Banging my head against the wall (more SQL Injection)

I plan on tinkering around with my Practical Pentest lab subscription.  The free labs and the course material seem good enough to get me started, and I’m taking a college class next week.  I’m not exactly sure what the course will cover but I’ll probably talk about what I learn there as well.

Did some more studying on SQL Injection and learned that you can actually use something like drop, or union command inside the injection to spit out the tables.  This allows an attacker to continue to enumerate down until they grab data they want, like usernames/passwords, sensitive data of a company, credit card info, etc.  You can alternatively use sqlmap do automatically do it for you.

For now, I think I’ll go back to doing overthewire wargames, and learn more about exploits there on Natas, Narnia, Behemoth.  Someone pointed out this site called Exploit Excercises to me today and I might check that one out.  I’ve had problems in the past using virtual box to run a vulnerable machine, while using vmware to run my kali, so I’m going to try to find some that I can run that i don’t need tools in my kali box to exploit.  I downloaded and installed nmap, burp suite and metasploit onto my host laptop, and we’ll see if I need anything other than that.  One day I’ll troubleshoot my configuration issue as well.

Leave a Reply