Lesson Learned writup || TryHackMe
This room will give us lesson that when you try different sql injection command without knowing there consequences.
Start this room by hitting the “deploy” button on the right!Once you have deployed machine you have assigned a Vulnerable machine IP.
Task 1 : Find the Flag
They have already tell us that there are no rabbit holes, no hidden files, just a login page and a flag. Good luck!
Target: http://MACHINE_IP/
So we will navigate to the login page.
Then I have send the login request to burp intruder and try different sql injection but they did not worked. The below images shows some sql injection payload that I have used.
So, after finishing the sql injection attack using burp when I navigate to the login page it shows below message , which is telling us that you have deleted your flag ,then I have terminate the machine and again deploy it.
From the above image we also come to know that when we are using OR 1=1 every row is returning , but the login page is checking only one row, So we have to used the sql injection which is retrieving one row , We used below sql injection command to retrieve only one row and we used random password.
' UNION SELECT null-- -
Now when we press login the flag page will appear which also tells us the bad consequences of OR 1=1 — when used with update and delete.
What’s the flag?
Ans: THM{a*****************************e}.
We are done! Great job everyone.
