Automating SQL injection attacks
sqlmap is an automated tool for performing and exploiting SQL injection vulnerabilities on a web application. The tool also allows you to perform exploitation attacks, manipulate records, and retrieve data from the backend database from vulnerable web applications. Overall, during a web application penetration testing exercise, using automation can help you save a lot of time when you’re looking for security flaws during an assessment.
In this section, you will learn how to use sqlmap to easily identify SQL injection flaws within a vulnerable web application and retrieve sensitive data.
Part 1 – Discovering databases
To get started with this exercise, please follow these steps:
- Power on both your Kali Linux and Metasploitable 2 virtual machines. When the Metasploitable 2 virtual machine boots, log in using
msfadmin/msfadminas the username and password. Then, use theip addresscommand to retrieve its IP address...
