Tremendous Resource for getting a handle on SQLi
Hello everyone!
The Web Application Hackers Handbook. This book literally changed my life overnight. In order to set the stage, I would like to give a little of my background in the IT/cyber sec field--ZERO!
I won't bore everyone with all the details, so to make a long story short(er), due to a life threatening medical emergency, I was left no choice but to be put on disability, which left me with limited financial resources and a search for a new career (once I've been cleared to work again). An old friend and my former Commanding Officer in the USMC steered me towards cyber security. I kind of chuckled at the idea. I mean, I knew my way around technology, but not in a way that would benefit me by launching a career, and the cmd line scared me. I got an email for learning "ethical hacking" so I clicked on it. I don't remember where it came from, but it was as if someone offered me some drugs and I took them. Man, I really got bit by the hacking bug. I knew that I just had to become a "hacker". I took my Lenovo laptop, wiped windows totally off the hard drive and installed Kali Linux. I know, right? I had never been on any Linux distro, and I chose Kali as my first. I had nothing but time on my hands so I installed Ubuntu on another machine I had lying around, and between the 2 boxes, I dove head first into my journey. I had nothing but time on my hands, so I spent like 12-15 hours a day learning everything that I could about Linux. I eventually gained enough knowledge to try my hand at CTF. I joined HTB and tryhackme. I think I watched every video that ippsec did on the retired machines on HTB just to learn the techniques that I needed to get to where I am now. I eventually enrolled in a famous cyber learning platform and took the Pentester career path and quickly went through all the courses but I was still missing something. Since the US congress was giving out money for corona virus, I used it to enroll here in this course. Best decision ever!
The issue that I have is that some things in this course are pretty hard for a noob like me to understand. Take SQL injection for example. I could not wrap my head around the syntax to get it right. I am good at using the tools like sqlmap, but that's not allowed on the exam, so I really needed to learn how to make it work manually. I got a copy of WAHH on my kindle and read through it like a Stephen King novel, and the section on Injection attacks made the light turn on in my head. I woke up the next day armed with new knowledge, and I went back to the labs and revisited the ones that I "cheated" on with the auto tool. I systematically went through and gained access manually to 2 of the boxes that were vulnerable to injection. I am by no means an expert. But I am confident that I can tackle this type of attack if it presents itself on the exam.
I am sorry for the novel, but I just cant say enough that The Web Application Hackers Handbook is a real life saver if you feel that you haven't got any idea what in the world you are doing! We are supposed to Try Harder! So, try harder and read this book. Yeah, its an old book (2011) but the basics are still the same.
The Web Application Hackers Handbook. This book literally changed my life overnight. In order to set the stage, I would like to give a little of my background in the IT/cyber sec field--ZERO!
I won't bore everyone with all the details, so to make a long story short(er), due to a life threatening medical emergency, I was left no choice but to be put on disability, which left me with limited financial resources and a search for a new career (once I've been cleared to work again). An old friend and my former Commanding Officer in the USMC steered me towards cyber security. I kind of chuckled at the idea. I mean, I knew my way around technology, but not in a way that would benefit me by launching a career, and the cmd line scared me. I got an email for learning "ethical hacking" so I clicked on it. I don't remember where it came from, but it was as if someone offered me some drugs and I took them. Man, I really got bit by the hacking bug. I knew that I just had to become a "hacker". I took my Lenovo laptop, wiped windows totally off the hard drive and installed Kali Linux. I know, right? I had never been on any Linux distro, and I chose Kali as my first. I had nothing but time on my hands so I installed Ubuntu on another machine I had lying around, and between the 2 boxes, I dove head first into my journey. I had nothing but time on my hands, so I spent like 12-15 hours a day learning everything that I could about Linux. I eventually gained enough knowledge to try my hand at CTF. I joined HTB and tryhackme. I think I watched every video that ippsec did on the retired machines on HTB just to learn the techniques that I needed to get to where I am now. I eventually enrolled in a famous cyber learning platform and took the Pentester career path and quickly went through all the courses but I was still missing something. Since the US congress was giving out money for corona virus, I used it to enroll here in this course. Best decision ever!
The issue that I have is that some things in this course are pretty hard for a noob like me to understand. Take SQL injection for example. I could not wrap my head around the syntax to get it right. I am good at using the tools like sqlmap, but that's not allowed on the exam, so I really needed to learn how to make it work manually. I got a copy of WAHH on my kindle and read through it like a Stephen King novel, and the section on Injection attacks made the light turn on in my head. I woke up the next day armed with new knowledge, and I went back to the labs and revisited the ones that I "cheated" on with the auto tool. I systematically went through and gained access manually to 2 of the boxes that were vulnerable to injection. I am by no means an expert. But I am confident that I can tackle this type of attack if it presents itself on the exam.
I am sorry for the novel, but I just cant say enough that The Web Application Hackers Handbook is a real life saver if you feel that you haven't got any idea what in the world you are doing! We are supposed to Try Harder! So, try harder and read this book. Yeah, its an old book (2011) but the basics are still the same.
Comment