Backend Database Hacking (W17)


Out of stock

The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription


We will also lay down the general and core concepts for understanding the databases, like how they work, why they are used and what are the known vulnerabilities or weaknesses to exploit and gain illegitimate access. Microsoft SQL Server and MYSQL server are the two main database servers we will be discussing. However, we will also cover general hacking tricks that can be used in order to hack into any backend database servers. We will consider if live hacking sessions are possible in a live environment which can be shown so that PoC is presented. However, we will cover home lab setup so students can build at home to practice the hacking skills taught in this course. We will also cover Structured Query Language (SQL) which plays a key role for security researchers and in our experiences a security professional or researchers is not considered expert if he or she doesn’t have any solid experience with databases and SQL.

You should know

We expect that students have prior knowledge of at least beginner level for the following topics in order to get the most out of this course.

    • Microsoft Windows Experience

    • Understands core concepts of TCP/IP

    • Beginner level experience with MYSQL Server

    • Beginner level experience with MS SQL Server

    • Beginner level experience with SQL Statement

You will learn

    • Knowledge on different database servers

    • Methods of hacking into database servers

    • SQL Statements

    • Basic SQL Injections

    • Advanced SQL Injections

    • Tools for database hacking

This course is designed in order to provide broader aspects of how someone can hack into backend databases and can own the underlying operating system, steal confidential information or can compromise web applications. At a minimum, you will learn much about different database types and how to compromise them or at least learn different methods of hacking attempts.

Who should take this course?

This would be a good start for people who have basic database knowledge and have some concepts of how web applications work but doesn’t have mandatory knowledge or any experience in ethical hacking or penetration testing.

Key Audience

    • Network Administrators

    • Information Security Officers

    • New Graduates in IT

    • Newbies, who want to learn hacking

    • System Administrator

What Students should bring

    • Internet connection

    • One PC, which can run 2-3 Virtual Machines

    • Guided Lab development will be covered in the workshop

Course format

    • The course is self-paced – you can visit the training whenever you want and your content will be there.

    • Once you’re in, you keep access forever, even when you finish the course.

    • There are no deadlines, except for the ones you set for yourself.


Module 1

Understanding Database Core Concepts

    • Tutorial 1: Hello World! Let’s UDCC

    • Example 1

Module 2 

SQL Statements with Injection Techniques

    • Tutorial 1 – Introduction to SQL Statements

    • Examples 1 – 4: SQLi

    • Exercise 1 – Executing SQL Statements

    • Tutorial 2 – SQL Injections Exercise 2 – Authentication Bypass Attack

Module 3

Walkthrough on Hacking Databases 

    • Tutorial 1 – Case Study on Manually Hacking Web Applications

    • Tutorial 2 – Quick Walkthrough on Blind SQL Injection Attack

    • Walkthrough on Compromising Backend Database with SQLi Attack Advanced SQLi Attack

Module 4 

What you should know to Advance your Database Hacking Skills

    • Tutorial 1 – Knowledge Base

    • Home Lab – Windows Server 2008 & MS SQL Server 2008

    • Tutorial 2 – Vulnerable Web Application Setup

    • Home Lab – IIS Server, Database Creation, Run The Web Tool: Hacking MYSQL & MS SQL Server with SQLMAP

Module 5

Workshop eBook 

Final Test


Raheel Ahmad is an information security professional and an experienced instructor and penetration tester with a computer graduate degree and holds 10 years of professional experience working for Big4 and boutique consulting companies. He holds industry recognized certifications including CISSP, CEH, CEI, MCP, MCT, CobIT, and CRISC. Raheel is a founder of 26SecureLabs, a management consulting company based in Auckland, New Zealand. 26SecureLabs provides ethical hacking and penetration testing services as its core business. Best way to [email protected]

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013