How to Learn Manual SQL Injection for OSCP(Step by Step)
2023-5-15 16:27:59 Author: infosecwriteups.com(查看原文) 阅读量:32 收藏

ZeusCybersec

InfoSec Write-ups

If you have found sql injection attacks to be confusing and are preparing for oscp but your manual sql injection part is not clear,I am sure this blog will help you.These are the resources which i have personally used to clear Manual Sql injection.I will not cover any automated tool like sqlmap which is out of usage for oscp exam.This blog is a guide for step by step resources which you can use to clear the topic.

Learn Basic SQL Language.

Until you know basic SQL syntax, you will not understand any of the attacks.Start with this video

2. Solve Portswigger Labs taking Rana Khalil’s videos as a guide

Portswigger labs contains currently the best free labs and materials to cover all types of web attacks.It assumes you have zero knowledge

You will find that the difficulty keeps increasing and i will Highly suggest you to watch Rana Khalil’s youtube tutorials where she solves every lab of sql injection of Portswigger labs.This is the main resource where you will learn most of the stuff including Blind sql injection,Union based , time based, boolean based all manually without any tool all from scratch.

https://www.youtube.com/watch?v=X1X1UdaC_90&list=PLuyTk2_mYISItkbigDRkL9BFpyRenqrRJ

3. Solve DVWA and Sql Injection Rooms on TryHackMe and RedTigerLabs

This is for more Practice. You can always watch videos for solution.

LINK TO REDTIGER LABS- redtiger.labs.overthewire.org/

(This is a very less known but really fun sql injection lab with 10 levels.Try solving till level 7)

4. Solve Only the SQL Injection Levels of OverTheWire NATAS

Level 14, 15, 17 of Natas which is a type of online CTF contains SQL injection vulnerability.For reference you are suggested to watch the solution by Chris Dale who is a highly experienced Pentester, a SANS Instructor and a good friend of mine.His way of teaching is amazing and you can also try solving the complete Natas Ctf if you wish to.

5. BONUS

This is for extra knowledge(beyond oscp). Now since you are familiar with the topic,you can read some sql injection Reports from Books like Web Hacking 101.Or even find many poc videos online.There are many other vulnerable platforms to practice too, like OWASP Juice Shop.Any many ctfs as well.

WHAT TO EXPECT IN OSCP? (EASY OR HARD?)

I hope you found this article super helpful and if you find any other useful resources, feel free to comment it down below.

Make sure you follow me on This Platform to stay updated with more such informative articles on Hacking.


文章来源: https://infosecwriteups.com/how-to-learn-manual-sql-injection-for-oscp-step-by-step-f447d3f72ad5?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh