After creating our lab environment and covering basics, we move on to finding and exploiting our first SQL injections using sqlmap and its powerful features. We enumerate vulnerable databases to find information about table names, schema, and more. Then, we extract user password hashes and, with the help of a built-in feature, crack those passwords.