Initial Access with sqlmap

sqlmap is a powerful automation tool for identifying and exploiting SQL injection flaws. Add another tool to your toolbox by using sqlmap to exfiltrate data and gain initial access.
Course info
Level
Intermediate
Updated
Oct 12, 2020
Duration
23m
Table of contents
Description
Course info
Level
Intermediate
Updated
Oct 12, 2020
Duration
23m
Description

SQL injection flaws are one of the most critical application vulnerabilities. They can affect any application that uses a database, and a single flaw can lead to data loss or even server compromise. In this course, Initial Access with sqlmap, you'll learn how to use this powerful tool to identify and exploit a variety of SQL injection flaws in a red team environment. First, you'll discover how to setup sqlmap's command line and test authenticated web pages. Next, you'll use sqlmap's built-in enumeration tools to exfiltrate user data. Then, you'll delve into tuning sqlmap's parameters when crawling applications. Finally, you'll exploit a SQL injection to gain initial system access. When you're finished with this course, you'll have the skills and knowledge of sqlmap needed to streamline the process of finding and exploiting SQL injection flaws.

About the author
About the author

Casey Dunham is an independent security researcher and consultant specializing in application security.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and this Red Team tools course featuring sqlmap, the open source SQL injection exploitation tool developed and maintained by Bernardo Damele and Miroslav Stampar. SQL injections can affect applications of any type and are one of the most critical application security flaws. A SQL injection can expose applications to data loss or even lead to server compromise. Testing for SQL injections can be time consuming and error prone. When you do find an injection flaw, it can be extremely difficult and tedious to exploit. You'll also most likely need to write custom scripts to exploit the flaw in a useful way. This all eats up valuable time during an engagement. To make sure you're able to provide enough application test coverage, you need to use automation where it makes sense. You also need to use automation tools with care and be smart about it. Sqlmap reduces the time spent to identify and exploit SQL injection flaws. It simplifies the entire process of database enumeration and data exfiltration. You can even use sqlmap to gain an initial foothold into the target environment, a foothold you can use for further exploitation. Sqlmap is a powerful tool for automating all aspects of SQL injection exploitation. If you're seeking to learn how to use sqlmap to exploit SQL injections on your next engagement, or if you want to learn how attackers can use these same techniques, come join me and learn how to gain initial access using sqlmap, here at Pluralsight.