Blind SQL Injection

Blind SQL Injection  Hard

In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.

Created by bmdyy

To start this course Sign Up!


Blind SQL injection is an SQL injection where no results are directly returned to the attacker. This module focuses on writing custom scripts to exfiltrate data through alternative channels of communication. This module focuses on MSSQL specifically and so MSSQL-specific attacks are covered, including obtaining remote code execution.

This module is split up into the following 7 sections:

  1. Introduction: A very brief introduction to MSSQL, and an introduction to blind SQL injection.
  2. Boolean-based SQLi: Work through a custom website identifying a boolean-based blind SQLi vulnerabilities in a target website, writing a custom script to extract data, different ways to optimize the attack and out-of-band attacks to extract data as an alternative.
  3. Time-based SQLi: Work through a second custom website identifying a time-based blind SQLi and writing a script to extract data.
  4. MSSQL-Specific Attacks: Work through various MSSQL-specific attacks such as remote code execution and leaking NetNTLM hashes.
  5. Tools of the Trade: Introduce commonly used tools to identify and exploit SQL injections.
  6. Defending against SQL Injections: Various ways to prevent SQL injection vulnerabilities from happening in your projects.
  7. Skills Assessment: Another custom website which involves identifying and exploiting multiple blind SQL injection vulnerabilities.

After completing this module, you should be comfortable identifying and writing custom scripts to exploit blind SQL injection vulnerabilities.

This module is broken into sections with accompanying hands-on exercises to practice the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

As you work through the module, you will see example commands and command output for the topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the target host provided in the interactive sections or your virtual machine.

You can start and stop the module anytime and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "hard" and assumes an intermediate knowledge of how web applications function and common attack principles, along with knowledge of basic SQL injections.


  • Introduction to MSSQL/SQL Server
  • Introduction to Blind SQL Injection
  • Identifying the Vulnerability
  • Designing the Oracle
  • Extracting Data
  • Optimizing
  • Identifying the Vulnerability
  • Oracle Design
  • Data Extraction
  • Out-of-Band DNS
  • Remote Code Execution
  • Leaking NetNTLM Hashes
  • File Read
  • Tools of the Trade
  • Defending against SQL Injection
  • Skills Assessment
To start this course Sign Up!