SQL, Pentesting, and the Road to Python Automation

Aditya SoniAditya Soni
4 min read

Table of contents

What was this week about:

I completed the ethical hacking section of my course and I am ready to move on to writing python scripts for ethical hacking. This marks the beginning of the second phase of project. So far, I learned about the different tools that already exist to initiate ethical hacking. Now it is time to start learning about how to automate different processes with the help of code.

This week’s goals:

  • Complete the ethical hacking section of the “The Complete Ethical Hacking Course” by Codestars on Udemy.

  • Learn about the basics of SQL injection and tools for website pentesting.

What I learned so far:

I learned the basics of SQL:

  • SQL is a language that allows one to modify and view a database.

  • I learned how to add values, update values, delete values and filter values in a database.

  • Here is some basic code you can try out on SQLite Online (an online IDE for SQL) to add a value to the database (Note: run the first code segment first and then the second one):


SELECT * FROM demo;
INSERT INTO demo ( id, name, hint) VALUES (28, 'Hello', 'test');

SELECT * FROM demo;

I learned the basics of SQL injection:

  • SQL injection is a code injection technique used by several black hat hackers to inject malicious code into user input fields like logins, etc.

  • It is similar to cross-site scripting as both are web application vulnerabilities but unlike cross-site scripting which is used to target the end user of the application, SQL injection is used to exploit the back-end systems of website applications, mainly databases.

  • The following is a detailed error message given by metasploitable (a hackable virtual machine) and shows the SQL injection vulnerabilities present in the website application:

  • Many times, if a SQL injection vulnerability is present, the attacker might modify the URL to gain access to passwords and other credentials stored in databases at the back-end of the website application.

I learned about website pentesting tools:

  • I learned how to use tools like SQLmap and ZAP.

  • SQLmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in website applications.

  • ZAP is also a similar tool used for the same purposes but unlike, SQLmap which runs in the terminal, ZAP on the other hand, provides a graphical user interface.

I also learned about different ethical hacking certifications:

  • While I don’t plan on getting any of these certifications any time soon, for curious readers, here are some common certifications one gets in order to work in the ethical hacking and cybersecurity field:

    • OSCP

    • OSWP

    • CEH

    • ECSA

Challenges I faced:

  • I faced MySQL Error 2026 while trying to run SQLmap.

How I solved the problem:

  • By googling the information on the error, I learned that the error happens when there is a mismatch in the TLS/SSL protocol versions supported by my client (target web application) and the remote MySQL server (i.e. they were unable to establish a secure connection). In order to solve this problem, I simply had to run --skip-ssl at the end of the command when starting SQLmap. This avoided the client-side verification of the successful SSL handshake between the client and the server and therefore the error was completely avoided.

Finishing Up:

This week reminded me that every error, every challenge, is just part of the process. I’m starting to see how small steps—like learning SQL or fixing one stubborn bug—add up to something much bigger over time. As I move into Python automation, I know the road won’t always be easy, but that’s what makes progress meaningful. The important thing is to keep moving forward.

Disclaimer:

This blog documents my personal journey in learning ethical hacking and cybersecurity with the intent to build responsible AI tools for penetration testing and system defense.

All experiments are conducted in isolated lab environments on virtual machines I own or control. This project is strictly for educational and ethical purposes.

I do not condone or promote any form of unauthorized or illegal access to systems.

0
Subscribe to my newsletter

Read articles from Aditya Soni directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecurityethicalhackingSQLpentestingpentesting tools

Written by

Aditya Soni
Aditya Soni