In this section, we get started learning about sqlmap such as what it is and, just as importantly, what it’s not. We also discuss pre-requisites needed to get the most out of learning sqlmap.
With general concepts out of the way, we get practical. In this section, we start by creating a home lab environment. Then, we download and install the latest version of sqlmap, followed by using sqlmap for the very first time.
Finding and exploiting SQL injections
After creating our lab environment and covering basics, we move on to finding and exploiting our first SQL injections using sqlmap and its powerful features. We enumerate vulnerable databases to find information about table names, schema, and more. Then, we extract user password hashes and, with the help of a built-in feature, crack those passwords.
After learning first-hand why Application Security was important in his early teens, Christophe spent a number of years training individuals and organizations (SMB & F500) on how to use cloud services efficiently. During his journey of building two successful IT businesses to acquisition in the last six years, he realized that most also struggle with building secure software, so he co-founded Cybr and wrote this ebook as well as a corresponding course to help make the world a more secure place.