Skip to content

5063CEM: Practical Pen Testing

Lab

5063CEM: Practical Pen Testing

Home
Essentials
Essentials
Assessment
Assessment
- Overview
- CW1
- CW2
Guides
Guides
0x01: What is Pentesting?
0x01: What is Pentesting?
- Module Overview
- Lecture Materials
  Lecture Materials
- Lab Tasks
  Lab Tasks
  - Hacking Lab
  - Trainer Videos
0x02: The Petest Process
0x02: The Petest Process
- Lecture Materials
  Lecture Materials
- Lab Tasks
  Lab Tasks
  - Lab
0x03: Shells, talking to a server
0x03: Shells, talking to a server
- Materials
  Materials
  - Shells
  - Remote Shells
  - SSH
  - Netcat
  - RCE
  - Web Shells
- Lab Tasks
  Lab Tasks
0x04: Reconnaissance
0x04: Reconnaissance
- Materials
  Materials
- Lab Tasks
  Lab Tasks
  - Lab
0x05 Privileges and Permisions
0x05 Privileges and Permisions
- Videos
- Materials
  Materials
  - Privilege Escalation
  - Linux Permissions Intro
  - Windows Permissions Intro
  - Linux: ACLs
  - Legitimately Elevating Privileges
    Legitimately Elevating Privileges
    
    Sudo
    
    Sudo Walkthrough
    
    SUID
    
    SUID Walkthrogh
    
    Capabilities
    
    Capabilities Walkthrough
0x06 Linux System Eunumeration
0x06 Linux System Eunumeration
0x07 Remote Code Execution, and Deserialisation
0x07 Remote Code Execution, and Deserialisation
- Materials
  Materials
- Lab
  Lab
  - Lab
0x08 More SQL Injection
0x08 More SQL Injection
- Videos
- Materials
  Materials
- Lab
  Lab
  - Lab Lab
    Table of contents
    
    Getting Started: The Web Trainer
    
    Tasks:
    
    Login Bypass
    
    Database Enumeration
    
    Extra Tasks
0x09 Overflows 1
0x09 Overflows 1
- Introduction

SQL Injection

In the Lecture Materials we have looked at SQL Injection

Here we will dig deeper and try to find more information.

Getting Started: The Web Trainer

You can find the web trainer in the Lab Github Repo

Tasks:

Try the login bypass example in Login Bypass

Stretch Goal

So we can login as Admin. Can you think of a way we could maipulate the query to login as someone else?

Database Enumeration

Try the Database Enumaation Example in Database Enumeration

Extra Tasks

In the SQL Injection Challenges folder there is a second set of challenges to try This includes example of blind SQL injection.

Try to leak the usernames and passwords using Blind SQLi