Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson focuses on using SQL map in Kali or Kali 2 to check a database, run a scan and discover vulnerabilities.

Video Transcription

00:04
So this is the meat and potatoes of this video section here. So we're gonna be using sequel man
00:09
yearning Callie or Callie Tomb sequel maps already pre built in. So you're not gonna have to use the play thought. Sequel map dot Pie. You're just gonna type sequel map.
00:18
Uninterested the command.
00:21
So we have
00:23
the command calling sickle map. Tak you and it's asking for the girl.
00:28
We say tak tak dbs. So is telling you to check the database.
00:33
So let's go. Run that right quick.
00:43
Right here. We are in our environment, so we're gonna type
00:47
secret map
00:49
attack you.
00:51
Http Colon for such force
00:56
192
00:57
That 168
00:59
did I
01:00
0.12
01:07
tech Zach D B s
01:11
run that.
01:17
And there's an error Nessie
01:19
for these. You can't just type in the address like this. You need an address feel which has an i d field. So let's look at our
01:30
page here.
01:49
Let's take
01:52
this address and
01:53
it's through Ah, sir, sequel lap against that and see what we get.
02:12
And let's run that and see what we get back.
02:21
And this page itself is not vulnerable to a sequel. map attack
02:27
its final with an I D field
02:35
name
02:38
in the
02:40
All right,
02:42
there's an I D. Equals two.
02:45
Just copy that.
02:47
Let's go back to our command. Here
02:53
was attempt a
02:58
based on racial from that one,
03:05
and we're gonna tell it Yes, too.
03:08
Check for the others.
03:12
I'm gonna include all of the my sequel
03:15
and it tells us, Hey, these vulnerable. But do we want to keep testing the others? If any.
03:21
Yes, I'll say yes. Let's see what we get. All right.
03:24
Now that tells us here
03:27
that we have available databases,
03:30
exercises and information. Schemer, let's go back to our slide
03:34
and explain our next step.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor