From the course: Penetration Testing Essential Training (2021)
Join today to access over 23,200 courses taught by industry experts.
Web server penetration using sqlmap
From the course: Penetration Testing Essential Training (2021)
Web server penetration using sqlmap
- [Instructor] Let's take a look at how we approach the initial penetration of a web server using SQLmap. To do this, I'll use a target in the LinkedIn Learning pen testing lab. If you want to know more about this lab, check out my advanced Kali course. The target we'll use is the Europa server, which is on address 10.10.10.22. Our VPN into the lab. And we'll do a deep end map scan with the minus A switch. Nmap -PS -F -A, 10.10.10.22. We can see we've got three ports open. SSH on port 22 and both HTTP and HTTPS web services on ports 80 and 443 respectively. And we're running an Apache 2.4.18 website. We can see the SSL certificate uses the subject name, europacorp.htb, with alternate names of www.europacorp.htb, and admin-portal.europacorp.htb. This indicates we may be looking at a name server. Let's go visit the websites. If we go to 10.10.10.22, we can see we've got the default Apache2 webpage. When we go to HTTPS, we…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.