Secuneus Labs – TryHackMe Walk-through : SQL Injection CTF – Cyber Security

Secuneus Room : TryHackme

Join Room : https://tryhackme.com/jr/secuneusctf

Introduction:- SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access.

In some situations, an attacker can escalate a SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack.

A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization’s systems, leading to a long-term compromise that can go unnoticed for an extended period

Steps:-

1. Connection:- First we have to connect to the machine through the openvpn. Download the configuration file of the openvpn using following steps.

i) To download the file go to the access after clicking your profile logo of Tryhackme.

ii) After clicking on Access first check that you are not connected to other machine. If you are not connected through openvpn then download the configuration file.

iii) After downloading the configuration file open your kali linux in your virtual machine and copy the configuration file in your kali linux then open the terminal and run the following commands to connect to the machine.

First go to the directory in which you copy the configuration file using the cd command and list the file in the directory using ls command.

Command used: cd , ls

Then run the configuration file using command “sudo openvpn [File name]”. And check that the initialization sequence is completed or not if it is not completed then you are not connected and if it completed then you are connected.

Command used: sudo openvpn file name

After successfully connected with the machine you have to start the machine by clicking on the start machine and after clicking on the machine you have the target machine ip address.

2. Sqlmap:- Sqlmap is arguably the most popular automated SQL injection tool out there. It checks for various types of injections, and has plenty of customization options.

Questions:

Question 1:- How do you specify which url to check?

Answer:- sqlmap -u url of the website –dbs

In this command -u is used to specify the url which is checked by sqlmap. So the answer will be ‘-u’.

Question 2:- How do you select which parameter to use?

Answer:- In this command the ‘-p ‘ is used to select the parameter specified by the user from the specified web application.

Question 3:- How do you dump the table entries of the database?

Answer:- sqlmap –u url of the website –D database name –T table name –C column name –dump

In this command the ‘–dump ‘ is used to get all the data specified by the user from the specified database, table and column.

Question 4:- Which flag sets which db to enumerate?

Answer:- sqlmap –u url of the website –D database name

In this command –D is used to know the database which is used to be enumerate.

Question 5:- Which flag sets which table to enumerate?

Answer:- sqlmap –u url of the website –D database name –T table name.

In this command –T is used to know the table in the database which is used to be enumerate.

Question 6:- Which flag sets which column to enumerate?

Answer:- sqlmap –u url of the website –D database name –T table name –C column name.

In this command –C is used to know the column in the table in the database which is used to be enumerate.

Question 7:- How do you ask sqlmap to try to get an interactive os-shell?

Answer:- –os-shell is used to get an interactive os shell in the sqlmap tool.

Question 8:- Which flag whould you use to Never ask for user input, use the default behavior?

Answer:- sqlmap –u url of the website –dbs –batch

In this command –batch is used to never ask for user input . With the use of batch the sqlmap uses the default behavior.

Question 9:- During performing the post parameter sql injection with burpsuite. Which parameter is detecting the sql injection vulnerability?

Answer:- First set the machine ip in the url and search for the post parameter request in the machine. Now search any word in that post parameter, and capture the request in the burpsuite. Send this request to the repeater and write asteric sign(*) in the end of the vulnerable parameter.

Save the request in the text file. In this machine the search bar “searchifsccode” is a vulnerable parameter in the machine.

Question 10:- What is the name of the database?

Answer:- To search the name of the database of the machine run the following command. So the name of the database containing the information is ‘ifscdb’.

Sqlmap –r path of the file –p ‘parameter’ –dbs –batch