Offensive Security Tooling: SQLMap: The Basics (TryHackMe)

J3bitokJ3bitok
1 min read

In this article, I will write a write-up for SQLMap: The Basics that covers SQL Injection Vulnerability, Automated SQL Injection Tool, and a Practical Exercise.

This room was a bit complicated to me so I’ll share this LinkedIn article that has clear steps to navigate the practical exercise. I wasn’t able to capture them well since we have few to the closure of the challenge.

  1. Which language builds the interaction between a website and its database? SQL

  2. Which boolean operator checks if at least one side of the operator is true for the condition to be true? or

  3. Is 1=1 in an SQL query always true? (YEA/NAY) YEA

  4. Which flag in the SQLMap tool is used to extract all the databases available? —dbs

  5. What would be the full command of SQLMap for extracting all tables from the "members" database? (Vulnerable URL: http://sqlmaptesting.thm/search/cat=1) sqlmap -u <http://sqlmaptesting.thm/search/cat=1> -D members --tables

  6. How many databases are available in this web application? 6

  7. What is the name of the table available in the "ai" database? user

  8. What is the password of the email test@chatai.com? 12345678

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.

0
Subscribe to my newsletter

Read articles from J3bitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

sqlmapSQLtryhackmeWrite Up

Written by

J3bitok
J3bitok

Software Developer Learning Cloud and Cybersecurity Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship you can book a session with me on Mentorlst.com.