it’s like buying a car when you’ve never driven one before. Yes, technically you can try to drive it, but you’re probably going to crash.

Databases

What they are, how they work.

Different database engines and their differences (ie: MySQL vs SQLite).

You don’t have to be an expert in this, of course, but if you don’t understand what I mean by database engines, that would be a red flag. Stop here and go find a database course!

Web or Software Development

At least understand how applications are built, structured, and how they use databases, because otherwise finding SQL injections is going to be very difficult, and you need to be able to find potential areas of attack to configure & use sqlmap properly.

So I would say that those are the main 3 areas that you should be at least familiar with before taking this course. If any thing I said in this lesson is foreign to you, and you don’t understand it, or you’re rusty because it’s been a while since you’ve touched SQL (for example), then I would just try and brush up on that first, and then come right back and keep going!

Conclusion

That’s it, go ahead and complete this lesson, and let’s get started!

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.