Introduction to SQLMap (ISSA KY Workshop)

Author: Jeremy Druin
Twitter: @webpwnized
Thank you for seeing. Please support this channel. Up vote, subscribe or even contribute by clicking “Support” at!

Taped at the ISSA Kentuckiana February 2013 Workshop, this video review making use of sqlmap; an automated sql injection audit tool. The environment is a Backtrack 5 R3 “aggressor” and a Windows XP “victim” running as virtual makers on Oracle VirtualBox.

The video walks through utilizing sqlmap to locate an sql injection, determine the backend database type, enumerate the database account, databases, schema, tables, columns and password hashes, then use the database to compromise the windows host.

The database was created by installing XAMPP, unzipping the Mutillidae files into the C: xampp htdocs directory, then clicking the “Set up database” button in Mutillidae. Mutillidae has an intentionally vulnerable login page against which the sql injection was performed.

The webpwnized YouTube channel is dedicated to details security, security testing and ethical hacking. There is an emphasis on web application security but lots of other subjects are covers. Some of these consist of forensics, network security, security screening tools and security testing procedures. The channel provides videos to encourage software designers and system administrators to perform security testing. Likewise, the channel informs the next generation of security testers and bug fugitive hunter who desire to respectfully, lawfully and morally assistance system owners that allow security testing.

Leave a Reply

Your email address will not be published. Required fields are marked *