First thing to test for an SQL injection is to try to break the query,with the intention of getting the syntax of how SQL is getting input at the backend.This technique works in UNION/Error based SQL Injections,where we force the backend database to throw an error.
Using this technique,we can somehow determine the backend query structure to efficiently exploit SQL Injection.Query can be broken by throwing various characters as input.
First and easy solution use any bug bounty platform like @Bugcrowd, @Hacker0x01, @yeswehack, @intigriti etc etc because atleast you will get response in a fixed time. But many have there own bug bounty program and not hosted on these platforms.
So first send them a email asking if they are having any bug bounty program,ask each and every details like about their VRT, scope, vulnerabilities they accept. This will help you understand about how much active that rdp is and also whatโs in scope.
Start with learning how to use Burpsuite basics, there are many tutorials available on internet which you can refer. Why it is important?because it is important ๐คช
Now you can start @PortSwigger Academy. They have a learning path you can follow that or you can follow owasp list
Make a list and start reading the @PortSwigger Vulnerabilities Notes and solve the labs so clear your concepts. Make sure you are making a detailed notes for yourself because there are so much to learn you may forget some things. For notes-making i use @NotionHQ .
1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled
3-Ensure access keys are rotated every 90 days or less
4-Ensure IAM password policy requires at least one uppercase letter
5-Ensure IAM password policy requires at least one lowercase letter
6-Ensure IAM password policy requires at least one symbol
7-Ensure IAM password policy requires at least one number
8-Ensure IAM password policy requires minimum length of 14 or greater
9-Ensure no root account access key exists
10-Ensure MFA is enabled for the "root" account