For this section, review the information from the chapter and try and expand on the topics. This will allow you to increase your knowledge on the different topics.
To stimulate your thinking, try some of the following topics:
www.site.com/products.php?prodID=25+union+select+1,2,3,4,5
Remember to replace the site with the site that you are working with. You conducted these queries against the Kioptrix site, so if you want another challenge, then navigate to the following URL:
An example of this website is shown in the following image:
As the image indicates, this site is a test site for Acunetix, which is a commercial web application scanning tool. There are a number of these types of sites that are available for us to practice our testing.
For this challenge, now that you have looked at a number of methods, explore the sqlmap tool. This is a powerful tool that will perform many of the queries that we want to do against a database target. The tool is written entirely in Python, and another one that it is beneficial to hone your skills with. An example of a very basic query is shown in the following image:
These challenges will assist you in gaining more experience and honing your skills. We know virtually every potential client will have some form of a website and, more importantly, web applications. The more you know about the testing, the more of an advanced penetration tester you will become. Enjoy!